* Jacek Wielemborek <
d33...@gmail.com>, 2015-10-02, 18:45:
>Is there anybody who would like to continue the experimentation with
>me?
Not me...
>[1]
https://github.com/d33tah/afr-fuzz
... but I had cursory glance at the code, and here's my review:
>MINUS_ONE = 2**64 - 1
That's a very big value of minus one...
>libc = ctypes.cdll.LoadLibrary("libc.so.6")
I'd write it as:
libc = ctypes.CDLL(None)
so that you don't rely on exact SONAME of libc (which varies even among
Linux architectures).
>libc.__errno_location.restype = ctypes.POINTER(ctypes.c_int)
>errno = lambda: libc.__errno_location().contents.value
If you passed use_errno=True to CDLL, you could just use
ctypes.get_errno().
> self.shm_id = shmget(IPC_PRIVATE, MAP_SIZE, shm_perms)
> if self.shm_id == MINUS_ONE:
On error, shmget() returns -1, not MINUS_ONE.
> self.trace_bytes_addr = shmat(self.shm_id, 0, 0)
> if self.trace_bytes_addr == 2**64 - 1:
> raise RuntimeError("shmat() failed (%s)" % os.strerror(errno()))
This won't work on 32-bit architectures. I'd write:
if self.trace_bytes_addr == ctypes.c_void_p(-1).value: ...
--
Jakub Wilk