mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-01-27 02:28:22 +00:00
Add kernel_loader fuzzing
Add a top level fuzz directory. Other fuzz tests will be added here in subsequent commits. For now fuzzing must be run manually. Soon there will be a way to extract the fuzz artifacts and upload them to cluster fuzz. Change-Id: Iddfb55af78af6f412927b2221f22acb882069d36 Signed-off-by: Dylan Reid <dgreid@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/850851 Reviewed-by: Zach Reizner <zachr@chromium.org>
This commit is contained in:
parent
ee2f1fe770
commit
2b2a7d4d76
3 changed files with 43 additions and 0 deletions
3
fuzz/.gitignore
vendored
Normal file
3
fuzz/.gitignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
|||
target
|
||||
corpus
|
||||
artifacts
|
25
fuzz/Cargo.toml
Normal file
25
fuzz/Cargo.toml
Normal file
|
@ -0,0 +1,25 @@
|
|||
[package]
|
||||
name = "crosvm-fuzz"
|
||||
version = "0.0.1"
|
||||
authors = ["Automatically generated"]
|
||||
publish = false
|
||||
|
||||
[package.metadata]
|
||||
cargo-fuzz = true
|
||||
|
||||
[dependencies.kernel_loader]
|
||||
path = "../kernel_loader"
|
||||
[dependencies.libfuzzer-sys]
|
||||
git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
|
||||
|
||||
[dependencies]
|
||||
libc = "*"
|
||||
sys_util = { path = "../sys_util" }
|
||||
|
||||
# Prevent this from interfering with workspaces
|
||||
[workspace]
|
||||
members = ["."]
|
||||
|
||||
[[bin]]
|
||||
name = "fuzz_zimage"
|
||||
path = "fuzzers/fuzz_zimage.rs"
|
15
fuzz/fuzzers/fuzz_zimage.rs
Normal file
15
fuzz/fuzzers/fuzz_zimage.rs
Normal file
|
@ -0,0 +1,15 @@
|
|||
#![no_main]
|
||||
#[macro_use] extern crate libfuzzer_sys;
|
||||
extern crate kernel_loader;
|
||||
extern crate libc;
|
||||
extern crate sys_util;
|
||||
|
||||
use sys_util::{GuestAddress, GuestMemory};
|
||||
|
||||
use std::io::Cursor;
|
||||
|
||||
fuzz_target!(|data: &[u8]| { // fuzzed code goes here
|
||||
let mut kimage = Cursor::new(data);
|
||||
let mem = GuestMemory::new(&[(GuestAddress(0), data.len() + 0x1000)]).unwrap();
|
||||
let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage);
|
||||
});
|
Loading…
Reference in a new issue