From 26e019cc3788b6bac73969dc3d1753e883961339 Mon Sep 17 00:00:00 2001 From: iximeow Date: Sun, 19 Dec 2021 11:32:43 -0800 Subject: add in-tree cargo fuzz targets for decode and display impls --- CHANGELOG | 5 +++++ fuzz/.gitignore | 4 ++++ fuzz/Cargo.toml | 28 ++++++++++++++++++++++++++++ fuzz/fuzz_targets/decode_does_not_panic.rs | 12 ++++++++++++ fuzz/fuzz_targets/display_does_not_panic.rs | 21 +++++++++++++++++++++ 5 files changed, 70 insertions(+) create mode 100644 fuzz/.gitignore create mode 100644 fuzz/Cargo.toml create mode 100644 fuzz/fuzz_targets/decode_does_not_panic.rs create mode 100644 fuzz/fuzz_targets/display_does_not_panic.rs diff --git a/CHANGELOG b/CHANGELOG index 69974fe..0feab86 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,6 +4,11 @@ - when displaying an invalid `RegSpec`, for some out-of-range mask registers, the displayed register name could be chosen as arbitrary const data interpreted as a pointer/length pair * fix incorrect (non-present!) memory size for f30f1e-style `nop`. - this would decode without error, but produce an instruction with memory operand and memory size of `0`. if formatted, yaxpeax-x86 panics. +* add in-tree `cargo fuzz` targets for decoding and displaying instructions. + neither of these operations should ever panic. + +and thank you to @5225225 for the bug reports handled in 1.1.2 and 1.1.3, as +well as the nudge to start using `cargo fuzz`. ## 1.1.2 * fix panic when evex instructions with compressed displacements are decoded in diff --git a/fuzz/.gitignore b/fuzz/.gitignore new file mode 100644 index 0000000..572e03b --- /dev/null +++ b/fuzz/.gitignore @@ -0,0 +1,4 @@ + +target +corpus +artifacts diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml new file mode 100644 index 0000000..5c49296 --- /dev/null +++ b/fuzz/Cargo.toml @@ -0,0 +1,28 @@ + +[package] +name = "yaxpeax-x86-fuzz" +version = "0.0.1" +authors = ["Automatically generated"] +publish = false + +[package.metadata] +cargo-fuzz = true + +[dependencies.yaxpeax-x86] +path = ".." +[dependencies.libfuzzer-sys] +git = "https://github.com/rust-fuzz/libfuzzer-sys.git" + +# Prevent this from interfering with workspaces +[workspace] +members = ["."] + +[[bin]] +name = "decode_does_not_panic" +path = "fuzz_targets/decode_does_not_panic.rs" + +[[bin]] +name = "display_does_not_panic" +path = "fuzz_targets/display_does_not_panic.rs" +test = false +doc = false diff --git a/fuzz/fuzz_targets/decode_does_not_panic.rs b/fuzz/fuzz_targets/decode_does_not_panic.rs new file mode 100644 index 0000000..5e6c15d --- /dev/null +++ b/fuzz/fuzz_targets/decode_does_not_panic.rs @@ -0,0 +1,12 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate yaxpeax_x86; + +fuzz_target!(|data: &[u8]| { + let x86_64_decoder = yaxpeax_x86::long_mode::InstDecoder::default(); + let x86_32_decoder = yaxpeax_x86::protected_mode::InstDecoder::default(); + let x86_16_decoder = yaxpeax_x86::real_mode::InstDecoder::default(); + drop(x86_64_decoder.decode_slice(data)); + drop(x86_32_decoder.decode_slice(data)); + drop(x86_16_decoder.decode_slice(data)); +}); diff --git a/fuzz/fuzz_targets/display_does_not_panic.rs b/fuzz/fuzz_targets/display_does_not_panic.rs new file mode 100644 index 0000000..97a14b8 --- /dev/null +++ b/fuzz/fuzz_targets/display_does_not_panic.rs @@ -0,0 +1,21 @@ +#![no_main] +#[macro_use] extern crate libfuzzer_sys; +extern crate yaxpeax_x86; + +fuzz_target!(|data: &[u8]| { + let x86_64_decoder = yaxpeax_x86::long_mode::InstDecoder::default(); + let x86_32_decoder = yaxpeax_x86::protected_mode::InstDecoder::default(); + let x86_16_decoder = yaxpeax_x86::real_mode::InstDecoder::default(); + + if let Ok(inst) = x86_64_decoder.decode_slice(data) { + inst.write_to(&mut String::new()).expect("format does not panic"); + }; + + if let Ok(inst) = x86_32_decoder.decode_slice(data) { + inst.write_to(&mut String::new()).expect("format does not panic"); + }; + + if let Ok(inst) = x86_16_decoder.decode_slice(data) { + inst.write_to(&mut String::new()).expect("format does not panic"); + }; +}); -- cgit v1.1