mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-01-12 16:45:31 +00:00
Add kernel_loader fuzzing
Add a top level fuzz directory. Other fuzz tests will be added here in subsequent commits. For now fuzzing must be run manually. Soon there will be a way to extract the fuzz artifacts and upload them to cluster fuzz. Change-Id: Iddfb55af78af6f412927b2221f22acb882069d36 Signed-off-by: Dylan Reid <dgreid@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/850851 Reviewed-by: Zach Reizner <zachr@chromium.org>
This commit is contained in:
parent
ee2f1fe770
commit
2b2a7d4d76
3 changed files with 43 additions and 0 deletions
3
fuzz/.gitignore
vendored
Normal file
3
fuzz/.gitignore
vendored
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
target
|
||||||
|
corpus
|
||||||
|
artifacts
|
25
fuzz/Cargo.toml
Normal file
25
fuzz/Cargo.toml
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
[package]
|
||||||
|
name = "crosvm-fuzz"
|
||||||
|
version = "0.0.1"
|
||||||
|
authors = ["Automatically generated"]
|
||||||
|
publish = false
|
||||||
|
|
||||||
|
[package.metadata]
|
||||||
|
cargo-fuzz = true
|
||||||
|
|
||||||
|
[dependencies.kernel_loader]
|
||||||
|
path = "../kernel_loader"
|
||||||
|
[dependencies.libfuzzer-sys]
|
||||||
|
git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
|
||||||
|
|
||||||
|
[dependencies]
|
||||||
|
libc = "*"
|
||||||
|
sys_util = { path = "../sys_util" }
|
||||||
|
|
||||||
|
# Prevent this from interfering with workspaces
|
||||||
|
[workspace]
|
||||||
|
members = ["."]
|
||||||
|
|
||||||
|
[[bin]]
|
||||||
|
name = "fuzz_zimage"
|
||||||
|
path = "fuzzers/fuzz_zimage.rs"
|
15
fuzz/fuzzers/fuzz_zimage.rs
Normal file
15
fuzz/fuzzers/fuzz_zimage.rs
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
#![no_main]
|
||||||
|
#[macro_use] extern crate libfuzzer_sys;
|
||||||
|
extern crate kernel_loader;
|
||||||
|
extern crate libc;
|
||||||
|
extern crate sys_util;
|
||||||
|
|
||||||
|
use sys_util::{GuestAddress, GuestMemory};
|
||||||
|
|
||||||
|
use std::io::Cursor;
|
||||||
|
|
||||||
|
fuzz_target!(|data: &[u8]| { // fuzzed code goes here
|
||||||
|
let mut kimage = Cursor::new(data);
|
||||||
|
let mem = GuestMemory::new(&[(GuestAddress(0), data.len() + 0x1000)]).unwrap();
|
||||||
|
let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage);
|
||||||
|
});
|
Loading…
Reference in a new issue