Line data    Source code

       1             : #if !FD_HAS_HOSTED
       2             : #error "This target requires FD_HAS_HOSTED"
       3             : #endif
       4             : 
       5             : #include "../../util/sanitize/fd_fuzz.h"
       6             : #include "fd_sbpf_loader.h"
       7             : 
       8             : #include <stdlib.h>
       9             : 
      10             : 
      11             : uint const _syscalls[] = {
      12             :   0xb6fc1a11, 0x686093bb, 0x207559bd, 0x5c2a3178, 0x52ba5096,
      13             :   0x7ef088ca, 0x9377323c, 0x48504a38, 0x11f49d86, 0xd7793abb,
      14             :   0x17e40350, 0x174c5122, 0xaa2607ca, 0xdd1c41a6, 0xd56b5fe9,
      15             :   0x23a29a61, 0x3b97b73c, 0xbf7188f6, 0x717cc4a3, 0x434371f8,
      16             :   0x5fdcde31, 0x3770fb22, 0xa22b9c85, 0xd7449092, 0x83f00e8f,
      17             :   0xa226d3eb, 0x5d2245e4, 0x7317b434, 0xadb8efc8, 0x85532d94,
      18             :   0U
      19             : };
      20             : 
      21             : 
      22             : int
      23             : LLVMFuzzerInitialize( int  *   argc,
      24          12 :                       char *** argv ) {
      25             :   /* Set up shell without signal handlers */
      26          12 :   putenv( "FD_LOG_BACKTRACE=0" );
      27          12 :   fd_boot( argc, argv );
      28          12 :   atexit( fd_halt );
      29          12 :   fd_log_level_core_set(3); /* crash on warning log */
      30          12 :   return 0;
      31          12 : }
      32             : 
      33             : int
      34             : LLVMFuzzerTestOneInput( uchar const * data,
      35          63 :                         ulong         size ) {
      36             : 
      37          63 :   fd_sbpf_elf_info_t info;
      38          63 :   fd_sbpf_loader_config_t config = { 0 };
      39          63 :   config.sbpf_max_version = FD_SBPF_V3;
      40          63 :   if( FD_UNLIKELY( fd_sbpf_elf_peek( &info, data, size, &config )<0 ) )
      41          33 :     return -1;
      42             : 
      43             :   /* Allocate objects */
      44             : 
      45          30 :   void * rodata = malloc( info.rodata_footprint );
      46          30 :   FD_TEST( rodata );
      47             : 
      48          30 :   fd_sbpf_program_t * prog = fd_sbpf_program_new( aligned_alloc( fd_sbpf_program_align(), fd_sbpf_program_footprint( &info ) ), &info, rodata );
      49          30 :   FD_TEST( prog );
      50             : 
      51          30 :   fd_sbpf_syscalls_t * syscalls = fd_sbpf_syscalls_new( aligned_alloc( fd_sbpf_syscalls_align(), fd_sbpf_syscalls_footprint() ) );
      52          30 :   FD_TEST( syscalls );
      53             : 
      54         930 :   for( uint const * x = _syscalls; *x; x++ )
      55         900 :     fd_sbpf_syscalls_insert( syscalls, (ulong)*x );
      56             : 
      57             :   /* Load program */
      58          30 :   int res = fd_sbpf_program_load( prog, data, size, syscalls, &config );
      59             : 
      60             :   /* Should be able to load at least one program and not load at least one program */
      61          30 :   if ( FD_UNLIKELY( !res ) ) {
      62          30 :     FD_FUZZ_MUST_BE_COVERED;
      63          30 :   } else {
      64           0 :     FD_FUZZ_MUST_BE_COVERED;
      65           0 :   }
      66             : 
      67             :   /* Clean up */
      68          30 :   free( rodata );
      69          30 :   free( fd_sbpf_syscalls_delete( syscalls ) );
      70          30 :   free( fd_sbpf_program_delete( prog ) );
      71             : 
      72          30 :   return 0;
      73          30 : }