1 // Copyright 2019 The Chromium OS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #![no_main] 6 7 use sys_util::{GuestAddress, GuestMemory, SharedMemory}; 8 9 use std::fs::File; 10 use std::io::Write; 11 use std::panic; 12 use std::process; 13 use std::slice; 14 make_elf_bin(elf_bytes: &[u8]) -> File15fn make_elf_bin(elf_bytes: &[u8]) -> File { 16 let mut shm = SharedMemory::new(None).expect("failed to create shared memory"); 17 shm.set_size(elf_bytes.len() as u64) 18 .expect("failed to set shared memory size"); 19 shm.write_all(elf_bytes) 20 .expect("failed to write elf to shared memoy"); 21 shm.into() 22 } 23 24 #[export_name = "LLVMFuzzerTestOneInput"] test_one_input(data: *const u8, size: usize) -> i3225pub fn test_one_input(data: *const u8, size: usize) -> i32 { 26 // We cannot unwind past ffi boundaries. 27 panic::catch_unwind(|| { 28 // Safe because the libfuzzer runtime will guarantee that `data` is at least 29 // `size` bytes long and that it will be valid for the lifetime of this 30 // function. 31 let bytes = unsafe { slice::from_raw_parts(data, size) }; 32 let mut kimage = make_elf_bin(bytes); 33 let mem = GuestMemory::new(&[(GuestAddress(0), bytes.len() as u64 + 0x1000)]).unwrap(); 34 let _ = kernel_loader::load_kernel(&mem, GuestAddress(0), &mut kimage); 35 }) 36 .err() 37 .map(|_| process::abort()); 38 39 0 40 } 41