diff options
Diffstat (limited to 'fuzz/zimage_fuzzer.rs')
-rw-r--r-- | fuzz/zimage_fuzzer.rs | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/fuzz/zimage_fuzzer.rs b/fuzz/zimage_fuzzer.rs new file mode 100644 index 0000000..13b67b3 --- /dev/null +++ b/fuzz/zimage_fuzzer.rs @@ -0,0 +1,33 @@ +// Copyright 2019 The Chromium OS Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#![no_main] +extern crate kernel_loader; +extern crate libc; +extern crate sys_util; + +use sys_util::{GuestAddress, GuestMemory}; + +use std::io::Cursor; +use std::panic; +use std::process; +use std::slice; + +#[export_name = "LLVMFuzzerTestOneInput"] +pub fn test_one_input(data: *const u8, size: usize) -> i32 { + // We cannot unwind past ffi boundaries. + panic::catch_unwind(|| { + // Safe because the libfuzzer runtime will guarantee that `data` is at least + // `size` bytes long and that it will be valid for the lifetime of this + // function. + let bytes = unsafe { slice::from_raw_parts(data, size) }; + let mut kimage = Cursor::new(bytes); + let mem = GuestMemory::new(&[(GuestAddress(0), bytes.len() as u64 + 0x1000)]).unwrap(); + let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage); + }) + .err() + .map(|_| process::abort()); + + 0 +} |