summary refs log tree commit diff
path: root/fuzz/zimage_fuzzer.rs
diff options
context:
space:
mode:
Diffstat (limited to 'fuzz/zimage_fuzzer.rs')
-rw-r--r--fuzz/zimage_fuzzer.rs26
1 files changed, 6 insertions, 20 deletions
diff --git a/fuzz/zimage_fuzzer.rs b/fuzz/zimage_fuzzer.rs
index 0cc41cf..971e750 100644
--- a/fuzz/zimage_fuzzer.rs
+++ b/fuzz/zimage_fuzzer.rs
@@ -4,13 +4,11 @@
 
 #![no_main]
 
+use cros_fuzz::fuzz_target;
 use sys_util::{GuestAddress, GuestMemory, SharedMemory};
 
 use std::fs::File;
 use std::io::Write;
-use std::panic;
-use std::process;
-use std::slice;
 
 const MEM_SIZE: u64 = 256 * 1024 * 1024;
 
@@ -23,20 +21,8 @@ fn make_elf_bin(elf_bytes: &[u8]) -> File {
     shm.into()
 }
 
-#[export_name = "LLVMFuzzerTestOneInput"]
-pub fn test_one_input(data: *const u8, size: usize) -> i32 {
-    // We cannot unwind past ffi boundaries.
-    panic::catch_unwind(|| {
-        // Safe because the libfuzzer runtime will guarantee that `data` is at least
-        // `size` bytes long and that it will be valid for the lifetime of this
-        // function.
-        let bytes = unsafe { slice::from_raw_parts(data, size) };
-        let mut kimage = make_elf_bin(bytes);
-        let mem = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap();
-        let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage);
-    })
-    .err()
-    .map(|_| process::abort());
-
-    0
-}
+fuzz_target!(|bytes| {
+    let mut kimage = make_elf_bin(bytes);
+    let mem = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap();
+    let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage);
+});
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-16 12:02:31 +0000