Add fuzz_emu_s390x_be.c

2022-01-18 21:16:01 +01:00 · 2022-01-18 21:16:01 +01:00 · 4f1aeb83ca
commit 4f1aeb83ca
parent 7095605607
3 changed files with 59 additions and 1 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1319,7 +1319,7 @@ endif()


 if(UNICORN_FUZZ)
-    set(UNICORN_FUZZ_SUFFIX "arm_arm;arm_armbe;arm_thumb;arm64_arm;arm64_armbe;m68k_be;mips_32be;mips_32le;sparc_32be;x86_16;x86_32;x86_64;s390x")
+    set(UNICORN_FUZZ_SUFFIX "arm_arm;arm_armbe;arm_thumb;arm64_arm;arm64_armbe;m68k_be;mips_32be;mips_32le;sparc_32be;x86_16;x86_32;x86_64;s390x_be")
    set(SAMPLES_LIB ${SAMPLES_LIB} rt)
    foreach(SUFFIX ${UNICORN_FUZZ_SUFFIX})
        add_executable(fuzz_emu_${SUFFIX}
--- a/tests/fuzz/fuzz_emu_s390x_be.c
+++ b/tests/fuzz/fuzz_emu_s390x_be.c
@ -0,0 +1,56 @@
+#include <unicorn/unicorn.h>
+
+
+// memory address where emulation starts
+#define ADDRESS 0x1000000
+
+uc_engine *uc;
+int initialized = 0;
+FILE * outfile = NULL;
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+    uc_err err;
+
+    if (initialized == 0) {
+        if (outfile == NULL) {
+            // we compute the output
+            outfile = fopen("/dev/null", "w");
+            if (outfile == NULL) {
+                printf("failed opening /dev/null\n");
+                abort();
+                return 0;
+            }
+        }
+
+        initialized = 1;
+    }
+
+    // Not global as we must reset this structure
+    // Initialize emulator in supplied mode
+    err = uc_open(UC_ARCH_S390X, UC_MODE_BIG_ENDIAN, &uc);
+    if (err != UC_ERR_OK) {
+        printf("Failed on uc_open() with error returned: %u\n", err);
+        abort();
+    }
+
+    // map 4MB memory for this emulation
+    uc_mem_map(uc, ADDRESS, 4 * 1024 * 1024, UC_PROT_ALL);
+
+    // write machine code to be emulated to memory
+    if (uc_mem_write(uc, ADDRESS, Data, Size)) {
+        printf("Failed to write emulation code to memory, quit!\n");
+        abort();
+    }
+
+    // emulate code in infinite time & 4096 instructions
+    // avoid timeouts with infinite loops
+    err=uc_emu_start(uc, ADDRESS, ADDRESS + Size, 0, 0x1000);
+    if (err) {
+        fprintf(outfile, "Failed on uc_emu_start() with error returned %u: %s\n", err, uc_strerror(err));
+    }
+
+    uc_close(uc);
+
+    return 0;
+}
--- a/tests/fuzz/gentargets.sh
+++ b/tests/fuzz/gentargets.sh
@ -19,3 +19,5 @@ sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_A
 sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_THUMB/' > fuzz_emu_arm_thumb.c
 sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_ARM + UC_MODE_BIG_ENDIAN/' > fuzz_emu_arm_armbe.c
 #sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_THUMB + UC_MODE_BIG_ENDIAN/' > fuzz_emu_arm_thumbbe.c
+
+sed 's/UC_ARCH_X86/UC_ARCH_S390X/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_BIG_ENDIAN/' > fuzz_emu_s390x_be.c