1 // Copyright © 2021 Intel Corporation 2 // 3 // SPDX-License-Identifier: Apache-2.0 4 5 #![no_main] 6 use std::ffi; 7 use std::fs::File; 8 use std::io::{self, Read, Seek, SeekFrom, Write}; 9 use std::os::unix::io::{FromRawFd, RawFd}; 10 11 use block::vhdx::Vhdx; 12 use libfuzzer_sys::fuzz_target; 13 14 // Populate the corpus directory with a test file: 15 // truncate -s 16M /tmp/source 16 // qemu-img convert -O vhdx /tmp/source fuzz/corpus/vhdx/test.vhdx 17 // Run with: 18 // cargo fuzz run vhdx -j 32 -- -max_len=16777216 19 fuzz_target!(|bytes| { 20 let shm = memfd_create(&ffi::CString::new("fuzz").unwrap(), 0).unwrap(); 21 let mut disk_file: File = unsafe { File::from_raw_fd(shm) }; 22 disk_file.write_all(&bytes[..]).unwrap(); 23 disk_file.seek(SeekFrom::Start(0)).unwrap(); 24 25 if let Ok(mut vhdx) = Vhdx::new(disk_file) { 26 if vhdx.seek(SeekFrom::Start(0)).is_ok() { 27 let mut offset = 0; 28 while offset < bytes.len() { 29 let mut data = vec![0; 8192]; 30 vhdx.read_exact(&mut data).ok(); 31 offset += data.len(); 32 } 33 } 34 35 if vhdx.seek(SeekFrom::Start(0)).is_ok() { 36 let mut offset = 0; 37 while offset < bytes.len() { 38 let data = vec![0; 8192]; 39 vhdx.write_all(&data).ok(); 40 offset += data.len(); 41 } 42 } 43 } 44 }); 45 46 fn memfd_create(name: &ffi::CStr, flags: u32) -> Result<RawFd, io::Error> { 47 let res = unsafe { libc::syscall(libc::SYS_memfd_create, name.as_ptr(), flags) }; 48 49 if res < 0 { 50 Err(io::Error::last_os_error()) 51 } else { 52 Ok(res as RawFd) 53 } 54 } 55