External/cloud-hypervisor
1
0
Fork 0
mirror of https://github.com/cloud-hypervisor/cloud-hypervisor.git synced 2024-07-16 14:17:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
2ba6a9bfcf
cloud-hypervisor/fuzz/fuzz_targets
History
Bo Chen ef603fde4c fuzz: Reduce the guest memory size for balloon fuzzer 
As the virt queues are initialized with random bytes from the fuzzing
engine, a descriptor buffer for the available ring can have a very large
length (e.g. up to 4GB). This means there can be up to 1 billion
entries (e.g. page frame number) for virtio-balloon to process a signal
available descriptor (given each entry is 4 bytes). This is the reason
why oss-fuzz reported a hanging issue for this fuzzer, where the
generated descriptor buffer length is 4,278,321,152.

We can avoid this kind of long execution by reducing the size of guest
memory. For example, with 1MB of guest memory, the number of descriptor
entries for processing is limited ~256K.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-09-23 08:28:07 +01:00
..
balloon.rs fuzz: Reduce the guest memory size for balloon fuzzer 2022-09-23 08:28:07 +01:00
block.rs fuzz: Don't overload meaning of reset() 2022-09-22 11:01:41 -07:00
cmos.rs fuzz: Add new fuzzer for emulated cmos device 2022-07-27 18:12:56 +01:00
http_api.rs vmm: api: Use 'BTreeMap' for 'HttpRoutes' 2022-08-03 10:18:24 +01:00
pmem.rs fuzz: Don't overload meaning of reset() 2022-09-22 11:01:41 -07:00
qcow.rs fuzz: qcow: Remove unnecessary "use libc" 2020-07-20 20:22:47 +02:00
rng.rs fuzz: Don't overload meaning of reset() 2022-09-22 11:01:41 -07:00
serial.rs fuzz: Add new fuzzer for emulated serial device 2022-07-27 18:12:56 +01:00
vhdx.rs fuzz: fuzz testing for VHDx block device is added 2021-08-19 11:43:19 +02:00
watchdog.rs fuzz: Don't overload meaning of reset() 2022-09-22 11:01:41 -07:00