[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] Add libfuzzer target to fuzz/x86_instruction_emulator
commit b518013ca1ae5dc523f418509990dd5c65b14d44 Author: Tamas K Lengyel <tamas@xxxxxxxxxxxxx> AuthorDate: Tue Jul 23 13:58:07 2024 +0200 Commit: Jan Beulich <jbeulich@xxxxxxxx> CommitDate: Tue Jul 23 13:58:07 2024 +0200 Add libfuzzer target to fuzz/x86_instruction_emulator This target enables integration into oss-fuzz. Changing invalid input return to -1 as values other then 0/-1 are reserved by libfuzzer. Also adding the missing __wrap_vsnprintf wrapper which is required for successful oss-fuzz build. Signed-off-by: Tamas K Lengyel <tamas@xxxxxxxxxxxxx> Acked-by: Jan Beulich <jbeulich@xxxxxxxx> --- tools/fuzz/x86_instruction_emulator/Makefile | 6 +++++- tools/fuzz/x86_instruction_emulator/fuzz-emul.c | 6 ++---- tools/tests/x86_emulator/wrappers.c | 11 +++++++++++ 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/tools/fuzz/x86_instruction_emulator/Makefile b/tools/fuzz/x86_instruction_emulator/Makefile index 1e4c6b37f5..459743f4d9 100644 --- a/tools/fuzz/x86_instruction_emulator/Makefile +++ b/tools/fuzz/x86_instruction_emulator/Makefile @@ -58,6 +58,9 @@ afl-harness: afl-harness.o $(OBJS) cpuid.o wrappers.o afl-harness-cov: afl-harness-cov.o $(patsubst %.o,%-cov.o,$(OBJS)) cpuid.o wrappers.o $(CC) $(CFLAGS) $(GCOV_FLAGS) $(addprefix -Wl$(comma)--wrap=,$(WRAPPED)) $^ -o $@ +libfuzzer-harness: $(OBJS) cpuid.o wrappers.o + $(CC) $(CFLAGS) $(LIB_FUZZING_ENGINE) -fsanitize=fuzzer $(addprefix -Wl$(comma)--wrap=,$(WRAPPED)) $^ -o $@ + # Common targets .PHONY: all all: x86-insn-fuzz-all @@ -67,7 +70,8 @@ distclean: clean .PHONY: clean clean: - rm -f *.a *.o $(DEPS_RM) afl-harness afl-harness-cov *.gcda *.gcno *.gcov + rm -f *.a *.o $(DEPS_RM) *.gcda *.gcno *.gcov + rm -f afl-harness afl-harness-cov libfuzzer-harness rm -rf x86_emulate x86-emulate.c x86-emulate.h wrappers.c cpuid.c .PHONY: install diff --git a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c index eeeb6931f4..2ba9ca9e0b 100644 --- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c +++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c @@ -906,14 +906,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t size) if ( size <= DATA_OFFSET ) { - printf("Input too small\n"); - return 1; + return -1; } if ( size > FUZZ_CORPUS_SIZE ) { - printf("Input too large\n"); - return 1; + return -1; } memcpy(&input, data_p, size); diff --git a/tools/tests/x86_emulator/wrappers.c b/tools/tests/x86_emulator/wrappers.c index 3829a6f416..8f3bd1656f 100644 --- a/tools/tests/x86_emulator/wrappers.c +++ b/tools/tests/x86_emulator/wrappers.c @@ -91,6 +91,17 @@ int __wrap_snprintf(char *buf, size_t n, const char *fmt, ...) return rc; } +int __wrap_vsnprintf(char *buf, size_t n, const char *fmt, va_list varg) +{ + int rc; + + emul_save_fpu_state(); + rc = __real_vsnprintf(buf, n, fmt, varg); + emul_restore_fpu_state(); + + return rc; +} + char *__wrap_strstr(const char *s1, const char *s2) { char *s; -- generated by git-patchbot for /home/xen/git/xen.git#master
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |