trinity-android19/parser/fuzz_ioctl_struct.c
/* Automatically generated */
#include <stdlib.h>
#include "child.h"
#include "ioctls.h"
#include "ioctl_types.h"
#include "maps.h"
#include "random.h"
#include "sanitise.h"
#include "shm.h"
#include "syscall.h"
#include "trinity.h"
#include "fuzz_ioctl_struct.h"
static void * recursive_fuzz(enum ioctl_struct_type type, void * local_addr) {
switch(type) {
struct venc_ioctl_msg *p0;
struct qseecom_register_listener_req *p1;
struct qseecom_send_cmd_req *p2;
struct qseecom_ion_fd_info *p3;
struct qseecom_send_modfd_cmd_req *p4;
struct qseecom_send_resp_req *p5;
struct qseecom_load_img_req *p6;
struct qseecom_set_sb_mem_param_req *p7;
struct qseecom_qseos_version_req *p8;
struct qseecom_qseos_app_load_query *p9;
struct kgsl_devinfo *p10;
struct kgsl_devmemstore *p11;
struct kgsl_shadowprop *p12;
struct kgsl_version *p13;
struct kgsl_ibdesc *p14;
struct kgsl_device_getproperty *p15;
struct kgsl_device_waittimestamp *p16;
struct kgsl_device_waittimestamp_ctxtid *p17;
struct kgsl_ringbuffer_issueibcmds *p18;
struct kgsl_cmdstream_readtimestamp *p19;
struct kgsl_cmdstream_freememontimestamp *p20;
struct kgsl_drawctxt_create *p21;
struct kgsl_map_user_mem *p22;
struct kgsl_cmdstream_readtimestamp_ctxtid *p23;
struct kgsl_cmdstream_freememontimestamp_ctxtid *p24;
struct kgsl_sharedmem_from_pmem *p25;
struct kgsl_sharedmem_free *p26;
struct kgsl_cff_user_event *p27;
struct kgsl_gmem_desc *p28;
struct kgsl_buffer_desc *p29;
struct kgsl_bind_gmem_shadow *p30;
struct kgsl_sharedmem_from_vmalloc *p31;
struct kgsl_drawctxt_set_bin_base_offset *p32;
struct kgsl_cmdwindow_write *p33;
struct kgsl_cff_syncmem *p34;
struct kgsl_timestamp_event *p35;
struct kgsl_timestamp_event_genlock *p36;
struct kgsl_timestamp_event_fence *p37;
struct kgsl_gpumem_alloc_id *p38;
struct kgsl_gpumem_free_id *p39;
struct kgsl_gpumem_get_info *p40;
struct kgsl_gpumem_sync_cache *p41;
struct kgsl_perfcounter_get *p42;
struct kgsl_perfcounter_put *p43;
struct kgsl_perfcounter_query *p44;
struct kgsl_perfcounter_read_group *p45;
struct kgsl_perfcounter_read *p46;
struct kgsl_drawctxt_destroy *p47;
struct kgsl_gpumem_alloc *p48;
struct mc_ioctl_init *p49;
struct mc_ioctl_info *p50;
struct mc_ioctl_map *p51;
struct mc_ioctl_reg_wsm *p52;
struct mc_ioctl_execute *p53;
struct mc_ioctl_resolv_cont_wsm *p54;
struct mc_ioctl_resolv_wsm *p55;
struct msm_jpeg_ctrl_cmd *p56;
struct msm_jpeg_buf *p57;
struct msm_jpeg_hw_cmd *p58;
struct msm_jpeg_hw_cmds *p59;
struct timespec *p60;
struct v4l2_capability *p61;
struct v4l2_fmtdesc *p62;
struct v4l2_rect *p63;
struct v4l2_clip *p64;
struct v4l2_window *p65;
struct v4l2_format *p66;
struct v4l2_requestbuffers *p67;
struct v4l2_timecode *p68;
struct v4l2_plane *p69;
struct timeval *p70;
struct v4l2_buffer *p71;
struct v4l2_plane_pix_format *p72;
struct v4l2_pix_format_mplane *p73;
struct v4l2_pix_format *p74;
struct v4l2_framebuffer *p75;
struct v4l2_streamparm *p76;
struct v4l2_fract *p77;
struct v4l2_standard *p78;
struct v4l2_input *p79;
struct v4l2_control *p80;
struct v4l2_tuner *p81;
struct v4l2_modulator *p82;
struct v4l2_audio *p83;
struct v4l2_queryctrl *p84;
struct v4l2_querymenu *p85;
struct v4l2_outputparm *p86;
struct v4l2_audioout *p87;
struct v4l2_frequency *p88;
struct v4l2_cropcap *p89;
struct v4l2_crop *p90;
struct v4l2_jpegcompression *p91;
struct v4l2_sliced_vbi_cap *p92;
struct v4l2_ext_controls *p93;
struct v4l2_frmsize_stepwise *p94;
struct v4l2_frmsizeenum *p95;
struct v4l2_frmival_stepwise *p96;
struct v4l2_frmivalenum *p97;
struct v4l2_enc_idx_entry *p98;
struct v4l2_enc_idx *p99;
struct v4l2_encoder_cmd *p100;
struct v4l2_dbg_match *p101;
struct v4l2_dbg_register *p102;
struct v4l2_dbg_chip_ident *p103;
struct v4l2_hw_freq_seek *p104;
struct v4l2_dv_enum_preset *p105;
struct v4l2_dv_preset *p106;
struct v4l2_dv_timings *p107;
struct v4l2_event *p108;
struct v4l2_event_subscription *p109;
struct v4l2_create_buffers *p110;
struct v4l2_selection *p111;
struct v4l2_decoder_cmd *p112;
struct v4l2_output *p113;
case STRUCT_venc_ioctl_msg:
if(local_addr != NULL)
p0 = (struct venc_ioctl_msg *)local_addr;
else
p0 = (struct venc_ioctl_msg *)get_writable_address(sizeof(struct venc_ioctl_msg));
if(p0) {
p0->in = (void *) get_non_null_address();
p0->out = (void *) get_non_null_address();
return p0;
}
return get_non_null_address();
case STRUCT_qseecom_register_listener_req:
if(local_addr != NULL)
p1 = (struct qseecom_register_listener_req *)local_addr;
else
p1 = (struct qseecom_register_listener_req *)get_writable_address(sizeof(struct qseecom_register_listener_req));
if(p1) {
//listener_id is primitive
//ifd_data_fd is primitive
//virt_sb_base is primitive
//sb_size is primitive
return p1;
}
return get_non_null_address();
case STRUCT_qseecom_send_cmd_req:
if(local_addr != NULL)
p2 = (struct qseecom_send_cmd_req *)local_addr;
else
p2 = (struct qseecom_send_cmd_req *)get_writable_address(sizeof(struct qseecom_send_cmd_req));
if(p2) {
p2->cmd_req_buf = (void *) get_non_null_address();
//cmd_req_len is primitive
p2->resp_buf = (void *) get_non_null_address();
//resp_len is primitive
return p2;
}
return get_non_null_address();
case STRUCT_qseecom_ion_fd_info:
if(local_addr != NULL)
p3 = (struct qseecom_ion_fd_info *)local_addr;
else
p3 = (struct qseecom_ion_fd_info *)get_writable_address(sizeof(struct qseecom_ion_fd_info));
if(p3) {
//fd is primitive
//cmd_buf_offset is primitive
return p3;
}
return get_non_null_address();
case STRUCT_qseecom_send_modfd_cmd_req:
if(local_addr != NULL)
p4 = (struct qseecom_send_modfd_cmd_req *)local_addr;
else
p4 = (struct qseecom_send_modfd_cmd_req *)get_writable_address(sizeof(struct qseecom_send_modfd_cmd_req));
if(p4) {
p4->cmd_req_buf = (void *) get_non_null_address();
//cmd_req_len is primitive
p4->resp_buf = (void *) get_non_null_address();
//resp_len is primitive
recursive_fuzz(STRUCT_qseecom_ion_fd_info, &p4->ifd_data[0]);
recursive_fuzz(STRUCT_qseecom_ion_fd_info, &p4->ifd_data[1]);
recursive_fuzz(STRUCT_qseecom_ion_fd_info, &p4->ifd_data[2]);
recursive_fuzz(STRUCT_qseecom_ion_fd_info, &p4->ifd_data[3]);
//ifd_data is an array of qseecom_ion_fd_info of 4 elements
return p4;
}
return get_non_null_address();
case STRUCT_qseecom_send_resp_req:
if(local_addr != NULL)
p5 = (struct qseecom_send_resp_req *)local_addr;
else
p5 = (struct qseecom_send_resp_req *)get_writable_address(sizeof(struct qseecom_send_resp_req));
if(p5) {
p5->resp_buf = (void *) get_non_null_address();
//resp_len is primitive
return p5;
}
return get_non_null_address();
