crosvm/fuzz/zimage_fuzzer.rs

// Copyright 2019 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#![no_main]
extern crate kernel_loader;
extern crate libc;
extern crate sys_util;

use sys_util::{GuestAddress, GuestMemory};

use std::io::Cursor;
use std::panic;
use std::process;
use std::slice;

#[export_name = "LLVMFuzzerTestOneInput"]
pub fn test_one_input(data: *const u8, size: usize) -> i32 {
    // We cannot unwind past ffi boundaries.
    panic::catch_unwind(|| {
        // Safe because the libfuzzer runtime will guarantee that `data` is at least
        // `size` bytes long and that it will be valid for the lifetime of this
        // function.
        let bytes = unsafe { slice::from_raw_parts(data, size) };
        let mut kimage = Cursor::new(bytes);
        let mem = GuestMemory::new(&[(GuestAddress(0), bytes.len() as u64 + 0x1000)]).unwrap();
        let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage);
    })
    .err()
    .map(|_| process::abort());

    0
}
fuzz: update to use new cros fuzzing There is now infrastructure for running fuzzers in cros, use it. Change-Id: I53ec9e195b7062fdcc38b5186c1f3194031037f3 Signed-off-by: Dylan Reid <dgreid@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/1521667 Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Chirantan Ekbote <chirantan@chromium.org> 2019-03-13 21:21:44 +00:00			`// Copyright 2019 The Chromium OS Authors. All rights reserved.`
			`// Use of this source code is governed by a BSD-style license that can be`
			`// found in the LICENSE file.`

			`#![no_main]`
			`extern crate kernel_loader;`
			`extern crate libc;`
			`extern crate sys_util;`

			`use sys_util::{GuestAddress, GuestMemory};`

			`use std::io::Cursor;`
			`use std::panic;`
			`use std::process;`
			`use std::slice;`

			`#[export_name = "LLVMFuzzerTestOneInput"]`
			`pub fn test_one_input(data: *const u8, size: usize) -> i32 {`
			`// We cannot unwind past ffi boundaries.`
			`panic::catch_unwind(\|\| {`
			// Safe because the libfuzzer runtime will guarantee that `data` is at least
			// `size` bytes long and that it will be valid for the lifetime of this
			`// function.`
			`let bytes = unsafe { slice::from_raw_parts(data, size) };`
			`let mut kimage = Cursor::new(bytes);`
			`let mem = GuestMemory::new(&[(GuestAddress(0), bytes.len() as u64 + 0x1000)]).unwrap();`
			`let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage);`
			`})`
			`.err()`
			`.map(\|_\| process::abort());`

			`0`
			`}`