diff options
| author | Chia-I Wu <olvaffe@gmail.com> | 2021-07-01 13:50:40 -0700 |
|---|---|---|
| committer | Chia-I Wu <olvaffe@gmail.com> | 2021-07-08 09:30:35 -0700 |
| commit | 30eff50d545ccd6914fcbbcef8aee1a67783ce0d (patch) | |
| tree | 7832e04f0b8556c52d822515c00afddb97c2edfb /tests | |
| parent | 49edf4eda6470e5d976f4205e08f7847de7a2b93 (diff) | |
tests/fuzzer: add virgl_venus_fuzzer
v2: switch to C and atexit (suggested by Gert)
Signed-off-by: Chia-I Wu <olvaffe@gmail.com>
Reviewed-by: Yiwei Zhang <zzyiwei@chromium.org> (v1)
Reviewed-by: Ryan Neph <ryanneph@google.com> (v1)
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/fuzzer/meson.build | 10 | ||||
| -rw-r--r-- | tests/fuzzer/virgl_venus_fuzzer.c | 92 |
2 files changed, 102 insertions, 0 deletions
diff --git a/tests/fuzzer/meson.build b/tests/fuzzer/meson.build index 58bb18e..7c9a10d 100644 --- a/tests/fuzzer/meson.build +++ b/tests/fuzzer/meson.build @@ -31,3 +31,13 @@ virgl_fuzzer = executable( link_args : [ '-fsanitize=fuzzer' ], dependencies : [libvirglrenderer_dep, gallium_dep, epoxy_dep] ) + +if with_venus + virgl_venus_fuzzer = executable( + 'virgl_venus_fuzzer', + 'virgl_venus_fuzzer.c', + c_args : [ '-fsanitize=fuzzer' ], + link_args : [ '-fsanitize=fuzzer' ], + dependencies : [libvirglrenderer_dep] + ) +endif diff --git a/tests/fuzzer/virgl_venus_fuzzer.c b/tests/fuzzer/virgl_venus_fuzzer.c new file mode 100644 index 0000000..eff1ba4 --- /dev/null +++ b/tests/fuzzer/virgl_venus_fuzzer.c @@ -0,0 +1,92 @@ +/* + * Copyright 2021 Google LLC + * SPDX-License-Identifier: MIT + */ + +#include <stdbool.h> +#include <stddef.h> +#include <stdint.h> +#include <stdlib.h> + +#include "os/os_misc.h" +#include "virglrenderer.h" +#include "virglrenderer_hw.h" + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +struct fuzz_renderer { + bool initialized; +}; + +static void +fuzz_atexit_callback(void) +{ + virgl_renderer_cleanup(NULL); +} + +static void +fuzz_debug_callback(UNUSED const char *fmt, UNUSED va_list ap) +{ + /* no logging */ +} + +static struct fuzz_renderer * +fuzz_renderer_get(void) +{ + static struct fuzz_renderer renderer; + if (renderer.initialized) + return &renderer; + + int ret = + virgl_renderer_init(NULL, VIRGL_RENDERER_VENUS | VIRGL_RENDERER_NO_VIRGL, NULL); + if (ret) + abort(); + + virgl_set_debug_callback(fuzz_debug_callback); + + atexit(fuzz_atexit_callback); + + renderer.initialized = true; + return &renderer; +} + +static uint32_t +fuzz_context_create(UNUSED struct fuzz_renderer *renderer) +{ + const uint32_t ctx_id = 1; + const char name[] = "virgl_venus_fuzzer"; + int ret = virgl_renderer_context_create_with_flags(ctx_id, VIRGL_RENDERER_CAPSET_VENUS, + sizeof(name), name); + if (ret) + abort(); + + return ctx_id; +} + +static void +fuzz_context_destroy(UNUSED struct fuzz_renderer *renderer, uint32_t ctx_id) +{ + virgl_renderer_context_destroy(ctx_id); +} + +static void +fuzz_context_submit(UNUSED struct fuzz_renderer *renderer, + uint32_t ctx_id, + const uint8_t *data, + size_t size) +{ + virgl_renderer_submit_cmd((void *)data, ctx_id, size / 4); +} + +int +LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + struct fuzz_renderer *renderer = fuzz_renderer_get(); + + const uint32_t ctx_id = fuzz_context_create(renderer); + fuzz_context_submit(renderer, ctx_id, data, size); + fuzz_context_destroy(renderer, ctx_id); + + return 0; +} |