mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2025-01-08 13:55:19 +00:00
6fd5b0f696
When the main fuzzer function returns (), it is equivalent to returning Corpus::Keep. In some of the return paths, we want to reject the input so that the libfuzzer won't spend more time mutating them. The should make fuzzing more efficient. No functional change intended. Signed-off-by: Wei Liu <liuwe@microsoft.com>
52 lines
1.3 KiB
Rust
52 lines
1.3 KiB
Rust
// Copyright © 2022 Intel Corporation
|
|
//
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
#![no_main]
|
|
use devices::legacy::Cmos;
|
|
use libc::EFD_NONBLOCK;
|
|
use libfuzzer_sys::{fuzz_target, Corpus};
|
|
use vm_device::BusDevice;
|
|
use vmm_sys_util::eventfd::EventFd;
|
|
|
|
fuzz_target!(|bytes: &[u8]| -> Corpus {
|
|
// Need at least 16 bytes for the test
|
|
if bytes.len() < 16 {
|
|
return Corpus::Reject;
|
|
}
|
|
|
|
let mut below_4g = [0u8; 8];
|
|
let mut above_4g = [0u8; 8];
|
|
|
|
below_4g.copy_from_slice(&bytes[0..8]);
|
|
above_4g.copy_from_slice(&bytes[8..16]);
|
|
|
|
let mut cmos = Cmos::new(
|
|
u64::from_le_bytes(below_4g),
|
|
u64::from_le_bytes(above_4g),
|
|
EventFd::new(EFD_NONBLOCK).unwrap(),
|
|
None,
|
|
);
|
|
|
|
let mut i = 16;
|
|
while i < bytes.len() {
|
|
let read = bytes.get(i).unwrap_or(&0) % 2 == 0;
|
|
i += 1;
|
|
|
|
if read {
|
|
let offset = (bytes.get(i).unwrap_or(&0) % 2) as u64;
|
|
i += 1;
|
|
let mut out_bytes = vec![0];
|
|
cmos.read(0, offset, &mut out_bytes);
|
|
} else {
|
|
let offset = (bytes.get(i).unwrap_or(&0) % 2) as u64;
|
|
i += 1;
|
|
let data = vec![*bytes.get(i).unwrap_or(&0)];
|
|
i += 1;
|
|
cmos.write(0, offset, &data);
|
|
}
|
|
}
|
|
|
|
Corpus::Keep
|
|
});
|