Coverage Report

Created: 2026-01-10 06:46

next uncovered line (L), next uncovered region (R), next uncovered branch (B)
/src/td-shim/td-shim-interface/fuzz/fuzz_targets/fuzzlib.rs
Line
Count
Source
1
// Copyright (c) 2022 Intel Corporation
2
//
3
// SPDX-License-Identifier: BSD-2-Clause-Patent
4
5
#![allow(unused)]
6
use core::mem::size_of;
7
use r_efi::efi::Guid;
8
use std::vec::Vec;
9
use td_shim_interface::td_uefi_pi::{fv, hob, pi};
10
11
const EFI_END_OF_HOB_LIST_OFFSET: usize = 48;
12
13
const HOB_ACPI_TABLE_GUID: [u8; 16] = [
14
    0x70, 0x58, 0x0c, 0x6a, 0xed, 0xd4, 0xf4, 0x44, 0xa1, 0x35, 0xdd, 0x23, 0x8b, 0x6f, 0xc, 0x8d,
15
];
16
17
const HOB_KERNEL_INFO_GUID: [u8; 16] = [
18
    0x12, 0xa4, 0x6f, 0xb9, 0x1f, 0x46, 0xe3, 0x4b, 0x8c, 0xd, 0xad, 0x80, 0x5a, 0x49, 0x7a, 0xc0,
19
];
20
21
/// GUID for secure boot trust anchor in the Configuration Firmware Volume (CFV).
22
const CFV_FFS_HEADER_TRUST_ANCHOR_GUID: Guid = Guid::from_fields(
23
    0x77a2742e,
24
    0x9340,
25
    0x4ac9,
26
    0x8f,
27
    0x85,
28
    &[0xb7, 0xb9, 0x78, 0x58, 0x0, 0x21],
29
); // {77A2742E-9340-4AC9-8F85-B7B978580021}
30
31
1.70k
pub fn fuzz_hob_parser(buffer: &[u8]) {
32
1.70k
    let mut test_buffer = buffer.to_vec();
33
34
    // Update ptr in buffer
35
1.70k
    let ptr = test_buffer.as_ptr() as u64;
36
1.70k
    if test_buffer.len() >= size_of::<pi::hob::HandoffInfoTable>() {
37
1.67k
        test_buffer[EFI_END_OF_HOB_LIST_OFFSET..size_of::<pi::hob::HandoffInfoTable>()]
38
1.67k
            .copy_from_slice(&u64::to_le_bytes(ptr + buffer.len() as u64)[..]);
39
1.67k
    }
40
41
1.70k
    let hob_list = hob::check_hob_integrity(&test_buffer);
42
43
1.70k
    if hob_list.is_some() {
44
478
        hob::dump_hob(hob_list.unwrap());
45
478
        hob::get_system_memory_size_below_4gb(hob_list.unwrap());
46
478
        hob::get_total_memory_top(hob_list.unwrap());
47
478
        hob::get_fv(hob_list.unwrap());
48
478
        hob::get_next_extension_guid_hob(hob_list.unwrap(), &HOB_ACPI_TABLE_GUID);
49
478
        hob::get_next_extension_guid_hob(hob_list.unwrap(), &HOB_KERNEL_INFO_GUID);
50
478
        hob::get_guid_data(hob_list.unwrap());
51
478
        hob::seek_to_next_hob(hob_list.unwrap());
52
1.22k
    }
53
1.70k
}
Unexecuted instantiation: cfv_parser::fuzzlib::fuzz_hob_parser
Unexecuted instantiation: payload_parser::fuzzlib::fuzz_hob_parser
hob_parser::fuzzlib::fuzz_hob_parser
Line
Count
Source
31
1.70k
pub fn fuzz_hob_parser(buffer: &[u8]) {
32
1.70k
    let mut test_buffer = buffer.to_vec();
33
34
    // Update ptr in buffer
35
1.70k
    let ptr = test_buffer.as_ptr() as u64;
36
1.70k
    if test_buffer.len() >= size_of::<pi::hob::HandoffInfoTable>() {
37
1.67k
        test_buffer[EFI_END_OF_HOB_LIST_OFFSET..size_of::<pi::hob::HandoffInfoTable>()]
38
1.67k
            .copy_from_slice(&u64::to_le_bytes(ptr + buffer.len() as u64)[..]);
39
1.67k
    }
40
41
1.70k
    let hob_list = hob::check_hob_integrity(&test_buffer);
42
43
1.70k
    if hob_list.is_some() {
44
478
        hob::dump_hob(hob_list.unwrap());
45
478
        hob::get_system_memory_size_below_4gb(hob_list.unwrap());
46
478
        hob::get_total_memory_top(hob_list.unwrap());
47
478
        hob::get_fv(hob_list.unwrap());
48
478
        hob::get_next_extension_guid_hob(hob_list.unwrap(), &HOB_ACPI_TABLE_GUID);
49
478
        hob::get_next_extension_guid_hob(hob_list.unwrap(), &HOB_KERNEL_INFO_GUID);
50
478
        hob::get_guid_data(hob_list.unwrap());
51
478
        hob::seek_to_next_hob(hob_list.unwrap());
52
1.22k
    }
53
1.70k
}
54
55
1.30k
pub fn fuzz_payload_parser(data: &[u8]) {
56
1.30k
    let res = fv::get_image_from_fv(data, pi::fv::FV_FILETYPE_DXE_CORE, pi::fv::SECTION_PE32);
57
1.30k
}
Unexecuted instantiation: cfv_parser::fuzzlib::fuzz_payload_parser
payload_parser::fuzzlib::fuzz_payload_parser
Line
Count
Source
55
1.30k
pub fn fuzz_payload_parser(data: &[u8]) {
56
1.30k
    let res = fv::get_image_from_fv(data, pi::fv::FV_FILETYPE_DXE_CORE, pi::fv::SECTION_PE32);
57
1.30k
}
Unexecuted instantiation: hob_parser::fuzzlib::fuzz_payload_parser
58
59
1.24k
pub fn fuzz_cfv_parser(data: &[u8]) {
60
1.24k
    let res = fv::get_file_from_fv(
61
1.24k
        data,
62
        pi::fv::FV_FILETYPE_RAW,
63
        CFV_FFS_HEADER_TRUST_ANCHOR_GUID,
64
    );
65
1.24k
}
cfv_parser::fuzzlib::fuzz_cfv_parser
Line
Count
Source
59
1.24k
pub fn fuzz_cfv_parser(data: &[u8]) {
60
1.24k
    let res = fv::get_file_from_fv(
61
1.24k
        data,
62
        pi::fv::FV_FILETYPE_RAW,
63
        CFV_FFS_HEADER_TRUST_ANCHOR_GUID,
64
    );
65
1.24k
}
Unexecuted instantiation: payload_parser::fuzzlib::fuzz_cfv_parser
Unexecuted instantiation: hob_parser::fuzzlib::fuzz_cfv_parser