case STRUCT_qseecom_load_img_req:
if(local_addr != NULL)
p6 = (struct qseecom_load_img_req *)local_addr;
else
p6 = (struct qseecom_load_img_req *)get_writable_address(sizeof(struct qseecom_load_img_req));
if(p6) {
//mdt_len is primitive
//img_len is primitive
//ifd_data_fd is primitive
//img_name is an array of char of 32 elements
//app_id is primitive
return p6;
}
return get_non_null_address();
case STRUCT_qseecom_set_sb_mem_param_req:
if(local_addr != NULL)
p7 = (struct qseecom_set_sb_mem_param_req *)local_addr;
else
p7 = (struct qseecom_set_sb_mem_param_req *)get_writable_address(sizeof(struct qseecom_set_sb_mem_param_req));
if(p7) {
//ifd_data_fd is primitive
//virt_sb_base is primitive
//sb_len is primitive
return p7;
}
return get_non_null_address();
case STRUCT_qseecom_qseos_version_req:
if(local_addr != NULL)
p8 = (struct qseecom_qseos_version_req *)local_addr;
else
p8 = (struct qseecom_qseos_version_req *)get_writable_address(sizeof(struct qseecom_qseos_version_req));
if(p8) {
//qseos_version is primitive
return p8;
}
return get_non_null_address();
case STRUCT_qseecom_qseos_app_load_query:
if(local_addr != NULL)
p9 = (struct qseecom_qseos_app_load_query *)local_addr;
else
p9 = (struct qseecom_qseos_app_load_query *)get_writable_address(sizeof(struct qseecom_qseos_app_load_query));
if(p9) {
//app_name is an array of char of 32 elements
//app_id is primitive
return p9;
}
return get_non_null_address();
case STRUCT_kgsl_devinfo:
if(local_addr != NULL)
p10 = (struct kgsl_devinfo *)local_addr;
else
p10 = (struct kgsl_devinfo *)get_writable_address(sizeof(struct kgsl_devinfo));
if(p10) {
//device_id is primitive
//chip_id is primitive
//mmu_enabled is primitive
//gmem_gpubaseaddr is primitive
//gpu_id is primitive
//gmem_sizebytes is primitive
return p10;
}
return get_non_null_address();
case STRUCT_kgsl_devmemstore:
if(local_addr != NULL)
p11 = (struct kgsl_devmemstore *)local_addr;
else
p11 = (struct kgsl_devmemstore *)get_writable_address(sizeof(struct kgsl_devmemstore));
if(p11) {
//soptimestamp is primitive
//sbz is primitive
//eoptimestamp is primitive
//sbz2 is primitive
//ts_cmp_enable is primitive
//sbz3 is primitive
//ref_wait_ts is primitive
//sbz4 is primitive
//current_context is primitive
//sbz5 is primitive
return p11;
}
return get_non_null_address();
case STRUCT_kgsl_shadowprop:
if(local_addr != NULL)
p12 = (struct kgsl_shadowprop *)local_addr;
else
p12 = (struct kgsl_shadowprop *)get_writable_address(sizeof(struct kgsl_shadowprop));
if(p12) {
//gpuaddr is primitive
//size is primitive
//flags is primitive
return p12;
}
return get_non_null_address();
case STRUCT_kgsl_version:
if(local_addr != NULL)
p13 = (struct kgsl_version *)local_addr;
else
p13 = (struct kgsl_version *)get_writable_address(sizeof(struct kgsl_version));
if(p13) {
//drv_major is primitive
//drv_minor is primitive
//dev_major is primitive
//dev_minor is primitive
return p13;
}
return get_non_null_address();
case STRUCT_kgsl_ibdesc:
if(local_addr != NULL)
p14 = (struct kgsl_ibdesc *)local_addr;
else
p14 = (struct kgsl_ibdesc *)get_writable_address(sizeof(struct kgsl_ibdesc));
if(p14) {
//gpuaddr is primitive
p14->hostptr = (void *) get_non_null_address();
//sizedwords is primitive
//ctrl is primitive
return p14;
}
return get_non_null_address();
case STRUCT_kgsl_device_getproperty:
if(local_addr != NULL)
p15 = (struct kgsl_device_getproperty *)local_addr;
else
p15 = (struct kgsl_device_getproperty *)get_writable_address(sizeof(struct kgsl_device_getproperty));
if(p15) {
//type is primitive
p15->value = (void *) get_non_null_address();
//sizebytes is primitive
return p15;
}
return get_non_null_address();
case STRUCT_kgsl_device_waittimestamp:
if(local_addr != NULL)
p16 = (struct kgsl_device_waittimestamp *)local_addr;
else
p16 = (struct kgsl_device_waittimestamp *)get_writable_address(sizeof(struct kgsl_device_waittimestamp));
if(p16) {
//timestamp is primitive
//timeout is primitive
return p16;
}
return get_non_null_address();
case STRUCT_kgsl_device_waittimestamp_ctxtid:
if(local_addr != NULL)
p17 = (struct kgsl_device_waittimestamp_ctxtid *)local_addr;
else
p17 = (struct kgsl_device_waittimestamp_ctxtid *)get_writable_address(sizeof(struct kgsl_device_waittimestamp_ctxtid));
if(p17) {
//context_id is primitive
//timestamp is primitive
//timeout is primitive
return p17;
}
return get_non_null_address();
case STRUCT_kgsl_ringbuffer_issueibcmds:
if(local_addr != NULL)
p18 = (struct kgsl_ringbuffer_issueibcmds *)local_addr;
else
p18 = (struct kgsl_ringbuffer_issueibcmds *)get_writable_address(sizeof(struct kgsl_ringbuffer_issueibcmds));
if(p18) {
//drawctxt_id is primitive
p18->ibdesc_addr = (void *) get_non_null_address();
//numibs is primitive
//timestamp is primitive
//flags is primitive
return p18;
}
return get_non_null_address();
case STRUCT_kgsl_cmdstream_readtimestamp:
if(local_addr != NULL)
p19 = (struct kgsl_cmdstream_readtimestamp *)local_addr;
else
p19 = (struct kgsl_cmdstream_readtimestamp *)get_writable_address(sizeof(struct kgsl_cmdstream_readtimestamp));
if(p19) {
//type is primitive
//timestamp is primitive
return p19;
}
return get_non_null_address();
case STRUCT_kgsl_cmdstream_freememontimestamp:
if(local_addr != NULL)
p20 = (struct kgsl_cmdstream_freememontimestamp *)local_addr;
else
p20 = (struct kgsl_cmdstream_freememontimestamp *)get_writable_address(sizeof(struct kgsl_cmdstream_freememontimestamp));
if(p20) {
p20->gpuaddr = (void *) get_non_null_address();
//type is primitive
//timestamp is primitive
return p20;
}
return get_non_null_address();
case STRUCT_kgsl_drawctxt_create:
if(local_addr != NULL)
p21 = (struct kgsl_drawctxt_create *)local_addr;
else
p21 = (struct kgsl_drawctxt_create *)get_writable_address(sizeof(struct kgsl_drawctxt_create));
if(p21) {
//flags is primitive
//drawctxt_id is primitive
return p21;
}
return get_non_null_address();
case STRUCT_kgsl_map_user_mem:
if(local_addr != NULL)
p22 = (struct kgsl_map_user_mem *)local_addr;
else
p22 = (struct kgsl_map_user_mem *)get_writable_address(sizeof(struct kgsl_map_user_mem));
if(p22) {
//fd is primitive
p22->gpuaddr = (void *) get_non_null_address();
//len is primitive
//offset is primitive
p22->hostptr = (void *) get_non_null_address();
//enum kgsl_user_mem_type;
//flags is primitive
return p22;
}
return get_non_null_address();
case STRUCT_kgsl_cmdstream_readtimestamp_ctxtid:
if(local_addr != NULL)
p23 = (struct kgsl_cmdstream_readtimestamp_ctxtid *)local_addr;
else
p23 = (struct kgsl_cmdstream_readtimestamp_ctxtid *)get_writable_address(sizeof(struct kgsl_cmdstream_readtimestamp_ctxtid));
