1
// Copyright 2019 The ChromiumOS Authors
2
// Use of this source code is governed by a BSD-style license that can be
3
// found in the LICENSE file.
4

5
#![cfg(not(test))]
6
#![no_main]
7

8
#[cfg(any(target_os = "android", target_os = "linux"))]
9
mod fuzzer {
10
    use std::convert::TryInto;
11

12
    use crosvm_fuzz::fuzz_target;
13
    use devices::virtio::create_descriptor_chain;
14
    use devices::virtio::DescriptorType;
15
    use fuse::fuzzing::fuzz_server;
16
    use vm_memory::GuestAddress;
17
    use vm_memory::GuestMemory;
18

19
    const MEM_SIZE: u64 = 256 * 1024 * 1024;
20
    const BUFFER_ADDR: GuestAddress = GuestAddress(0x100);
21

22
    thread_local! {
23
        static GUEST_MEM: GuestMemory = GuestMemory::new(&[(GuestAddress(0), MEM_SIZE)]).unwrap();
24
    }
25

26
    fuzz_target!(|data| {
27
        use DescriptorType::*;
28

29
        GUEST_MEM.with(|mem| {
30
            mem.write_all_at_addr(data, BUFFER_ADDR).unwrap();
31

32
            // We need a valid descriptor chain, but it's not part of what is being fuzzed here.
33
            // So skip fuzzing if the chain is invalid.
34
            if let Ok(mut chain) = create_descriptor_chain(
35
                mem,
36
                GuestAddress(0),
37
                BUFFER_ADDR,
38
                vec![
39
                    (Readable, data.len().try_into().unwrap()),
40
                    (
41
                        Writable,
42
                        (MEM_SIZE as u32)
43
                            .saturating_sub(data.len().try_into().unwrap())
44
                            .saturating_sub(0x100),
45
                    ),
46
                ],
47
                0,
48
            ) {
49
                fuzz_server(&mut chain.reader, &mut chain.writer);
50
            }
51
        });
52
    });
53
}
54

55
#[cfg(not(unix))]
56
mod fuzzer {
57
    use crosvm_fuzz::fuzz_target;
58

59
    fuzz_target!(|_data| {});
60
}
61

62