/src/crosvm/fuzz/fuzz_targets/fs_server_fuzzer.rs

Source
// Copyright 2019 The ChromiumOS Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#![cfg(not(test))]
#![no_main]

#[cfg(any(target_os = "android", target_os = "linux"))]
mod fuzzer {
    use std::convert::TryInto;

    use crosvm_fuzz::fuzz_target;
    use devices::virtio::create_descriptor_chain;
    use devices::virtio::DescriptorType;
    use fuse::fuzzing::fuzz_server;
    use vm_memory::GuestAddress;
    use vm_memory::GuestMemory;

    const MEM_SIZE: u64 = 256 * 1024 * 1024;
    const BUFFER_ADDR: GuestAddress = GuestAddress(0x100);

    thread_local! {
        static GUEST_MEM: GuestMemory = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap();
    }

    fuzz_target!(|data| {
        use DescriptorType::*;

        GUEST_MEM.with(|mem| {
            mem.write_all_at_addr(data, BUFFER_ADDR).unwrap();

            // We need a valid descriptor chain, but it's not part of what is being fuzzed here.
            // So skip fuzzing if the chain is invalid.
            if let Ok(mut chain) = create_descriptor_chain(
                mem,
                GuestAddress(0),
                BUFFER_ADDR,
                vec![
                    (Readable, data.len().try_into().unwrap()),
                    (
                        Writable,
                        (MEM_SIZE as u32)
                            .saturating_sub(data.len().try_into().unwrap())
                            .saturating_sub(0x100),
                    ),
                ],
                0,
            ) {
                fuzz_server(&mut chain.reader, &mut chain.writer);
            }
        });
    });
}

#[cfg(not(unix))]
mod fuzzer {
    use crosvm_fuzz::fuzz_target;

    fuzz_target!(|_data| {});
}

Line	Count	Source
1		// Copyright 2019 The ChromiumOS Authors
2		// Use of this source code is governed by a BSD-style license that can be
3		// found in the LICENSE file.
4
5		#![cfg(not(test))]
6		#![no_main]
7
8		#[cfg(any(target_os = "android", target_os = "linux"))]
9		mod fuzzer {
10		use std::convert::TryInto;
11
12		use crosvm_fuzz::fuzz_target;
13		use devices::virtio::create_descriptor_chain;
14		use devices::virtio::DescriptorType;
15		use fuse::fuzzing::fuzz_server;
16		use vm_memory::GuestAddress;
17		use vm_memory::GuestMemory;
18
19		const MEM_SIZE: u64 = 256 * 1024 * 1024;
20		const BUFFER_ADDR: GuestAddress = GuestAddress(0x100);
21
22		thread_local! {
23		static GUEST_MEM: GuestMemory = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap();
24		}
25
26		fuzz_target!(\|data\| {
27		use DescriptorType::*;
28
29	2.44k	GUEST_MEM.with(\|mem\| {
30	2.44k	mem.write_all_at_addr(data, BUFFER_ADDR).unwrap();
31
32		// We need a valid descriptor chain, but it's not part of what is being fuzzed here.
33		// So skip fuzzing if the chain is invalid.
34	2.44k	if let Ok(mut chain) = create_descriptor_chain(
35	2.44k	mem,
36	2.44k	GuestAddress(0),
37	2.44k	BUFFER_ADDR,
38	2.44k	vec![
39	2.44k	(Readable, data.len().try_into().unwrap()),
40	2.44k	(
41	2.44k	Writable,
42	2.44k	(MEM_SIZE as u32)
43	2.44k	.saturating_sub(data.len().try_into().unwrap())
44	2.44k	.saturating_sub(0x100),
45	2.44k	),
46	2.44k	],
47	2.44k	0,
48	2.44k	) {
49	2.44k	fuzz_server(&mut chain.reader, &mut chain.writer);
50	2.44k	}
51	2.44k	});
52		});
53		}
54
55		#[cfg(not(unix))]
56		mod fuzzer {
57		use crosvm_fuzz::fuzz_target;
58
59		fuzz_target!(\|_data\| {});
60		}

Coverage Report

Created: 2025-11-16 06:34