if(p23) {
//context_id is primitive
//type is primitive
//timestamp is primitive
return p23;
}
return get_non_null_address();
case STRUCT_kgsl_cmdstream_freememontimestamp_ctxtid:
if(local_addr != NULL)
p24 = (struct kgsl_cmdstream_freememontimestamp_ctxtid *)local_addr;
else
p24 = (struct kgsl_cmdstream_freememontimestamp_ctxtid *)get_writable_address(sizeof(struct kgsl_cmdstream_freememontimestamp_ctxtid));
if(p24) {
//context_id is primitive
p24->gpuaddr = (void *) get_non_null_address();
//type is primitive
//timestamp is primitive
return p24;
}
return get_non_null_address();
case STRUCT_kgsl_sharedmem_from_pmem:
if(local_addr != NULL)
p25 = (struct kgsl_sharedmem_from_pmem *)local_addr;
else
p25 = (struct kgsl_sharedmem_from_pmem *)get_writable_address(sizeof(struct kgsl_sharedmem_from_pmem));
if(p25) {
//pmem_fd is primitive
p25->gpuaddr = (void *) get_non_null_address();
//len is primitive
//offset is primitive
return p25;
}
return get_non_null_address();
case STRUCT_kgsl_sharedmem_free:
if(local_addr != NULL)
p26 = (struct kgsl_sharedmem_free *)local_addr;
else
p26 = (struct kgsl_sharedmem_free *)get_writable_address(sizeof(struct kgsl_sharedmem_free));
if(p26) {
p26->gpuaddr = (void *) get_non_null_address();
return p26;
}
return get_non_null_address();
case STRUCT_kgsl_cff_user_event:
if(local_addr != NULL)
p27 = (struct kgsl_cff_user_event *)local_addr;
else
p27 = (struct kgsl_cff_user_event *)get_writable_address(sizeof(struct kgsl_cff_user_event));
if(p27) {
//cff_opcode is primitive
//op1 is primitive
//op2 is primitive
//op3 is primitive
//op4 is primitive
//op5 is primitive
//__pad is an array of int of 2 elements
return p27;
}
return get_non_null_address();
case STRUCT_kgsl_gmem_desc:
if(local_addr != NULL)
p28 = (struct kgsl_gmem_desc *)local_addr;
else
p28 = (struct kgsl_gmem_desc *)get_writable_address(sizeof(struct kgsl_gmem_desc));
if(p28) {
//x is primitive
//y is primitive
//width is primitive
//height is primitive
//pitch is primitive
return p28;
}
return get_non_null_address();
case STRUCT_kgsl_buffer_desc:
if(local_addr != NULL)
p29 = (struct kgsl_buffer_desc *)local_addr;
else
p29 = (struct kgsl_buffer_desc *)get_writable_address(sizeof(struct kgsl_buffer_desc));
if(p29) {
p29->hostptr = (void *) get_non_null_address();
p29->gpuaddr = (void *) get_non_null_address();
//size is primitive
//format is primitive
//pitch is primitive
//enabled is primitive
return p29;
}
return get_non_null_address();
case STRUCT_kgsl_bind_gmem_shadow:
if(local_addr != NULL)
p30 = (struct kgsl_bind_gmem_shadow *)local_addr;
else
p30 = (struct kgsl_bind_gmem_shadow *)get_writable_address(sizeof(struct kgsl_bind_gmem_shadow));
if(p30) {
//drawctxt_id is primitive
recursive_fuzz(STRUCT_kgsl_gmem_desc, &p30->gmem_desc);
//shadow_x is primitive
//shadow_y is primitive
recursive_fuzz(STRUCT_kgsl_buffer_desc, &p30->shadow_buffer);
//buffer_id is primitive
return p30;
}
return get_non_null_address();
case STRUCT_kgsl_sharedmem_from_vmalloc:
if(local_addr != NULL)
p31 = (struct kgsl_sharedmem_from_vmalloc *)local_addr;
else
p31 = (struct kgsl_sharedmem_from_vmalloc *)get_writable_address(sizeof(struct kgsl_sharedmem_from_vmalloc));
if(p31) {
p31->gpuaddr = (void *) get_non_null_address();
p31->hostptr = (void *) get_non_null_address();
//flags is primitive
return p31;
}
return get_non_null_address();
case STRUCT_kgsl_drawctxt_set_bin_base_offset:
if(local_addr != NULL)
p32 = (struct kgsl_drawctxt_set_bin_base_offset *)local_addr;
else
p32 = (struct kgsl_drawctxt_set_bin_base_offset *)get_writable_address(sizeof(struct kgsl_drawctxt_set_bin_base_offset));
if(p32) {
//drawctxt_id is primitive
//offset is primitive
return p32;
}
return get_non_null_address();
case STRUCT_kgsl_cmdwindow_write:
if(local_addr != NULL)
p33 = (struct kgsl_cmdwindow_write *)local_addr;
else
p33 = (struct kgsl_cmdwindow_write *)get_writable_address(sizeof(struct kgsl_cmdwindow_write));
if(p33) {
//enum kgsl_cmdwindow_type;
p33->addr = (void *) get_non_null_address();
//data is primitive
return p33;
}
return get_non_null_address();
case STRUCT_kgsl_cff_syncmem:
if(local_addr != NULL)
p34 = (struct kgsl_cff_syncmem *)local_addr;
else
p34 = (struct kgsl_cff_syncmem *)get_writable_address(sizeof(struct kgsl_cff_syncmem));
if(p34) {
p34->gpuaddr = (void *) get_non_null_address();
//len is primitive
//__pad is an array of int of 2 elements
return p34;
}
return get_non_null_address();
case STRUCT_kgsl_timestamp_event:
if(local_addr != NULL)
p35 = (struct kgsl_timestamp_event *)local_addr;
else
p35 = (struct kgsl_timestamp_event *)get_writable_address(sizeof(struct kgsl_timestamp_event));
if(p35) {
//type is primitive
//timestamp is primitive
//context_id is primitive
p35->priv = (void *) get_non_null_address();
//len is primitive
return p35;
}
return get_non_null_address();
case STRUCT_kgsl_timestamp_event_genlock:
if(local_addr != NULL)
p36 = (struct kgsl_timestamp_event_genlock *)local_addr;
else
p36 = (struct kgsl_timestamp_event_genlock *)get_writable_address(sizeof(struct kgsl_timestamp_event_genlock));
if(p36) {
//handle is primitive
return p36;
}
return get_non_null_address();
case STRUCT_kgsl_timestamp_event_fence:
if(local_addr != NULL)
p37 = (struct kgsl_timestamp_event_fence *)local_addr;
else
p37 = (struct kgsl_timestamp_event_fence *)get_writable_address(sizeof(struct kgsl_timestamp_event_fence));
if(p37) {
//fence_fd is primitive
return p37;
}
return get_non_null_address();
case STRUCT_kgsl_gpumem_alloc_id:
if(local_addr != NULL)
p38 = (struct kgsl_gpumem_alloc_id *)local_addr;
else
p38 = (struct kgsl_gpumem_alloc_id *)get_writable_address(sizeof(struct kgsl_gpumem_alloc_id));
if(p38) {
//id is primitive
//flags is primitive
//size is primitive
//mmapsize is primitive
p38->gpuaddr = (void *) get_non_null_address();
//__pad is an array of int of 2 elements
return p38;
}
return get_non_null_address();
case STRUCT_kgsl_gpumem_free_id:
if(local_addr != NULL)
p39 = (struct kgsl_gpumem_free_id *)local_addr;
else
p39 = (struct kgsl_gpumem_free_id *)get_writable_address(sizeof(struct kgsl_gpumem_free_id));
if(p39) {
//id is primitive
//__pad is primitive
return p39;
}
return get_non_null_address();
case STRUCT_kgsl_gpumem_get_info:
if(local_addr != NULL)
p40 = (struct kgsl_gpumem_get_info *)local_addr;
else
p40 = (struct kgsl_gpumem_get_info *)get_writable_address(sizeof(struct kgsl_gpumem_get_info));
if(p40) {
p40->gpuaddr = (void *) get_non_null_address();
//id is primitive
//flags is primitive
