|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] Add libfuzzer target to fuzz/x86_instruction_emulator
commit b518013ca1ae5dc523f418509990dd5c65b14d44
Author: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
AuthorDate: Tue Jul 23 13:58:07 2024 +0200
Commit: Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Jul 23 13:58:07 2024 +0200
Add libfuzzer target to fuzz/x86_instruction_emulator
This target enables integration into oss-fuzz. Changing invalid input return
to -1 as values other then 0/-1 are reserved by libfuzzer. Also adding the
missing __wrap_vsnprintf wrapper which is required for successful oss-fuzz
build.
Signed-off-by: Tamas K Lengyel <tamas@xxxxxxxxxxxxx>
Acked-by: Jan Beulich <jbeulich@xxxxxxxx>
---
tools/fuzz/x86_instruction_emulator/Makefile | 6 +++++-
tools/fuzz/x86_instruction_emulator/fuzz-emul.c | 6 ++----
tools/tests/x86_emulator/wrappers.c | 11 +++++++++++
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/tools/fuzz/x86_instruction_emulator/Makefile
b/tools/fuzz/x86_instruction_emulator/Makefile
index 1e4c6b37f5..459743f4d9 100644
--- a/tools/fuzz/x86_instruction_emulator/Makefile
+++ b/tools/fuzz/x86_instruction_emulator/Makefile
@@ -58,6 +58,9 @@ afl-harness: afl-harness.o $(OBJS) cpuid.o wrappers.o
afl-harness-cov: afl-harness-cov.o $(patsubst %.o,%-cov.o,$(OBJS)) cpuid.o
wrappers.o
$(CC) $(CFLAGS) $(GCOV_FLAGS) $(addprefix
-Wl$(comma)--wrap=,$(WRAPPED)) $^ -o $@
+libfuzzer-harness: $(OBJS) cpuid.o wrappers.o
+ $(CC) $(CFLAGS) $(LIB_FUZZING_ENGINE) -fsanitize=fuzzer $(addprefix
-Wl$(comma)--wrap=,$(WRAPPED)) $^ -o $@
+
# Common targets
.PHONY: all
all: x86-insn-fuzz-all
@@ -67,7 +70,8 @@ distclean: clean
.PHONY: clean
clean:
- rm -f *.a *.o $(DEPS_RM) afl-harness afl-harness-cov *.gcda *.gcno
*.gcov
+ rm -f *.a *.o $(DEPS_RM) *.gcda *.gcno *.gcov
+ rm -f afl-harness afl-harness-cov libfuzzer-harness
rm -rf x86_emulate x86-emulate.c x86-emulate.h wrappers.c cpuid.c
.PHONY: install
diff --git a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
index eeeb6931f4..2ba9ca9e0b 100644
--- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
+++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
@@ -906,14 +906,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t
size)
if ( size <= DATA_OFFSET )
{
- printf("Input too small\n");
- return 1;
+ return -1;
}
if ( size > FUZZ_CORPUS_SIZE )
{
- printf("Input too large\n");
- return 1;
+ return -1;
}
memcpy(&input, data_p, size);
diff --git a/tools/tests/x86_emulator/wrappers.c
b/tools/tests/x86_emulator/wrappers.c
index 3829a6f416..8f3bd1656f 100644
--- a/tools/tests/x86_emulator/wrappers.c
+++ b/tools/tests/x86_emulator/wrappers.c
@@ -91,6 +91,17 @@ int __wrap_snprintf(char *buf, size_t n, const char *fmt,
...)
return rc;
}
+int __wrap_vsnprintf(char *buf, size_t n, const char *fmt, va_list varg)
+{
+ int rc;
+
+ emul_save_fpu_state();
+ rc = __real_vsnprintf(buf, n, fmt, varg);
+ emul_restore_fpu_state();
+
+ return rc;
+}
+
char *__wrap_strstr(const char *s1, const char *s2)
{
char *s;
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |