1 // Copyright 2019 The ChromiumOS Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #![cfg(not(test))] 6 #![no_main] 7 8 #[cfg(any(target_os = "android", target_os = "linux"))] 9 mod fuzzer { 10 use std::convert::TryInto; 11 12 use crosvm_fuzz::fuzz_target; 13 use devices::virtio::create_descriptor_chain; 14 use devices::virtio::DescriptorType; 15 use fuse::fuzzing::fuzz_server; 16 use vm_memory::GuestAddress; 17 use vm_memory::GuestMemory; 18 19 const MEM_SIZE: u64 = 256 * 1024 * 1024; 20 const BUFFER_ADDR: GuestAddress = GuestAddress(0x100); 21 22 thread_local! { 23 static GUEST_MEM: GuestMemory = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap(); 24 } 25 26 fuzz_target!(|data| { 27 use DescriptorType::*; 28 29 GUEST_MEM.with(|mem| { 30 mem.write_all_at_addr(data, BUFFER_ADDR).unwrap(); 31 32 // We need a valid descriptor chain, but it's not part of what is being fuzzed here. 33 // So skip fuzzing if the chain is invalid. 34 if let Ok(mut chain) = create_descriptor_chain( 35 mem, 36 GuestAddress(0), 37 BUFFER_ADDR, 38 vec![ 39 (Readable, data.len().try_into().unwrap()), 40 ( 41 Writable, 42 (MEM_SIZE as u32) 43 .saturating_sub(data.len().try_into().unwrap()) 44 .saturating_sub(0x100), 45 ), 46 ], 47 0, 48 ) { 49 fuzz_server(&mut chain.reader, &mut chain.writer); 50 } 51 }); 52 }); 53 } 54 55 #[cfg(not(unix))] 56 mod fuzzer { 57 use crosvm_fuzz::fuzz_target; 58 59 fuzz_target!(|_data| {}); 60 } 61