//size is primitive
//mmapsize is primitive
p40->useraddr = (void *) get_non_null_address();
//__pad is an array of int of 4 elements
return p40;
}
return get_non_null_address();
case STRUCT_kgsl_gpumem_sync_cache:
if(local_addr != NULL)
p41 = (struct kgsl_gpumem_sync_cache *)local_addr;
else
p41 = (struct kgsl_gpumem_sync_cache *)get_writable_address(sizeof(struct kgsl_gpumem_sync_cache));
if(p41) {
p41->gpuaddr = (void *) get_non_null_address();
//id is primitive
//op is primitive
//__pad is an array of int of 2 elements
return p41;
}
return get_non_null_address();
case STRUCT_kgsl_perfcounter_get:
if(local_addr != NULL)
p42 = (struct kgsl_perfcounter_get *)local_addr;
else
p42 = (struct kgsl_perfcounter_get *)get_writable_address(sizeof(struct kgsl_perfcounter_get));
if(p42) {
//groupid is primitive
//countable is primitive
//offset is primitive
//__pad is an array of int of 2 elements
return p42;
}
return get_non_null_address();
case STRUCT_kgsl_perfcounter_put:
if(local_addr != NULL)
p43 = (struct kgsl_perfcounter_put *)local_addr;
else
p43 = (struct kgsl_perfcounter_put *)get_writable_address(sizeof(struct kgsl_perfcounter_put));
if(p43) {
//groupid is primitive
//countable is primitive
//__pad is an array of int of 2 elements
return p43;
}
return get_non_null_address();
case STRUCT_kgsl_perfcounter_query:
if(local_addr != NULL)
p44 = (struct kgsl_perfcounter_query *)local_addr;
else
p44 = (struct kgsl_perfcounter_query *)get_writable_address(sizeof(struct kgsl_perfcounter_query));
if(p44) {
//groupid is primitive
p44->countables = (int *) get_writable_address(sizeof(int));
//count is primitive
//max_counters is primitive
//__pad is an array of int of 2 elements
return p44;
}
return get_non_null_address();
case STRUCT_kgsl_perfcounter_read_group:
if(local_addr != NULL)
p45 = (struct kgsl_perfcounter_read_group *)local_addr;
else
p45 = (struct kgsl_perfcounter_read_group *)get_writable_address(sizeof(struct kgsl_perfcounter_read_group));
if(p45) {
//groupid is primitive
//countable is primitive
return p45;
}
return get_non_null_address();
case STRUCT_kgsl_perfcounter_read:
if(local_addr != NULL)
p46 = (struct kgsl_perfcounter_read *)local_addr;
else
p46 = (struct kgsl_perfcounter_read *)get_writable_address(sizeof(struct kgsl_perfcounter_read));
if(p46) {
p46->reads = (struct kgsl_perfcounter_read_group *) recursive_fuzz(STRUCT_kgsl_perfcounter_read_group, NULL);
//count is primitive
//__pad is an array of int of 2 elements
return p46;
}
return get_non_null_address();
case STRUCT_kgsl_drawctxt_destroy:
if(local_addr != NULL)
p47 = (struct kgsl_drawctxt_destroy *)local_addr;
else
p47 = (struct kgsl_drawctxt_destroy *)get_writable_address(sizeof(struct kgsl_drawctxt_destroy));
if(p47) {
//drawctxt_id is primitive
return p47;
}
return get_non_null_address();
case STRUCT_kgsl_gpumem_alloc:
if(local_addr != NULL)
p48 = (struct kgsl_gpumem_alloc *)local_addr;
else
p48 = (struct kgsl_gpumem_alloc *)get_writable_address(sizeof(struct kgsl_gpumem_alloc));
if(p48) {
p48->gpuaddr = (void *) get_non_null_address();
//size is primitive
//flags is primitive
return p48;
}
return get_non_null_address();
case STRUCT_mc_ioctl_init:
if(local_addr != NULL)
p49 = (struct mc_ioctl_init *)local_addr;
else
p49 = (struct mc_ioctl_init *)get_writable_address(sizeof(struct mc_ioctl_init));
if(p49) {
//nq_offset is primitive
//nq_length is primitive
//mcp_offset is primitive
//mcp_length is primitive
return p49;
}
return get_non_null_address();
case STRUCT_mc_ioctl_info:
if(local_addr != NULL)
p50 = (struct mc_ioctl_info *)local_addr;
else
p50 = (struct mc_ioctl_info *)get_writable_address(sizeof(struct mc_ioctl_info));
if(p50) {
//ext_info_id is primitive
//state is primitive
//ext_info is primitive
return p50;
}
return get_non_null_address();
case STRUCT_mc_ioctl_map:
if(local_addr != NULL)
p51 = (struct mc_ioctl_map *)local_addr;
else
p51 = (struct mc_ioctl_map *)get_writable_address(sizeof(struct mc_ioctl_map));
if(p51) {
//len is primitive
//handle is primitive
p51->addr = (void *) get_non_null_address();
p51->phys_addr = (void *) get_non_null_address();
//reused is primitive
return p51;
}
return get_non_null_address();
case STRUCT_mc_ioctl_reg_wsm:
if(local_addr != NULL)
p52 = (struct mc_ioctl_reg_wsm *)local_addr;
else
p52 = (struct mc_ioctl_reg_wsm *)get_writable_address(sizeof(struct mc_ioctl_reg_wsm));
if(p52) {
//len is primitive
//pid is primitive
//handle is primitive
p52->table_phys = (void *) get_non_null_address();
return p52;
}
return get_non_null_address();
case STRUCT_mc_ioctl_execute:
if(local_addr != NULL)
p53 = (struct mc_ioctl_execute *)local_addr;
else
p53 = (struct mc_ioctl_execute *)get_writable_address(sizeof(struct mc_ioctl_execute));
if(p53) {
p53->phys_start_addr = (void *) get_non_null_address();
//length is primitive
return p53;
}
return get_non_null_address();
case STRUCT_mc_ioctl_resolv_cont_wsm:
if(local_addr != NULL)
p54 = (struct mc_ioctl_resolv_cont_wsm *)local_addr;
else
p54 = (struct mc_ioctl_resolv_cont_wsm *)get_writable_address(sizeof(struct mc_ioctl_resolv_cont_wsm));
if(p54) {
//handle is primitive
p54->phys = (void *) get_non_null_address();
//length is primitive
//fd is primitive
return p54;
}
return get_non_null_address();
case STRUCT_mc_ioctl_resolv_wsm:
if(local_addr != NULL)
p55 = (struct mc_ioctl_resolv_wsm *)local_addr;
else
p55 = (struct mc_ioctl_resolv_wsm *)get_writable_address(sizeof(struct mc_ioctl_resolv_wsm));
if(p55) {
//handle is primitive
//fd is primitive
p55->phys = (void *) get_non_null_address();
return p55;
}
return get_non_null_address();
case STRUCT_msm_jpeg_ctrl_cmd:
if(local_addr != NULL)
p56 = (struct msm_jpeg_ctrl_cmd *)local_addr;
else
p56 = (struct msm_jpeg_ctrl_cmd *)get_writable_address(sizeof(struct msm_jpeg_ctrl_cmd));
if(p56) {
//type is primitive
//len is primitive
p56->value = (void *) get_non_null_address();
return p56;
}
return get_non_null_address();
case STRUCT_msm_jpeg_buf:
if(local_addr != NULL)
p57 = (struct msm_jpeg_buf *)local_addr;
else
p57 = (struct msm_jpeg_buf *)get_writable_address(sizeof(struct msm_jpeg_buf));
if(p57) {
//type is primitive
//fd is primitive
p57->vaddr = (void *) get_non_null_address();
//y_off is primitive
//y_len is primitive
//framedone_len is primitive
//cbcr_off is primitive
//cbcr_len is primitive
//num_of_mcu_rows is primitive
//offset is primitive
//pln2_off is primitive
//pln2_len is primitive
return p57;
}
return get_non_null_address();
case STRUCT_msm_jpeg_hw_cmd:
if(local_addr != NULL)
p58 = (struct msm_jpeg_hw_cmd *)local_addr;
else
p58 = (struct msm_jpeg_hw_cmd *)get_writable_address(sizeof(struct msm_jpeg_hw_cmd));
if(p58) {
//type is primitive
//n is primitive
//offset is primitive
//mask is primitive
p58->pdata = (uint32_t *) get_writable_address(sizeof(uint32_t));
return p58;
}
return get_non_null_address();
case STRUCT_msm_jpeg_hw_cmds:
if(local_addr != NULL)
p59 = (struct msm_jpeg_hw_cmds *)local_addr;
else
p59 = (struct msm_jpeg_hw_cmds *)get_writable_address(sizeof(struct msm_jpeg_hw_cmds));
if(p59) {
//m is primitive
recursive_fuzz(STRUCT_msm_jpeg_hw_cmd, &p59->hw_cmd);
return p59;
}
return get_non_null_address();
case STRUCT_timespec:
if(local_addr != NULL)
p60 = (struct timespec *)local_addr;
else
p60 = (struct timespec *)get_writable_address(sizeof(struct timespec));
if(p60) {
return p60;
}
return get_non_null_address();
case STRUCT_v4l2_capability:
if(local_addr != NULL)
p61 = (struct v4l2_capability *)local_addr;
else
p61 = (struct v4l2_capability *)get_writable_address(sizeof(struct v4l2_capability));
if(p61) {
//driver is an array of __u8 of 16 elements
//card is an array of __u8 of 32 elements
//bus_info is an array of __u8 of 32 elements
//version is primitive
//capabilities is primitive
//device_caps is primitive
//reserved is an array of __u32 of 3 elements
return p61;
}
return get_non_null_address();
case STRUCT_v4l2_fmtdesc:
if(local_addr != NULL)
p62 = (struct v4l2_fmtdesc *)local_addr;
else
p62 = (struct v4l2_fmtdesc *)get_writable_address(sizeof(struct v4l2_fmtdesc));
if(p62) {
//index is primitive
//enum v4l2_buf_type;
//flags is primitive
//description is an array of __u8 of 32 elements
//pixelformat is primitive
//reserved is an array of __u32 of 4 elements
return p62;
}
return get_non_null_address();
case STRUCT_v4l2_rect:
if(local_addr != NULL)
p63 = (struct v4l2_rect *)local_addr;
else
p63 = (struct v4l2_rect *)get_writable_address(sizeof(struct v4l2_rect));
if(p63) {
//left is primitive
//top is primitive
//width is primitive
//height is primitive
return p63;
}
return get_non_null_address();
case STRUCT_v4l2_clip:
if(local_addr != NULL)
p64 = (struct v4l2_clip *)local_addr;
else
p64 = (struct v4l2_clip *)get_writable_address(sizeof(struct v4l2_clip));
if(p64) {
recursive_fuzz(STRUCT_v4l2_rect, &p64->c);
p64->next = (void *) get_non_null_address();
return p64;
}
return get_non_null_address();
case STRUCT_v4l2_window:
if(local_addr != NULL)
p65 = (struct v4l2_window *)local_addr;
else
p65 = (struct v4l2_window *)get_writable_address(sizeof(struct v4l2_window));
if(p65) {
recursive_fuzz(STRUCT_v4l2_rect, &p65->w);
//enum v4l2_field;
//chromakey is primitive
p65->clips = (struct v4l2_clip *) recursive_fuzz(STRUCT_v4l2_clip, NULL);
//clipcount is primitive
p65->bitmap = (void *) get_non_null_address();
//global_alpha is primitive
return p65;
}
return get_non_null_address();
case STRUCT_v4l2_format:
if(local_addr != NULL)
p66 = (struct v4l2_format *)local_addr;
else
p66 = (struct v4l2_format *)get_writable_address(sizeof(struct v4l2_format));
if(p66) {
//enum v4l2_buf_type;
recursive_fuzz(STRUCT_v4l2_window, &p66->win);
return p66;
}
return get_non_null_address();
case STRUCT_v4l2_requestbuffers:
if(local_addr != NULL)
p67 = (struct v4l2_requestbuffers *)local_addr;
else
p67 = (struct v4l2_requestbuffers *)get_writable_address(sizeof(struct v4l2_requestbuffers));
if(p67) {
//count is primitive
//enum v4l2_buf_type;
//enum v4l2_memory;
//reserved is an array of __u32 of 2 elements
return p67;
}
return get_non_null_address();
case STRUCT_v4l2_timecode:
if(local_addr != NULL)
p68 = (struct v4l2_timecode *)local_addr;
else
p68 = (struct v4l2_timecode *)get_writable_address(sizeof(struct v4l2_timecode));
if(p68) {
//type is primitive
//flags is primitive
//frames is primitive
//seconds is primitive
//minutes is primitive
//hours is primitive
//userbits is an array of __u8 of 4 elements
return p68;
}
return get_non_null_address();
case STRUCT_v4l2_plane:
if(local_addr != NULL)
p69 = (struct v4l2_plane *)local_addr;
else
p69 = (struct v4l2_plane *)get_writable_address(sizeof(struct v4l2_plane));
if(p69) {
//bytesused is primitive
//length is primitive
p69->userptr = (void *) get_non_null_address();
//data_offset is primitive
//reserved is an array of __u32 of 11 elements
return p69;
}
return get_non_null_address();
case STRUCT_timeval:
if(local_addr != NULL)
p70 = (struct timeval *)local_addr;
else
p70 = (struct timeval *)get_writable_address(sizeof(struct timeval));
if(p70) {
return p70;
}
return get_non_null_address();
case STRUCT_v4l2_buffer:
if(local_addr != NULL)
p71 = (struct v4l2_buffer *)local_addr;
else
p71 = (struct v4l2_buffer *)get_writable_address(sizeof(struct v4l2_buffer));
if(p71) {
//index is primitive
//enum v4l2_buf_type;
//bytesused is primitive
//flags is primitive
//enum v4l2_field;
recursive_fuzz(STRUCT_timeval, &p71->timestamp);
recursive_fuzz(STRUCT_v4l2_timecode, &p71->timecode);
//sequence is primitive
//enum v4l2_memory;
p71->planes = (struct v4l2_plane *) recursive_fuzz(STRUCT_v4l2_plane, NULL);
//length is primitive
//input is primitive
//reserved is primitive
return p71;
}
return get_non_null_address();
case STRUCT_v4l2_plane_pix_format:
if(local_addr != NULL)
p72 = (struct v4l2_plane_pix_format *)local_addr;
else
p72 = (struct v4l2_plane_pix_format *)get_writable_address(sizeof(struct v4l2_plane_pix_format));
if(p72) {
//sizeimage is primitive
//bytesperline is primitive
//reserved is an array of __u16 of 7 elements
return p72;
}
return get_non_null_address();
case STRUCT_v4l2_pix_format_mplane:
if(local_addr != NULL)
p73 = (struct v4l2_pix_format_mplane *)local_addr;
else
p73 = (struct v4l2_pix_format_mplane *)get_writable_address(sizeof(struct v4l2_pix_format_mplane));
if(p73) {
//width is primitive
//height is primitive
//pixelformat is primitive
//enum v4l2_field;
//enum v4l2_colorspace;
recursive_fuzz(STRUCT_v4l2_plane_pix_format, &p73->plane_fmt[0]);
recursive_fuzz(STRUCT_v4l2_plane_pix_format, &p73->plane_fmt[1]);
recursive_fuzz(STRUCT_v4l2_plane_pix_format, &p73->plane_fmt[2]);
recursive_fuzz(STRUCT_v4l2_plane_pix_format, &p73->plane_fmt[3]);
recursive_fuzz(STRUCT_v4l2_plane_pix_format, &p73->plane_fmt[4]);
recursive_fuzz(STRUCT_v4l2_plane_pix_format, &p73->plane_fmt[5]);
recursive_fuzz(STRUCT_v4l2_plane_pix_format, &p73->plane_fmt[6]);
recursive_fuzz(STRUCT_v4l2_plane_pix_format, &p73->plane_fmt[7]);
//plane_fmt is an array of v4l2_plane_pix_format of 8 elements
//num_planes is primitive
//reserved is an array of __u8 of 11 elements
return p73;
}
