|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [xen master] fuzz/x86_emulate: actually use cpu_regs input
commit 581c3e874c300695ddfa8b2a95675a42ebf97301
Author: George Dunlap <george.dunlap@xxxxxxxxxx>
AuthorDate: Mon Oct 9 16:03:53 2017 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Mon Oct 9 16:03:53 2017 +0200
fuzz/x86_emulate: actually use cpu_regs input
Commit c07574b reorganized the way fuzzing was done, explicitly
creating a structure that the input data would be copied into.
Unfortunately, the cpu register state used by the emulator is on the
stack; it's cleared, but data is never copied into it.
If we're explicitly setting an entirely new cpu_regs struct for each
new input anyway, there's no need to have two copies around anymore;
just point to the one in the data structure.
Signed-off-by: George Dunlap <george.dunlap@xxxxxxxxxx>
Reviewed-by: Wei Liu <wei.liu2@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
tools/fuzz/x86_instruction_emulator/fuzz-emul.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
index 105145e..48a879c 100644
--- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
+++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
@@ -785,13 +785,12 @@ int LLVMFuzzerInitialize(int *argc, char ***argv)
int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t size)
{
- struct cpu_user_regs regs = {};
struct fuzz_state state = {
.ops = all_fuzzer_ops,
};
struct x86_emulate_ctxt ctxt = {
.data = &state,
- .regs = ®s,
+ .regs = &input.regs,
.addr_size = 8 * sizeof(void *),
.sp_size = 8 * sizeof(void *),
};
--
generated by git-patchbot for /home/xen/git/xen.git#master
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |