add in-tree cargo fuzz targets for decode and display impls

5 files changed, 70 insertions, 0 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 69974fe..0feab86 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -4,6 +4,11 @@
   - when displaying an invalid `RegSpec`, for some out-of-range mask registers, the displayed register name could be chosen as arbitrary const data interpreted as a pointer/length pair
 * fix incorrect (non-present!) memory size for f30f1e-style `nop`.
   - this would decode without error, but produce an instruction with memory operand and memory size of `0`. if formatted, yaxpeax-x86 panics.
+* add in-tree `cargo fuzz` targets for decoding and displaying instructions.
+  neither of these operations should ever panic.
+
+and thank you to @5225225 for the bug reports handled in 1.1.2 and 1.1.3, as
+well as the nudge to start using `cargo fuzz`.
 
 ## 1.1.2
 * fix panic when evex instructions with compressed displacements are decoded in
diff --git a/fuzz/.gitignore b/fuzz/.gitignore
new file mode 100644
index 0000000..572e03b
--- /dev/null
+++ b/fuzz/.gitignore
@@ -0,0 +1,4 @@
+
+target
+corpus
+artifacts
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
new file mode 100644
index 0000000..5c49296
--- /dev/null
+++ b/fuzz/Cargo.toml
@@ -0,0 +1,28 @@
+
+[package]
+name = "yaxpeax-x86-fuzz"
+version = "0.0.1"
+authors = ["Automatically generated"]
+publish = false
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies.yaxpeax-x86]
+path = ".."
+[dependencies.libfuzzer-sys]
+git = "https://github.com/rust-fuzz/libfuzzer-sys.git"
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "decode_does_not_panic"
+path = "fuzz_targets/decode_does_not_panic.rs"
+
+[[bin]]
+name = "display_does_not_panic"
+path = "fuzz_targets/display_does_not_panic.rs"
+test = false
+doc = false
diff --git a/fuzz/fuzz_targets/decode_does_not_panic.rs b/fuzz/fuzz_targets/decode_does_not_panic.rs
new file mode 100644
index 0000000..5e6c15d
--- /dev/null
+++ b/fuzz/fuzz_targets/decode_does_not_panic.rs
@@ -0,0 +1,12 @@
+#![no_main]
+#[macro_use] extern crate libfuzzer_sys;
+extern crate yaxpeax_x86;
+
+fuzz_target!(|data: &[u8]| {
+    let x86_64_decoder = yaxpeax_x86::long_mode::InstDecoder::default();
+    let x86_32_decoder = yaxpeax_x86::protected_mode::InstDecoder::default();
+    let x86_16_decoder = yaxpeax_x86::real_mode::InstDecoder::default();
+    drop(x86_64_decoder.decode_slice(data));
+    drop(x86_32_decoder.decode_slice(data));
+    drop(x86_16_decoder.decode_slice(data));
+});
diff --git a/fuzz/fuzz_targets/display_does_not_panic.rs b/fuzz/fuzz_targets/display_does_not_panic.rs
new file mode 100644
index 0000000..97a14b8
--- /dev/null
+++ b/fuzz/fuzz_targets/display_does_not_panic.rs
@@ -0,0 +1,21 @@
+#![no_main]
+#[macro_use] extern crate libfuzzer_sys;
+extern crate yaxpeax_x86;
+
+fuzz_target!(|data: &[u8]| {
+    let x86_64_decoder = yaxpeax_x86::long_mode::InstDecoder::default();
+    let x86_32_decoder = yaxpeax_x86::protected_mode::InstDecoder::default();
+    let x86_16_decoder = yaxpeax_x86::real_mode::InstDecoder::default();
+
+    if let Ok(inst) = x86_64_decoder.decode_slice(data) {
+        inst.write_to(&mut String::new()).expect("format does not panic");
+    };
+
+    if let Ok(inst) = x86_32_decoder.decode_slice(data) {
+        inst.write_to(&mut String::new()).expect("format does not panic");
+    };
+
+    if let Ok(inst) = x86_16_decoder.decode_slice(data) {
+        inst.write_to(&mut String::new()).expect("format does not panic");
+    };
+});