diff --git a/fuzz/fuzz_targets/vhdx.rs b/fuzz/fuzz_targets/vhdx.rs index 4f2e0f234..812cf8411 100644 --- a/fuzz/fuzz_targets/vhdx.rs +++ b/fuzz/fuzz_targets/vhdx.rs @@ -9,38 +9,47 @@ use std::io::{self, Read, Seek, SeekFrom, Write}; use std::os::unix::io::{FromRawFd, RawFd}; use block::vhdx::Vhdx; -use libfuzzer_sys::fuzz_target; +use libfuzzer_sys::{fuzz_target, Corpus}; // Populate the corpus directory with a test file: // truncate -s 16M /tmp/source // qemu-img convert -O vhdx /tmp/source fuzz/corpus/vhdx/test.vhdx // Run with: // cargo fuzz run vhdx -j 32 -- -max_len=16777216 -fuzz_target!(|bytes| { +fuzz_target!(|bytes: &[u8]| -> Corpus { let shm = memfd_create(&ffi::CString::new("fuzz").unwrap(), 0).unwrap(); let mut disk_file: File = unsafe { File::from_raw_fd(shm) }; disk_file.write_all(&bytes[..]).unwrap(); disk_file.seek(SeekFrom::Start(0)).unwrap(); - if let Ok(mut vhdx) = Vhdx::new(disk_file) { - if vhdx.seek(SeekFrom::Start(0)).is_ok() { - let mut offset = 0; - while offset < bytes.len() { - let mut data = vec![0; 8192]; - vhdx.read_exact(&mut data).ok(); - offset += data.len(); - } - } + let mut vhdx = match Vhdx::new(disk_file) { + Ok(vhdx) => vhdx, + Err(_) => return Corpus::Reject, + }; - if vhdx.seek(SeekFrom::Start(0)).is_ok() { - let mut offset = 0; - while offset < bytes.len() { - let data = vec![0; 8192]; - vhdx.write_all(&data).ok(); - offset += data.len(); - } - } + if matches!(vhdx.seek(SeekFrom::Start(0)).is_err(), true) { + return Corpus::Reject; + }; + + let mut offset = 0; + while offset < bytes.len() { + let mut data = vec![0; 8192]; + vhdx.read_exact(&mut data).ok(); + offset += data.len(); } + + if matches!(vhdx.seek(SeekFrom::Start(0)).is_err(), true) { + return Corpus::Reject; + }; + + offset = 0; + while offset < bytes.len() { + let data = vec![0; 8192]; + vhdx.write_all(&data).ok(); + offset += data.len(); + } + + Corpus::Keep }); fn memfd_create(name: &ffi::CStr, flags: u32) -> Result {