diff options
Diffstat (limited to 'fuzz/usb_descriptor_fuzzer.rs')
-rw-r--r-- | fuzz/usb_descriptor_fuzzer.rs | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/fuzz/usb_descriptor_fuzzer.rs b/fuzz/usb_descriptor_fuzzer.rs new file mode 100644 index 0000000..d78c8c5 --- /dev/null +++ b/fuzz/usb_descriptor_fuzzer.rs @@ -0,0 +1,27 @@ +// Copyright 2019 The Chromium OS Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#![no_main] + +use std::panic; +use std::process; +use std::slice; + +use usb_util::parse_usbfs_descriptors; + +#[export_name = "LLVMFuzzerTestOneInput"] +pub fn test_one_input(data: *const u8, size: usize) -> i32 { + // We cannot unwind past ffi boundaries. + panic::catch_unwind(|| { + // Safe because the libfuzzer runtime will guarantee that `data` is at least + // `size` bytes long and that it will be valid for the lifetime of this + // function. + let bytes = unsafe { slice::from_raw_parts(data, size) }; + let _ = parse_usbfs_descriptors(bytes); + }) + .err() + .map(|_| process::abort()); + + 0 +} |