return get_non_null_address();
case STRUCT_v4l2_pix_format:
if(local_addr != NULL)
p74 = (struct v4l2_pix_format *)local_addr;
else
p74 = (struct v4l2_pix_format *)get_writable_address(sizeof(struct v4l2_pix_format));
if(p74) {
//width is primitive
//height is primitive
//pixelformat is primitive
//enum v4l2_field;
//bytesperline is primitive
//sizeimage is primitive
//enum v4l2_colorspace;
//priv is primitive
return p74;
}
return get_non_null_address();
case STRUCT_v4l2_framebuffer:
if(local_addr != NULL)
p75 = (struct v4l2_framebuffer *)local_addr;
else
p75 = (struct v4l2_framebuffer *)get_writable_address(sizeof(struct v4l2_framebuffer));
if(p75) {
//capability is primitive
//flags is primitive
p75->base = (void *) get_non_null_address();
recursive_fuzz(STRUCT_v4l2_pix_format, &p75->fmt);
return p75;
}
return get_non_null_address();
case STRUCT_v4l2_streamparm:
if(local_addr != NULL)
p76 = (struct v4l2_streamparm *)local_addr;
else
p76 = (struct v4l2_streamparm *)get_writable_address(sizeof(struct v4l2_streamparm));
if(p76) {
//enum v4l2_buf_type;
//raw_data is an array of __u8 of 200 elements
return p76;
}
return get_non_null_address();
case STRUCT_v4l2_fract:
if(local_addr != NULL)
p77 = (struct v4l2_fract *)local_addr;
else
p77 = (struct v4l2_fract *)get_writable_address(sizeof(struct v4l2_fract));
if(p77) {
//numerator is primitive
//denominator is primitive
return p77;
}
return get_non_null_address();
case STRUCT_v4l2_standard:
if(local_addr != NULL)
p78 = (struct v4l2_standard *)local_addr;
else
p78 = (struct v4l2_standard *)get_writable_address(sizeof(struct v4l2_standard));
if(p78) {
//index is primitive
//name is an array of __u8 of 24 elements
recursive_fuzz(STRUCT_v4l2_fract, &p78->frameperiod);
//framelines is primitive
//reserved is an array of __u32 of 4 elements
return p78;
}
return get_non_null_address();
case STRUCT_v4l2_input:
if(local_addr != NULL)
p79 = (struct v4l2_input *)local_addr;
else
p79 = (struct v4l2_input *)get_writable_address(sizeof(struct v4l2_input));
if(p79) {
//index is primitive
//name is an array of __u8 of 32 elements
//type is primitive
//audioset is primitive
//tuner is primitive
//status is primitive
//capabilities is primitive
//reserved is an array of __u32 of 3 elements
return p79;
}
return get_non_null_address();
case STRUCT_v4l2_control:
if(local_addr != NULL)
p80 = (struct v4l2_control *)local_addr;
else
p80 = (struct v4l2_control *)get_writable_address(sizeof(struct v4l2_control));
if(p80) {
//id is primitive
//value is primitive
return p80;
}
return get_non_null_address();
case STRUCT_v4l2_tuner:
if(local_addr != NULL)
p81 = (struct v4l2_tuner *)local_addr;
else
p81 = (struct v4l2_tuner *)get_writable_address(sizeof(struct v4l2_tuner));
if(p81) {
//index is primitive
//name is an array of __u8 of 32 elements
//enum v4l2_tuner_type;
//capability is primitive
//rangelow is primitive
//rangehigh is primitive
//rxsubchans is primitive
//audmode is primitive
//signal is primitive
//afc is primitive
//reserved is an array of __u32 of 4 elements
return p81;
}
return get_non_null_address();
case STRUCT_v4l2_modulator:
if(local_addr != NULL)
p82 = (struct v4l2_modulator *)local_addr;
else
p82 = (struct v4l2_modulator *)get_writable_address(sizeof(struct v4l2_modulator));
if(p82) {
//index is primitive
//name is an array of __u8 of 32 elements
//capability is primitive
//rangelow is primitive
//rangehigh is primitive
//txsubchans is primitive
//reserved is an array of __u32 of 4 elements
return p82;
}
return get_non_null_address();
case STRUCT_v4l2_audio:
if(local_addr != NULL)
p83 = (struct v4l2_audio *)local_addr;
else
p83 = (struct v4l2_audio *)get_writable_address(sizeof(struct v4l2_audio));
if(p83) {
//index is primitive
//name is an array of __u8 of 32 elements
//capability is primitive
//mode is primitive
//reserved is an array of __u32 of 2 elements
return p83;
}
return get_non_null_address();
case STRUCT_v4l2_queryctrl:
if(local_addr != NULL)
p84 = (struct v4l2_queryctrl *)local_addr;
else
p84 = (struct v4l2_queryctrl *)get_writable_address(sizeof(struct v4l2_queryctrl));
if(p84) {
//id is primitive
//enum v4l2_ctrl_type;
//name is an array of __u8 of 32 elements
//minimum is primitive
//maximum is primitive
//step is primitive
//default_value is primitive
//flags is primitive
//reserved is an array of __u32 of 2 elements
return p84;
}
return get_non_null_address();
case STRUCT_v4l2_querymenu:
if(local_addr != NULL)
p85 = (struct v4l2_querymenu *)local_addr;
else
p85 = (struct v4l2_querymenu *)get_writable_address(sizeof(struct v4l2_querymenu));
if(p85) {
//id is primitive
//index is primitive
//name is an array of __u8 of 32 elements
//reserved is primitive
return p85;
}
return get_non_null_address();
case STRUCT_v4l2_outputparm:
if(local_addr != NULL)
p86 = (struct v4l2_outputparm *)local_addr;
else
p86 = (struct v4l2_outputparm *)get_writable_address(sizeof(struct v4l2_outputparm));
if(p86) {
//capability is primitive
//outputmode is primitive
recursive_fuzz(STRUCT_v4l2_fract, &p86->timeperframe);
//extendedmode is primitive
//writebuffers is primitive
//reserved is an array of __u32 of 4 elements
return p86;
}
return get_non_null_address();
case STRUCT_v4l2_audioout:
if(local_addr != NULL)
p87 = (struct v4l2_audioout *)local_addr;
else
p87 = (struct v4l2_audioout *)get_writable_address(sizeof(struct v4l2_audioout));
if(p87) {
//index is primitive
//name is an array of __u8 of 32 elements
//capability is primitive
//mode is primitive
//reserved is an array of __u32 of 2 elements
return p87;
}
return get_non_null_address();
case STRUCT_v4l2_frequency:
if(local_addr != NULL)
p88 = (struct v4l2_frequency *)local_addr;
else
p88 = (struct v4l2_frequency *)get_writable_address(sizeof(struct v4l2_frequency));
if(p88) {
//tuner is primitive
//enum v4l2_tuner_type;
//frequency is primitive
//reserved is an array of __u32 of 8 elements
return p88;
}
return get_non_null_address();
case STRUCT_v4l2_cropcap:
if(local_addr != NULL)
p89 = (struct v4l2_cropcap *)local_addr;
else
p89 = (struct v4l2_cropcap *)get_writable_address(sizeof(struct v4l2_cropcap));
if(p89) {
//enum v4l2_buf_type;
recursive_fuzz(STRUCT_v4l2_rect, &p89->bounds);
recursive_fuzz(STRUCT_v4l2_rect, &p89->defrect);
recursive_fuzz(STRUCT_v4l2_fract, &p89->pixelaspect);
return p89;
}
return get_non_null_address();
case STRUCT_v4l2_crop:
if(local_addr != NULL)
p90 = (struct v4l2_crop *)local_addr;
else
p90 = (struct v4l2_crop *)get_writable_address(sizeof(struct v4l2_crop));
if(p90) {
//enum v4l2_buf_type;
