cloud-hypervisor/fuzz
Bo Chen ef603fde4c fuzz: Reduce the guest memory size for balloon fuzzer
As the virt queues are initialized with random bytes from the fuzzing
engine, a descriptor buffer for the available ring can have a very large
length (e.g. up to 4GB). This means there can be up to 1 billion
entries (e.g. page frame number) for virtio-balloon to process a signal
available descriptor (given each entry is 4 bytes). This is the reason
why oss-fuzz reported a hanging issue for this fuzzer, where the
generated descriptor buffer length is 4,278,321,152.

We can avoid this kind of long execution by reducing the size of guest
memory. For example, with 1MB of guest memory, the number of descriptor
entries for processing is limited ~256K.

Signed-off-by: Bo Chen <chen.bo@intel.com>
2022-09-23 08:28:07 +01:00
..
fuzz_targets fuzz: Reduce the guest memory size for balloon fuzzer 2022-09-23 08:28:07 +01:00
.gitignore fuzz: Add fuzzing infrastructure and QCOW fuzzer 2020-07-17 08:49:35 +02:00
Cargo.lock build: Bump serde from 1.0.144 to 1.0.145 in /fuzz 2022-09-22 23:38:42 +00:00
Cargo.toml build: Bump once_cell from 1.14.0 to 1.15.0 in /fuzz 2022-09-20 23:42:38 +00:00