summary refs log tree commit diff
path: root/fuzz/zimage_fuzzer.rs
diff options
context:
space:
mode:
Diffstat (limited to 'fuzz/zimage_fuzzer.rs')
-rw-r--r--fuzz/zimage_fuzzer.rs16
1 files changed, 13 insertions, 3 deletions
diff --git a/fuzz/zimage_fuzzer.rs b/fuzz/zimage_fuzzer.rs
index fdcb7db..f4aeb3f 100644
--- a/fuzz/zimage_fuzzer.rs
+++ b/fuzz/zimage_fuzzer.rs
@@ -4,13 +4,23 @@
 
 #![no_main]
 
-use sys_util::{GuestAddress, GuestMemory};
+use sys_util::{GuestAddress, GuestMemory, SharedMemory};
 
-use std::io::Cursor;
+use std::fs::File;
+use std::io::Write;
 use std::panic;
 use std::process;
 use std::slice;
 
+fn make_elf_bin(elf_bytes: &[u8]) -> File {
+    let mut shm = SharedMemory::new(None).expect("failed to create shared memory");
+    shm.set_size(elf_bytes.len() as u64)
+        .expect("failed to set shared memory size");
+    shm.write_all(elf_bytes)
+        .expect("failed to write elf to shared memoy");
+    shm.into()
+}
+
 #[export_name = "LLVMFuzzerTestOneInput"]
 pub fn test_one_input(data: *const u8, size: usize) -> i32 {
     // We cannot unwind past ffi boundaries.
@@ -19,7 +29,7 @@ pub fn test_one_input(data: *const u8, size: usize) -> i32 {
         // `size` bytes long and that it will be valid for the lifetime of this
         // function.
         let bytes = unsafe { slice::from_raw_parts(data, size) };
-        let mut kimage = Cursor::new(bytes);
+        let mut kimage = make_elf_bin(bytes);
         let mem = GuestMemory::new(&[(GuestAddress(0), bytes.len() as u64 + 0x1000)]).unwrap();
         let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage);
     })
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-16 20:57:09 +0000