diff options
Diffstat (limited to 'fuzz/zimage_fuzzer.rs')
-rw-r--r-- | fuzz/zimage_fuzzer.rs | 26 |
1 files changed, 6 insertions, 20 deletions
diff --git a/fuzz/zimage_fuzzer.rs b/fuzz/zimage_fuzzer.rs index 0cc41cf..971e750 100644 --- a/fuzz/zimage_fuzzer.rs +++ b/fuzz/zimage_fuzzer.rs @@ -4,13 +4,11 @@ #![no_main] +use cros_fuzz::fuzz_target; use sys_util::{GuestAddress, GuestMemory, SharedMemory}; use std::fs::File; use std::io::Write; -use std::panic; -use std::process; -use std::slice; const MEM_SIZE: u64 = 256 * 1024 * 1024; @@ -23,20 +21,8 @@ fn make_elf_bin(elf_bytes: &[u8]) -> File { shm.into() } -#[export_name = "LLVMFuzzerTestOneInput"] -pub fn test_one_input(data: *const u8, size: usize) -> i32 { - // We cannot unwind past ffi boundaries. - panic::catch_unwind(|| { - // Safe because the libfuzzer runtime will guarantee that `data` is at least - // `size` bytes long and that it will be valid for the lifetime of this - // function. - let bytes = unsafe { slice::from_raw_parts(data, size) }; - let mut kimage = make_elf_bin(bytes); - let mem = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap(); - let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage); - }) - .err() - .map(|_| process::abort()); - - 0 -} +fuzz_target!(|bytes| { + let mut kimage = make_elf_bin(bytes); + let mem = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap(); + let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage); +}); |