summary refs log tree commit diff
path: root/fuzz
diff options
context:
space:
mode:
authorDaniel Verkamp <dverkamp@chromium.org>2019-06-05 10:19:02 -0700
committerCommit Bot <commit-bot@chromium.org>2019-06-25 17:12:05 +0000
commit6b51bd334fcf384595629a69ad54950b441adb72 (patch)
tree88d83bf466b89d99f9084de1499ef6256c3d2ab6 /fuzz
parentdade4c7425d44033f6a312209cf0a5d6a69a31ca (diff)
downloadcrosvm-6b51bd334fcf384595629a69ad54950b441adb72.tar
crosvm-6b51bd334fcf384595629a69ad54950b441adb72.tar.gz
crosvm-6b51bd334fcf384595629a69ad54950b441adb72.tar.bz2
crosvm-6b51bd334fcf384595629a69ad54950b441adb72.tar.lz
crosvm-6b51bd334fcf384595629a69ad54950b441adb72.tar.xz
crosvm-6b51bd334fcf384595629a69ad54950b441adb72.tar.zst
crosvm-6b51bd334fcf384595629a69ad54950b441adb72.zip
fuzz: zimage: use a fixed guest memory size
GuestMemory::new returns an error if the requested size is not divisible
by the page size.  The zimage fuzzer was using a GuestMemory size based
on the size of the fuzzer input; however, it doesn't necessarily make
sense to limit the guest memory to the size of the input.  Pick an
arbitrary 256 MB (matching the block fuzzer), which is also a page size
multiple to resolve the original issue.

BUG=chromium:977883
TEST=/usr/libexec/fuzzers/crosvm_zimage_fuzzer in cros_fuzz shell

Change-Id: I08c6be9d920bede18d67f8a1c5c39b9d37fb839c
Signed-off-by: Daniel Verkamp <dverkamp@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/1645040
Tested-by: kokoro <noreply+kokoro@google.com>
Diffstat (limited to 'fuzz')
-rw-r--r--fuzz/zimage_fuzzer.rs8
1 files changed, 4 insertions, 4 deletions
diff --git a/fuzz/zimage_fuzzer.rs b/fuzz/zimage_fuzzer.rs
index d94a53d..b0ee523 100644
--- a/fuzz/zimage_fuzzer.rs
+++ b/fuzz/zimage_fuzzer.rs
@@ -4,7 +4,7 @@
 
 #![no_main]
 
-use sys_util::{round_up_to_page_size, GuestAddress, GuestMemory, SharedMemory};
+use sys_util::{GuestAddress, GuestMemory, SharedMemory};
 
 use std::fs::File;
 use std::io::Write;
@@ -12,6 +12,8 @@ use std::panic;
 use std::process;
 use std::slice;
 
+const MEM_SIZE: u64 = 256 * 1024 * 1024;
+
 fn make_elf_bin(elf_bytes: &[u8]) -> File {
     let mut shm = SharedMemory::new(None).expect("failed to create shared memory");
     shm.set_size(elf_bytes.len() as u64)
@@ -30,9 +32,7 @@ pub fn test_one_input(data: *const u8, size: usize) -> i32 {
         // function.
         let bytes = unsafe { slice::from_raw_parts(data, size) };
         let mut kimage = make_elf_bin(bytes);
-        // `GuestMemory` only accepts page aligned segments.
-        let len = round_up_to_page_size(bytes.len()) as u64;
-        let mem = GuestMemory::new(&[(GuestAddress(0), len)]).unwrap();
+        let mem = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap();
         let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage);
     })
     .err()
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-23 21:50:34 +0000