mirrors/crosvm
1
0
Fork 0
mirror of https://chromium.googlesource.com/crosvm/crosvm synced 2025-02-11 12:35:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
crosvm/common/cros-fuzz/src/lib.rs
Dennis Kempin a5b7caa506 Import cros-fuzz and p9 into crosvm/common 
This CL contains a 1:1 copy of the code from the platform2 repo.
The follow-up CL will integrate them with the crosvm build.
History of these files is available at:
267497a7f7/cros-fuzz
267497a7f7/vm_tools/p9

This is a prerequisite for the externalization of crosvm.

BUG=b:191509642,b:193243281
TEST=None. This is dead code.

Change-Id: Ia25d9642f2de1febc83bcd48b4b81fcd805c7c1c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/3049670
Tested-by: Dennis Kempin <denniskempin@google.com>
Commit-Queue: Dennis Kempin <denniskempin@google.com>
Reviewed-by: Chirantan Ekbote <chirantan@chromium.org>
2021-08-03 02:25:01 +00:00

95 lines
2.9 KiB
Rust
Raw Blame History

// Copyright 2019 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//! Support crate for writing fuzzers in Chrome OS.
//!
//! The major features provided by this crate are:
//!
//! * The [`fuzz_target`] macro which wraps the body of the fuzzing code with
//! all with all the boilerplate needed to build and run it as a fuzzer on
//! Chrome OS infrastructure.
//! * The [`FuzzRng`] type that provides a random number generator using fuzzer
//! input as the source of its randomness. Fuzzers that need to generate
//! structured data can use this type in conjunction with the [`rand`] crate
//! to generate the data they need.
//!
//! # Getting Started
//!
//! To use this crate add it as a dependency to the fuzzer's `Cargo.toml` along
//! with the crate to be fuzzed:
//!
//! ```Cargo.toml
//! [dependencies]
//! cros_fuzz = "*"
//! your_crate = "*"
//! ```
//!
//! Then use the [`fuzz_target`] macro to write the body of the fuzzer. All
//! fuzzers should use the `#![no_main]` crate attribute as the main function
//! will be provided by the fuzzer runtime.
//!
//! ```rust,ignore
//! #![no_main]
//!
//! use cros_fuzz::fuzz_target;
//! use your_crate::some_function;
//!
//! fuzz_target!(|data: &[u8]| {
//! some_function(data);
//! });
//! ```
//!
//! [`FuzzRng`]: rand/struct.FuzzRng.html
//! [`fuzz_target`]: macro.fuzz_target.html
//! [`rand`]: https://docs.rs/rand
pub mod rand;
/// The main macro for writing a fuzzer. The fuzzer runtime will repeatedly
/// call the body of `fuzz_target!` with a slice of pseudo-random bytes, until
/// your program hits an error condition (segfault, panic, etc).
///
/// # Examples
///
/// ```
/// use std::str;
/// # #[macro_use] extern crate cros_fuzz;
///
/// fuzz_target!(|data: &[u8]| {
/// let _ = str::from_utf8(data);
/// });
///
/// # fn main() {
/// # let buf = b"hello, world!";
/// # llvm_fuzzer_test_one_input(buf.as_ptr(), buf.len());
/// # }
/// ```
#[macro_export]
macro_rules! fuzz_target {
(|$bytes:ident| $body:block) => {
use std::panic;
use std::process;
use std::slice;
#[export_name = "LLVMFuzzerTestOneInput"]
fn llvm_fuzzer_test_one_input(data: *const u8, size: usize) -> i32 {
// We cannot unwind past ffi boundaries.
panic::catch_unwind(|| {
// Safe because the libfuzzer runtime will guarantee that `data` is
// at least `size` bytes long and that it will be valid for the lifetime
// of this function.
let $bytes = unsafe { slice::from_raw_parts(data, size) };
$body
})
.err()
.map(|_| process::abort());
0
}
};
(|$bytes:ident: &[u8]| $body:block) => {
fuzz_target!(|$bytes| $body);
};
}
Reference in a new issue View git blame Copy permalink