diff options
| author | Aleksandr Nogikh <nogikh@google.com> | 2024-02-16 22:47:59 +0100 |
|---|---|---|
| committer | Aleksandr Nogikh <nogikh@google.com> | 2024-03-12 11:14:34 +0000 |
| commit | c35c26ec6312219507c518bae2e56c1ea46a5f36 (patch) | |
| tree | ce5b570187b5720857d7d1d38c4c399354f394bc /executor/common_test.h | |
| parent | 5d97b658d9c2ec0cd68e5632ce7f11bfe5d6c282 (diff) | |
pkg/fuzzer: factor out the fuzzing engine
This is the first step for #1541.
Move the fuzzing engine that used to be interleaved with other syz-fuzzer
code into a separate package.
For now, the algorithm is more or less the same as it was, the only
difference is that a pkg/fuzzer instance scales to the available
computing power.
Add an executor-based test that performs real fuzzing.
Diffstat (limited to 'executor/common_test.h')
| -rw-r--r-- | executor/common_test.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/executor/common_test.h b/executor/common_test.h index 6ef6ed82d..971108df8 100644 --- a/executor/common_test.h +++ b/executor/common_test.h @@ -133,3 +133,23 @@ static int do_sandbox_none(void) return 0; } #endif + +#if SYZ_EXECUTOR || __NR_syz_test_fuzzer1 + +static void fake_crash(const char* name) +{ + failmsg("crash", "{{CRASH: %s}}", name); + doexit(1); +} + +static long syz_test_fuzzer1(volatile long a, volatile long b, volatile long c) +{ + // We probably want something more interesting here. + if (a == 1 && b == 1 && c == 1) + fake_crash("first bug"); + if (a == 1 && b == 2 && c == 3) + fake_crash("second bug"); + return 0; +} + +#endif |