/src/crosvm/fuzz/fuzz_targets/qcow_fuzzer.rs
Line | Count | Source |
1 | | // Copyright 2019 The ChromiumOS Authors |
2 | | // Use of this source code is governed by a BSD-style license that can be |
3 | | // found in the LICENSE file. |
4 | | |
5 | | #![cfg(not(test))] |
6 | | #![no_main] |
7 | | |
8 | | use std::io::Cursor; |
9 | | use std::io::Read; |
10 | | use std::io::Seek; |
11 | | use std::io::SeekFrom; |
12 | | use std::io::Write; |
13 | | use std::mem::size_of; |
14 | | |
15 | | use base::FileReadWriteAtVolatile; |
16 | | use base::VolatileSlice; |
17 | | use crosvm_fuzz::fuzz_target; |
18 | | use disk::QcowFile; |
19 | | |
20 | | // Take the first 64 bits of data as an address and the next 64 bits as data to |
21 | | // store there. The rest of the data is used as a qcow image. |
22 | | fuzz_target!(|bytes| { |
23 | | if bytes.len() < 16 { |
24 | | // Need an address and data, each are 8 bytes. |
25 | | return; |
26 | | } |
27 | | let mut disk_image = Cursor::new(bytes); |
28 | | let addr = read_u64(&mut disk_image); |
29 | | let value = read_u64(&mut disk_image); |
30 | | let mut disk_file = tempfile::tempfile().unwrap(); |
31 | | disk_file.write_all(&bytes[16..]).unwrap(); |
32 | | disk_file.seek(SeekFrom::Start(0)).unwrap(); |
33 | | if let Ok(qcow) = QcowFile::from( |
34 | | disk_file, |
35 | | disk::DiskFileParams { |
36 | | path: "/foo".into(), |
37 | | is_read_only: false, |
38 | | is_sparse_file: false, |
39 | | is_overlapped: false, |
40 | | is_direct: false, |
41 | | lock: true, |
42 | | depth: 0, |
43 | | }, |
44 | | ) { |
45 | | let mut mem = value.to_le_bytes().to_owned(); |
46 | | let vslice = VolatileSlice::new(&mut mem); |
47 | | let _ = qcow.write_all_at_volatile(vslice, addr); |
48 | | } |
49 | | }); |
50 | | |
51 | 4.87k | fn read_u64<T: Read>(readable: &mut T) -> u64 { |
52 | 4.87k | let mut buf = [0u8; size_of::<u64>()]; |
53 | 4.87k | readable.read_exact(&mut buf[..]).unwrap(); |
54 | 4.87k | u64::from_le_bytes(buf) |
55 | 4.87k | } |