1 // Copyright 2019 The Chromium OS Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #![no_main] 6 7 #[cfg(fuzzing)] 8 mod fs_server_fuzzer { 9 use std::convert::TryInto; 10 11 use cros_fuzz::fuzz_target; 12 use devices::virtio::{create_descriptor_chain, DescriptorType, Reader, Writer}; 13 use fuse::fuzzing::fuzz_server; 14 use vm_memory::{GuestAddress, GuestMemory}; 15 16 const MEM_SIZE: u64 = 256 * 1024 * 1024; 17 const BUFFER_ADDR: GuestAddress = GuestAddress(0x100); 18 19 thread_local! { 20 static GUEST_MEM: GuestMemory = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap(); 21 } 22 23 fuzz_target!(|data| { 24 use DescriptorType::*; 25 26 GUEST_MEM.with(|mem| { 27 mem.write_all_at_addr(data, BUFFER_ADDR).unwrap(); 28 29 let chain = create_descriptor_chain( 30 mem, 31 GuestAddress(0), 32 BUFFER_ADDR, 33 vec![ 34 (Readable, data.len().try_into().unwrap()), 35 ( 36 Writable, 37 (MEM_SIZE as u32) 38 .saturating_sub(data.len().try_into().unwrap()) 39 .saturating_sub(0x100), 40 ), 41 ], 42 0, 43 ) 44 .unwrap(); 45 46 let r = Reader::new(mem.clone(), chain.clone()).unwrap(); 47 let w = Writer::new(mem.clone(), chain).unwrap(); 48 fuzz_server(r, w); 49 }); 50 }); 51 } 52