External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2025-02-08 04:31:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

fuzz: explicitly keep or reject input for vhdx fuzzer

Browse Source 
Signed-off-by: Wei Liu <liuwe@microsoft.com>
This commit is contained in:
Wei Liu 2025-01-06 02:02:24 +00:00 committed by Wei Liu
parent bc4a1fd16c
commit a2df4d7660
1 changed files with 28 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
fuzz/fuzz_targets/vhdx.rs
View File

@ -9,38 +9,47 @@ use std::io::{self, Read, Seek, SeekFrom, Write};
use std::os::unix::io::{FromRawFd, RawFd}; use std::os::unix::io::{FromRawFd, RawFd};
use block::vhdx::Vhdx; use block::vhdx::Vhdx;
use libfuzzer_sys::fuzz_target; use libfuzzer_sys::{fuzz_target, Corpus};
// Populate the corpus directory with a test file: // Populate the corpus directory with a test file:
// truncate -s 16M /tmp/source // truncate -s 16M /tmp/source
// qemu-img convert -O vhdx /tmp/source fuzz/corpus/vhdx/test.vhdx // qemu-img convert -O vhdx /tmp/source fuzz/corpus/vhdx/test.vhdx
// Run with: // Run with:
// cargo fuzz run vhdx -j 32 -- -max_len=16777216 // cargo fuzz run vhdx -j 32 -- -max_len=16777216
fuzz_target!(|bytes| { fuzz_target!(|bytes: &[u8]| -> Corpus {
let shm = memfd_create(&ffi::CString::new("fuzz").unwrap(), 0).unwrap(); let shm = memfd_create(&ffi::CString::new("fuzz").unwrap(), 0).unwrap();
let mut disk_file: File = unsafe { File::from_raw_fd(shm) }; let mut disk_file: File = unsafe { File::from_raw_fd(shm) };
disk_file.write_all(&bytes[..]).unwrap(); disk_file.write_all(&bytes[..]).unwrap();
disk_file.seek(SeekFrom::Start(0)).unwrap(); disk_file.seek(SeekFrom::Start(0)).unwrap();
if let Ok(mut vhdx) = Vhdx::new(disk_file) { let mut vhdx = match Vhdx::new(disk_file) {
if vhdx.seek(SeekFrom::Start(0)).is_ok() { Ok(vhdx) => vhdx,
Err(_) => return Corpus::Reject,
};
if matches!(vhdx.seek(SeekFrom::Start(0)).is_err(), true) {
return Corpus::Reject;
};
let mut offset = 0; let mut offset = 0;
while offset < bytes.len() { while offset < bytes.len() {
let mut data = vec![0; 8192]; let mut data = vec![0; 8192];
vhdx.read_exact(&mut data).ok(); vhdx.read_exact(&mut data).ok();
offset += data.len(); offset += data.len();
} }
}
if vhdx.seek(SeekFrom::Start(0)).is_ok() { if matches!(vhdx.seek(SeekFrom::Start(0)).is_err(), true) {
let mut offset = 0; return Corpus::Reject;
};
offset = 0;
while offset < bytes.len() { while offset < bytes.len() {
let data = vec![0; 8192]; let data = vec![0; 8192];
vhdx.write_all(&data).ok(); vhdx.write_all(&data).ok();
offset += data.len(); offset += data.len();
} }
}
} Corpus::Keep
}); });
fn memfd_create(name: &ffi::CStr, flags: u32) -> Result<RawFd, io::Error> { fn memfd_create(name: &ffi::CStr, flags: u32) -> Result<RawFd, io::Error> {