Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / ddce86fc7e4d831e459ff0fefdf202c97b73039e^2..ddce86fc7e4d831e459ff0fefdf202c97b73039e / .
commitddce86fc7e4d831e459ff0fefdf202c97b73039e[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Tue Jan 24 16:03:08 2023 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Tue Jan 24 16:03:08 2023 +0000
tree9254d24dc6e66617c744e4f0f25bc1b1ab81e9a4
parent6ea84fe9e60845b8263bd536c6e5b3dc734f10eb [diff]
parent317aa48710e6384c4b92524d0f4ac1327fb3c45d [diff]
Merge "Improve assertion"
diff --git a/pvmfw/avb/fuzz/Android.bp b/pvmfw/avb/fuzz/Android.bp
new file mode 100644
index 0000000..451fd8a
--- /dev/null
+++ b/pvmfw/avb/fuzz/Android.bp

@@ -0,0 +1,34 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_fuzz {
+    name: "avb_kernel_without_footer_verify_fuzzer",
+    srcs: ["without_footer_verify_fuzzer.rs"],
+    rustlibs: [
+        "libpvmfw_avb_nostd",
+    ],
+    fuzz_config: {
+        cc: [
+            "android-kvm@google.com",
+        ],
+        fuzz_on_haiku_device: true,
+        fuzz_on_haiku_host: true,
+    },
+}
+
+// TODO(b/260574387): Add avb_kernel_with_footer_verify_fuzzer

diff --git a/pvmfw/avb/fuzz/without_footer_verify_fuzzer.rs b/pvmfw/avb/fuzz/without_footer_verify_fuzzer.rs
new file mode 100644
index 0000000..fc8fa85
--- /dev/null
+++ b/pvmfw/avb/fuzz/without_footer_verify_fuzzer.rs

@@ -0,0 +1,28 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#![allow(missing_docs)]
+#![no_main]
+
+use libfuzzer_sys::fuzz_target;
+use pvmfw_avb::verify_payload;
+
+fuzz_target!(|kernel: &[u8]| {
+    // This fuzzer is mostly supposed to catch the memory corruption in
+    // AVB footer parsing. It is unlikely that the randomly generated
+    // kernel can pass the kernel verification, so the value of `initrd`
+    // is not so important as we won't reach initrd verification with
+    // this fuzzer.
+    let _ = verify_payload(kernel, /*initrd=*/ None, &[0u8; 64]);
+});