recursive_fuzz(STRUCT_v4l2_rect, &p90->c);
return p90;
}
return get_non_null_address();
case STRUCT_v4l2_jpegcompression:
if(local_addr != NULL)
p91 = (struct v4l2_jpegcompression *)local_addr;
else
p91 = (struct v4l2_jpegcompression *)get_writable_address(sizeof(struct v4l2_jpegcompression));
if(p91) {
//quality is primitive
//APPn is primitive
//APP_len is primitive
//APP_data is an array of char of 60 elements
//COM_len is primitive
//COM_data is an array of char of 60 elements
//jpeg_markers is primitive
//marker is primitive
return p91;
}
return get_non_null_address();
case STRUCT_v4l2_sliced_vbi_cap:
if(local_addr != NULL)
p92 = (struct v4l2_sliced_vbi_cap *)local_addr;
else
p92 = (struct v4l2_sliced_vbi_cap *)get_writable_address(sizeof(struct v4l2_sliced_vbi_cap));
if(p92) {
//service_set is primitive
//service_lines is an array of __u16 of 2 elements
//enum v4l2_buf_type;
//reserved is an array of __u32 of 3 elements
return p92;
}
return get_non_null_address();
case STRUCT_v4l2_ext_controls:
if(local_addr != NULL)
p93 = (struct v4l2_ext_controls *)local_addr;
else
p93 = (struct v4l2_ext_controls *)get_writable_address(sizeof(struct v4l2_ext_controls));
if(p93) {
//ctrl_class is primitive
//count is primitive
//error_idx is primitive
//reserved is an array of __u32 of 2 elements
p93->controls = (void *) get_non_null_address();
return p93;
}
return get_non_null_address();
case STRUCT_v4l2_frmsize_stepwise:
if(local_addr != NULL)
p94 = (struct v4l2_frmsize_stepwise *)local_addr;
else
p94 = (struct v4l2_frmsize_stepwise *)get_writable_address(sizeof(struct v4l2_frmsize_stepwise));
if(p94) {
//min_width is primitive
//max_width is primitive
//step_width is primitive
//min_height is primitive
//max_height is primitive
//step_height is primitive
return p94;
}
return get_non_null_address();
case STRUCT_v4l2_frmsizeenum:
if(local_addr != NULL)
p95 = (struct v4l2_frmsizeenum *)local_addr;
else
p95 = (struct v4l2_frmsizeenum *)get_writable_address(sizeof(struct v4l2_frmsizeenum));
if(p95) {
//index is primitive
//pixel_format is primitive
//type is primitive
recursive_fuzz(STRUCT_v4l2_frmsize_stepwise, &p95->stepwise);
//reserved is an array of __u32 of 2 elements
return p95;
}
return get_non_null_address();
case STRUCT_v4l2_frmival_stepwise:
if(local_addr != NULL)
p96 = (struct v4l2_frmival_stepwise *)local_addr;
else
p96 = (struct v4l2_frmival_stepwise *)get_writable_address(sizeof(struct v4l2_frmival_stepwise));
if(p96) {
recursive_fuzz(STRUCT_v4l2_fract, &p96->min);
recursive_fuzz(STRUCT_v4l2_fract, &p96->max);
recursive_fuzz(STRUCT_v4l2_fract, &p96->step);
return p96;
}
return get_non_null_address();
case STRUCT_v4l2_frmivalenum:
if(local_addr != NULL)
p97 = (struct v4l2_frmivalenum *)local_addr;
else
p97 = (struct v4l2_frmivalenum *)get_writable_address(sizeof(struct v4l2_frmivalenum));
if(p97) {
//index is primitive
//pixel_format is primitive
//width is primitive
//height is primitive
//type is primitive
recursive_fuzz(STRUCT_v4l2_frmival_stepwise, &p97->stepwise);
//reserved is an array of __u32 of 2 elements
return p97;
}
return get_non_null_address();
case STRUCT_v4l2_enc_idx_entry:
if(local_addr != NULL)
p98 = (struct v4l2_enc_idx_entry *)local_addr;
else
p98 = (struct v4l2_enc_idx_entry *)get_writable_address(sizeof(struct v4l2_enc_idx_entry));
if(p98) {
//length is primitive
//flags is primitive
//reserved is an array of __u32 of 2 elements
return p98;
}
return get_non_null_address();
case STRUCT_v4l2_enc_idx:
if(local_addr != NULL)
p99 = (struct v4l2_enc_idx *)local_addr;
else
p99 = (struct v4l2_enc_idx *)get_writable_address(sizeof(struct v4l2_enc_idx));
if(p99) {
//entries is primitive
//entries_cap is primitive
//reserved is an array of __u32 of 4 elements
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[0]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[1]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[2]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[3]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[4]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[5]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[6]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[7]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[8]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[9]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[10]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[11]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[12]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[13]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[14]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[15]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[16]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[17]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[18]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[19]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[20]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[21]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[22]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[23]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[24]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[25]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[26]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[27]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[28]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[29]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[30]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[31]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[32]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[33]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[34]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[35]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[36]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[37]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[38]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[39]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[40]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[41]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[42]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[43]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[44]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[45]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[46]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[47]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[48]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[49]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[50]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[51]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[52]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[53]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[54]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[55]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[56]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[57]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[58]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[59]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[60]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[61]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[62]);
