|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH v2 2/4] tools/fuzz: add AFL stub program for x86 insn emulator fuzzer
This is a basic program to call into the unified fuzzing function.
Hook it up into build system so that we can always build test it.
Signed-off-by: Wei Liu <wei.liu2@xxxxxxxxxx>
---
Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Cc: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
Cc: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>
Cc: Jan Beulich <jbeulich@xxxxxxxx>
---
.gitignore | 1 +
tools/fuzz/x86_instruction_emulator/Makefile | 9 +++-
.../afl-x86-insn-emulator-fuzzer.c | 57 ++++++++++++++++++++++
3 files changed, 65 insertions(+), 2 deletions(-)
create mode 100644
tools/fuzz/x86_instruction_emulator/afl-x86-insn-emulator-fuzzer.c
diff --git a/.gitignore b/.gitignore
index 01ad29e66b..b50f7ea5d3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -147,6 +147,7 @@ tools/flask/utils/flask-setenforce
tools/flask/utils/flask-set-bool
tools/flask/utils/flask-label-pci
tools/fuzz/x86_instruction_emulator/x86_emulate*
+tools/fuzz/x86_instruction_emulator/afl-x86-insn-emulator-fuzzer
tools/helpers/_paths.h
tools/helpers/init-xenstore-domain
tools/helpers/xen-init-dom0
diff --git a/tools/fuzz/x86_instruction_emulator/Makefile
b/tools/fuzz/x86_instruction_emulator/Makefile
index 6aef3a703f..f2bb12e871 100644
--- a/tools/fuzz/x86_instruction_emulator/Makefile
+++ b/tools/fuzz/x86_instruction_emulator/Makefile
@@ -3,7 +3,7 @@ include $(XEN_ROOT)/tools/Rules.mk
.PHONY: x86-instruction-emulator-fuzzer-all
ifeq ($(CONFIG_X86_64),y)
-x86-instruction-emulator-fuzzer-all: x86-insn-emulator.a
x86-insn-emulator-fuzzer.o
+x86-instruction-emulator-fuzzer-all: x86-insn-emulator.a
x86-insn-emulator-fuzzer.o afl
else
x86-instruction-emulator-fuzzer-all:
endif
@@ -23,6 +23,8 @@ x86-insn-emulator-fuzzer.o: x86_emulate.h
x86_emulate/x86_emulate.h
x86-insn-emulator.a: x86_emulate.o
$(AR) rc $@ $^
+afl-x86-insn-emulator-fuzzer: afl-x86-insn-emulator-fuzzer.o
x86-insn-emulator-fuzzer.o x86_emulate.o
+
# Common targets
.PHONY: all
all: x86-instruction-emulator-fuzzer-all
@@ -33,7 +35,10 @@ distclean: clean
.PHONY: clean
clean:
- rm -f *.a *.o
+ rm -f *.a *.o *-x86-insn-emulator-fuzzer
.PHONY: install
install: all
+
+.PHONY: afl
+afl: afl-x86-insn-emulator-fuzzer
diff --git a/tools/fuzz/x86_instruction_emulator/afl-x86-insn-emulator-fuzzer.c
b/tools/fuzz/x86_instruction_emulator/afl-x86-insn-emulator-fuzzer.c
new file mode 100644
index 0000000000..b5668c11e7
--- /dev/null
+++ b/tools/fuzz/x86_instruction_emulator/afl-x86-insn-emulator-fuzzer.c
@@ -0,0 +1,57 @@
+#include <assert.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+extern int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t size);
+
+#define INPUT_SIZE 4096
+static uint8_t input[INPUT_SIZE];
+
+int main(int argc, char **argv)
+{
+ size_t size;
+ FILE *fp;
+
+ if ( argc != 2 )
+ {
+ printf("Expecting only one argument\n");
+ exit(-1);
+ }
+
+ fp = fopen(argv[1], "rb");
+ if ( fp == NULL )
+ {
+ perror("fopen");
+ exit(-1);
+ }
+
+ size = fread(input, 1, INPUT_SIZE, fp);
+
+ if ( ferror(fp) )
+ {
+ perror("fread");
+ exit(-1);
+ }
+
+ if ( !feof(fp) )
+ {
+ printf("Input too large\n");
+ exit(-1);
+ }
+
+ fclose(fp);
+
+ LLVMFuzzerTestOneInput(input, size);
+
+ return 0;
+}
+
+/*
+ * Local variables:
+ * mode: C
+ * c-file-style: "BSD"
+ * c-basic-offset: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
--
2.11.0
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |