Skip to content

Commit

Permalink
fuzz: don't init mem as a reference
Browse files Browse the repository at this point in the history 
This is confusing because it looks like functions are not called with
a reference to the memory but with a copy of it. This is caused by
GuestMemory being a reference in its initialization.

Signed-off-by: Andreea Florescu <[email protected]>
  • Loading branch information
@andreeaflorescu @lauralt
andreeaflorescu authored and lauralt committed Feb 17, 2023
1 parent dbf56a7 commit 3e201e0
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
6 changes: 3 additions & 3 deletions fuzz/fuzz_targets/virtio_queue.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@ fuzz_target!(|data: &[u8]| {
// same descriptors multiple times when pop_descriptor is called in a loop after a reset.
// In the normal operation of a device we would not start from address 0 anyway.
let start_addr = GuestAddress(0x1000);
let m = &GuestMemoryMmap::<()>::from_ranges(&[(start_addr, 0x11000)]).unwrap();
let vq = MockSplitQueue::create(m, start_addr, DEFAULT_QUEUE_SIZE);
let m = GuestMemoryMmap::<()>::from_ranges(&[(start_addr, 0x11000)]).unwrap();
let vq = MockSplitQueue::create(&m, start_addr, DEFAULT_QUEUE_SIZE);
let descriptors: Vec<Descriptor> = fuzz_input
.descriptors
.iter()
Expand All @@ -30,6 +30,6 @@ fuzz_target!(|data: &[u8]| {
}

if let Ok(mut q) = vq.create_queue() {
fuzz_input.functions.iter().for_each(|f| f.call(&mut q, m));
fuzz_input.functions.iter().for_each(|f| f.call(&mut q, &m));
}
});
6 changes: 3 additions & 3 deletions fuzz/fuzz_targets/virtio_queue_ser.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ fuzz_target!(|data: &[u8]| {
// same descriptors multiple times when pop_descriptor is called in a loop after a reset.
// In the normal operation of a device we would not start from address 0 anyway.
let start_addr = GuestAddress(0x1000);
let m = &GuestMemoryMmap::<()>::from_ranges(&[(start_addr, 0x11000)]).unwrap();
let vq = MockSplitQueue::create(m, start_addr, DEFAULT_QUEUE_SIZE);
let m = GuestMemoryMmap::<()>::from_ranges(&[(start_addr, 0x11000)]).unwrap();
let vq = MockSplitQueue::create(&m, start_addr, DEFAULT_QUEUE_SIZE);

let descriptors: Vec<Descriptor> = fuzz_input
.descriptors
Expand All @@ -32,6 +32,6 @@ fuzz_target!(|data: &[u8]| {
let q_state: QueueState = fuzz_input.queue_state.into();

if let Ok(mut q) = Queue::try_from(q_state) {
fuzz_input.functions.iter().for_each(|f| f.call(&mut q, m));
fuzz_input.functions.iter().for_each(|f| f.call(&mut q, &m));
}
});

0 comments on commit 3e201e0

Please sign in to comment.