blob: 0cc41cf7fe38b056e5e5b8597aa802d5334624ef (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
// Copyright 2019 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#![no_main]
use sys_util::{GuestAddress, GuestMemory, SharedMemory};
use std::fs::File;
use std::io::Write;
use std::panic;
use std::process;
use std::slice;
const MEM_SIZE: u64 = 256 * 1024 * 1024;
fn make_elf_bin(elf_bytes: &[u8]) -> File {
let mut shm = SharedMemory::anon().expect("failed to create shared memory");
shm.set_size(elf_bytes.len() as u64)
.expect("failed to set shared memory size");
shm.write_all(elf_bytes)
.expect("failed to write elf to shared memoy");
shm.into()
}
#[export_name = "LLVMFuzzerTestOneInput"]
pub fn test_one_input(data: *const u8, size: usize) -> i32 {
// We cannot unwind past ffi boundaries.
panic::catch_unwind(|| {
// Safe because the libfuzzer runtime will guarantee that `data` is at least
// `size` bytes long and that it will be valid for the lifetime of this
// function.
let bytes = unsafe { slice::from_raw_parts(data, size) };
let mut kimage = make_elf_bin(bytes);
let mem = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap();
let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage);
})
.err()
.map(|_| process::abort());
0
}
|