recursive_fuzz(STRUCT_v4l2_enc_idx_entry, &p99->entry[63]);
//entry is an array of v4l2_enc_idx_entry of 64 elements
return p99;
}
return get_non_null_address();
case STRUCT_v4l2_encoder_cmd:
if(local_addr != NULL)
p100 = (struct v4l2_encoder_cmd *)local_addr;
else
p100 = (struct v4l2_encoder_cmd *)get_writable_address(sizeof(struct v4l2_encoder_cmd));
if(p100) {
//cmd is primitive
//flags is primitive
//data is an array of __u32 of 8 elements
return p100;
}
return get_non_null_address();
case STRUCT_v4l2_dbg_match:
if(local_addr != NULL)
p101 = (struct v4l2_dbg_match *)local_addr;
else
p101 = (struct v4l2_dbg_match *)get_writable_address(sizeof(struct v4l2_dbg_match));
if(p101) {
//type is primitive
//addr is primitive
//name is an array of char of 32 elements
return p101;
}
return get_non_null_address();
case STRUCT_v4l2_dbg_register:
if(local_addr != NULL)
p102 = (struct v4l2_dbg_register *)local_addr;
else
p102 = (struct v4l2_dbg_register *)get_writable_address(sizeof(struct v4l2_dbg_register));
if(p102) {
recursive_fuzz(STRUCT_v4l2_dbg_match, &p102->match);
//size is primitive
return p102;
}
return get_non_null_address();
case STRUCT_v4l2_dbg_chip_ident:
if(local_addr != NULL)
p103 = (struct v4l2_dbg_chip_ident *)local_addr;
else
p103 = (struct v4l2_dbg_chip_ident *)get_writable_address(sizeof(struct v4l2_dbg_chip_ident));
if(p103) {
recursive_fuzz(STRUCT_v4l2_dbg_match, &p103->match);
//ident is primitive
//revision is primitive
return p103;
}
return get_non_null_address();
case STRUCT_v4l2_hw_freq_seek:
if(local_addr != NULL)
p104 = (struct v4l2_hw_freq_seek *)local_addr;
else
p104 = (struct v4l2_hw_freq_seek *)get_writable_address(sizeof(struct v4l2_hw_freq_seek));
if(p104) {
//tuner is primitive
//enum v4l2_tuner_type;
//seek_upward is primitive
//wrap_around is primitive
//spacing is primitive
//reserved is an array of __u32 of 7 elements
return p104;
}
return get_non_null_address();
case STRUCT_v4l2_dv_enum_preset:
if(local_addr != NULL)
p105 = (struct v4l2_dv_enum_preset *)local_addr;
else
p105 = (struct v4l2_dv_enum_preset *)get_writable_address(sizeof(struct v4l2_dv_enum_preset));
if(p105) {
//index is primitive
//preset is primitive
//name is an array of __u8 of 32 elements
//width is primitive
//height is primitive
//reserved is an array of __u32 of 4 elements
return p105;
}
return get_non_null_address();
case STRUCT_v4l2_dv_preset:
if(local_addr != NULL)
p106 = (struct v4l2_dv_preset *)local_addr;
else
p106 = (struct v4l2_dv_preset *)get_writable_address(sizeof(struct v4l2_dv_preset));
if(p106) {
//preset is primitive
//reserved is an array of __u32 of 4 elements
return p106;
}
return get_non_null_address();
case STRUCT_v4l2_dv_timings:
if(local_addr != NULL)
p107 = (struct v4l2_dv_timings *)local_addr;
else
p107 = (struct v4l2_dv_timings *)get_writable_address(sizeof(struct v4l2_dv_timings));
if(p107) {
//type is primitive
//reserved is an array of __u32 of 32 elements
return p107;
}
return get_non_null_address();
case STRUCT_v4l2_event:
if(local_addr != NULL)
p108 = (struct v4l2_event *)local_addr;
else
p108 = (struct v4l2_event *)get_writable_address(sizeof(struct v4l2_event));
if(p108) {
//type is primitive
//data is an array of __u8 of 64 elements
//pending is primitive
//sequence is primitive
recursive_fuzz(STRUCT_timespec, &p108->timestamp);
//id is primitive
//reserved is an array of __u32 of 8 elements
return p108;
}
return get_non_null_address();
case STRUCT_v4l2_event_subscription:
if(local_addr != NULL)
p109 = (struct v4l2_event_subscription *)local_addr;
else
p109 = (struct v4l2_event_subscription *)get_writable_address(sizeof(struct v4l2_event_subscription));
if(p109) {
//type is primitive
//id is primitive
//flags is primitive
//reserved is an array of __u32 of 5 elements
return p109;
}
return get_non_null_address();
case STRUCT_v4l2_create_buffers:
if(local_addr != NULL)
p110 = (struct v4l2_create_buffers *)local_addr;
else
p110 = (struct v4l2_create_buffers *)get_writable_address(sizeof(struct v4l2_create_buffers));
if(p110) {
//index is primitive
//count is primitive
//enum v4l2_memory;
recursive_fuzz(STRUCT_v4l2_format, &p110->format);
//reserved is an array of __u32 of 8 elements
return p110;
}
return get_non_null_address();
case STRUCT_v4l2_selection:
if(local_addr != NULL)
p111 = (struct v4l2_selection *)local_addr;
else
p111 = (struct v4l2_selection *)get_writable_address(sizeof(struct v4l2_selection));
if(p111) {
//type is primitive
//target is primitive
//flags is primitive
recursive_fuzz(STRUCT_v4l2_rect, &p111->r);
//reserved is an array of __u32 of 9 elements
return p111;
}
return get_non_null_address();
case STRUCT_v4l2_decoder_cmd:
if(local_addr != NULL)
p112 = (struct v4l2_decoder_cmd *)local_addr;
else
p112 = (struct v4l2_decoder_cmd *)get_writable_address(sizeof(struct v4l2_decoder_cmd));
if(p112) {
//cmd is primitive
//flags is primitive
//speed is primitive
//format is primitive
return p112;
}
return get_non_null_address();
case STRUCT_v4l2_output:
if(local_addr != NULL)
p113 = (struct v4l2_output *)local_addr;
else
p113 = (struct v4l2_output *)get_writable_address(sizeof(struct v4l2_output));
if(p113) {
//index is primitive
//name is an array of __u8 of 32 elements
//type is primitive
//audioset is primitive
//modulator is primitive
//std is primitive
//capabilities is primitive
//reserved is an array of __u32 of 3 elements
return p113;
}
return get_non_null_address();
default:
return get_non_null_address();
}
}
void fuzz_ioctl_struct_type(struct syscallrecord *rec) {
// Sanity check
if(!rec->ioctl_struct_type) {
if(rand_bool()) {
rec->a3 = rand32();
return;
}
rec->a3 = (unsigned long) get_non_null_address();
return;
}
rec->a3 = (unsigned long) recursive_fuzz(rec->ioctl_struct_type, NULL);
return;
}