mirror of
https://chromium.googlesource.com/crosvm/crosvm
synced 2025-02-06 02:25:23 +00:00
cfb7db44eb
The new USB descriptor parsing code is a nice candidate for a fuzzer, since it takes an arbitrary stream of bytes as input and parses it. BUG=chromium:987833 TEST=`USE='asan fuzzer' emerge-nami crosvm` Cq-Depend: chromium:1863465 Change-Id: I3bbdbf081e9a9dd590c781467f8bd44fa1dcab64 Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1862117 Reviewed-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com>
27 lines
809 B
Rust
27 lines
809 B
Rust
// Copyright 2019 The Chromium OS Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#![no_main]
|
|
|
|
use std::panic;
|
|
use std::process;
|
|
use std::slice;
|
|
|
|
use usb_util::parse_usbfs_descriptors;
|
|
|
|
#[export_name = "LLVMFuzzerTestOneInput"]
|
|
pub fn test_one_input(data: *const u8, size: usize) -> i32 {
|
|
// We cannot unwind past ffi boundaries.
|
|
panic::catch_unwind(|| {
|
|
// Safe because the libfuzzer runtime will guarantee that `data` is at least
|
|
// `size` bytes long and that it will be valid for the lifetime of this
|
|
// function.
|
|
let bytes = unsafe { slice::from_raw_parts(data, size) };
|
|
let _ = parse_usbfs_descriptors(bytes);
|
|
})
|
|
.err()
|
|
.map(|_| process::abort());
|
|
|
|
0
|
|
}
|