diff options
author | Daniel Verkamp <dverkamp@chromium.org> | 2019-06-05 09:52:13 -0700 |
---|---|---|
committer | Manoj Gupta <manojgupta@chromium.org> | 2019-06-06 16:38:24 +0000 |
commit | 0e94e3c1ea3e08370391b7c2ebe82cfe865cdaf7 (patch) | |
tree | 5ae0f32ec948658bf2d3d0e3a6e788ce0984ac09 /fuzz | |
parent | 3bebfa29dc4185b2f3d2752ac16b0f6639548a4a (diff) | |
download | crosvm-0e94e3c1ea3e08370391b7c2ebe82cfe865cdaf7.tar crosvm-0e94e3c1ea3e08370391b7c2ebe82cfe865cdaf7.tar.gz crosvm-0e94e3c1ea3e08370391b7c2ebe82cfe865cdaf7.tar.bz2 crosvm-0e94e3c1ea3e08370391b7c2ebe82cfe865cdaf7.tar.lz crosvm-0e94e3c1ea3e08370391b7c2ebe82cfe865cdaf7.tar.xz crosvm-0e94e3c1ea3e08370391b7c2ebe82cfe865cdaf7.tar.zst crosvm-0e94e3c1ea3e08370391b7c2ebe82cfe865cdaf7.zip |
fuzz: adapt zimage fuzzer to new kernel loader API
After CL:1636685, the kernel_loader API is different - we need to pass a File instead of just a slice to load_kernel(). Borrow and adapt the make_elf_bin() function from the kernel_loader tests to create a shared memory file from a slice of bytes to fix the fuzzer. BUG=chromium:970981 TEST=USE='asan fuzzer' emerge-nami crosvm Change-Id: Ic17f6479fb355d45063ce6292552cb1e5664831a Signed-off-by: Daniel Verkamp <dverkamp@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1645039 Reviewed-by: Zach Reizner <zachr@chromium.org> Tested-by: kokoro <noreply+kokoro@google.com>
Diffstat (limited to 'fuzz')
-rw-r--r-- | fuzz/zimage_fuzzer.rs | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/fuzz/zimage_fuzzer.rs b/fuzz/zimage_fuzzer.rs index fdcb7db..f4aeb3f 100644 --- a/fuzz/zimage_fuzzer.rs +++ b/fuzz/zimage_fuzzer.rs @@ -4,13 +4,23 @@ #![no_main] -use sys_util::{GuestAddress, GuestMemory}; +use sys_util::{GuestAddress, GuestMemory, SharedMemory}; -use std::io::Cursor; +use std::fs::File; +use std::io::Write; use std::panic; use std::process; use std::slice; +fn make_elf_bin(elf_bytes: &[u8]) -> File { + let mut shm = SharedMemory::new(None).expect("failed to create shared memory"); + shm.set_size(elf_bytes.len() as u64) + .expect("failed to set shared memory size"); + shm.write_all(elf_bytes) + .expect("failed to write elf to shared memoy"); + shm.into() +} + #[export_name = "LLVMFuzzerTestOneInput"] pub fn test_one_input(data: *const u8, size: usize) -> i32 { // We cannot unwind past ffi boundaries. @@ -19,7 +29,7 @@ pub fn test_one_input(data: *const u8, size: usize) -> i32 { // `size` bytes long and that it will be valid for the lifetime of this // function. let bytes = unsafe { slice::from_raw_parts(data, size) }; - let mut kimage = Cursor::new(bytes); + let mut kimage = make_elf_bin(bytes); let mem = GuestMemory::new(&[(GuestAddress(0), bytes.len() as u64 + 0x1000)]).unwrap(); let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage); }) |