mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2025-01-04 20:05:20 +00:00
6fd5b0f696
When the main fuzzer function returns (), it is equivalent to returning Corpus::Keep. In some of the return paths, we want to reject the input so that the libfuzzer won't spend more time mutating them. The should make fuzzing more efficient. No functional change intended. Signed-off-by: Wei Liu <liuwe@microsoft.com>
40 lines
1.2 KiB
Rust
40 lines
1.2 KiB
Rust
// Copyright 2018 The Chromium OS Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
//
|
|
// Copyright © 2022 Intel Corporation
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0 AND BSD-3-Clause
|
|
|
|
#![no_main]
|
|
|
|
use libfuzzer_sys::{fuzz_target, Corpus};
|
|
use vm_memory::bitmap::AtomicBitmap;
|
|
use vm_memory::GuestAddress;
|
|
|
|
type GuestMemoryMmap = vm_memory::GuestMemoryMmap<AtomicBitmap>;
|
|
|
|
const MEM_SIZE: usize = 256 * 1024 * 1024;
|
|
// From 'arch::x86_64::layout::CMDLINE_START'
|
|
const CMDLINE_START: GuestAddress = GuestAddress(0x20000);
|
|
|
|
fuzz_target!(|bytes: &[u8]| -> Corpus {
|
|
let payload_config = vmm::vm_config::PayloadConfig {
|
|
firmware: None,
|
|
kernel: None,
|
|
cmdline: Some(String::from_utf8_lossy(&bytes).to_string()),
|
|
initramfs: None,
|
|
#[cfg(feature = "igvm")]
|
|
igvm: None,
|
|
};
|
|
let kernel_cmdline = match vmm::vm::Vm::generate_cmdline(&payload_config) {
|
|
Ok(cmdline) => cmdline,
|
|
_ => return Corpus::Reject,
|
|
};
|
|
let guest_memory = GuestMemoryMmap::from_ranges(&[(GuestAddress(0), MEM_SIZE)]).unwrap();
|
|
|
|
linux_loader::loader::load_cmdline(&guest_memory, CMDLINE_START, &kernel_cmdline).ok();
|
|
|
|
Corpus::Keep
|
|
});
|