fuzz: Add new fuzzer for emulated cmos device

Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2024-06-30 23:12:36 +00:00 · 2022-07-26 16:30:56 +01:00 · 2022-07-26 16:30:56 +01:00 · a330c531b0
commit a330c531b0
parent e4211272ad
2 changed files with 55 additions and 0 deletions
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@ -58,3 +58,10 @@ name = "serial"
 path = "fuzz_targets/serial.rs"
 test = false
 doc = false
+
+
+[[bin]]
+name = "cmos"
+path = "fuzz_targets/cmos.rs"
+test = false
+doc = false
--- a/fuzz/fuzz_targets/cmos.rs
+++ b/fuzz/fuzz_targets/cmos.rs
@ -0,0 +1,48 @@
+// Copyright © 2022 Intel Corporation
+//
+// SPDX-License-Identifier: Apache-2.0
+
+#![no_main]
+use devices::legacy::Cmos;
+use libc::EFD_NONBLOCK;
+use libfuzzer_sys::fuzz_target;
+use vm_device::BusDevice;
+use vmm_sys_util::eventfd::EventFd;
+
+fuzz_target!(|bytes| {
+    // Need at least 16 bytes for the test
+    if bytes.len() < 16 {
+        return;
+    }
+
+    let mut below_4g = [0u8; 8];
+    let mut above_4g = [0u8; 8];
+
+    below_4g.copy_from_slice(&bytes[0..8]);
+    above_4g.copy_from_slice(&bytes[8..16]);
+
+    let mut cmos = Cmos::new(
+        u64::from_le_bytes(below_4g),
+        u64::from_le_bytes(above_4g),
+        EventFd::new(EFD_NONBLOCK).unwrap(),
+    );
+
+    let mut i = 16;
+    while i < bytes.len() {
+        let read = bytes.get(i).unwrap_or(&0) % 2 == 0;
+        i += 1;
+
+        if read {
+            let offset = (bytes.get(i).unwrap_or(&0) % 2) as u64;
+            i += 1;
+            let mut out_bytes = vec![0];
+            cmos.read(0, offset, &mut out_bytes);
+        } else {
+            let offset = (bytes.get(i).unwrap_or(&0) % 2) as u64;
+            i += 1;
+            let data = vec![*bytes.get(i).unwrap_or(&0)];
+            i += 1;
+            cmos.write(0, offset, &data);
+        }
+    }
+});