1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
// Copyright 2019 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#![no_main]
use std::convert::TryInto;
use cros_fuzz::fuzz_target;
use devices::virtio::fs::fuzzing::fuzz_server;
use devices::virtio::{create_descriptor_chain, DescriptorType, Reader, Writer};
use sys_util::{GuestAddress, GuestMemory};
const MEM_SIZE: u64 = 256 * 1024 * 1024;
const BUFFER_ADDR: GuestAddress = GuestAddress(0x100);
thread_local! {
static GUEST_MEM: GuestMemory = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap();
}
fuzz_target!(|data| {
use DescriptorType::*;
GUEST_MEM.with(|mem| {
mem.write_all_at_addr(data, BUFFER_ADDR).unwrap();
let chain = create_descriptor_chain(
mem,
GuestAddress(0),
BUFFER_ADDR,
vec![
(Readable, data.len().try_into().unwrap()),
(
Writable,
(MEM_SIZE as u32)
.saturating_sub(data.len().try_into().unwrap())
.saturating_sub(0x100),
),
],
0,
)
.unwrap();
let r = Reader::new(mem, chain.clone()).unwrap();
let w = Writer::new(mem, chain).unwrap();
fuzz_server(r, w);
});
});
|