diff --git a/CMakeLists.txt b/CMakeLists.txt index dbd652ff..0cb138cc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1319,7 +1319,7 @@ endif() if(UNICORN_FUZZ) - set(UNICORN_FUZZ_SUFFIX "arm_arm;arm_armbe;arm_thumb;arm64_arm;arm64_armbe;m68k_be;mips_32be;mips_32le;sparc_32be;x86_16;x86_32;x86_64;s390x") + set(UNICORN_FUZZ_SUFFIX "arm_arm;arm_armbe;arm_thumb;arm64_arm;arm64_armbe;m68k_be;mips_32be;mips_32le;sparc_32be;x86_16;x86_32;x86_64;s390x_be") set(SAMPLES_LIB ${SAMPLES_LIB} rt) foreach(SUFFIX ${UNICORN_FUZZ_SUFFIX}) add_executable(fuzz_emu_${SUFFIX} diff --git a/tests/fuzz/fuzz_emu_s390x_be.c b/tests/fuzz/fuzz_emu_s390x_be.c new file mode 100644 index 00000000..88d4873a --- /dev/null +++ b/tests/fuzz/fuzz_emu_s390x_be.c @@ -0,0 +1,56 @@ +#include + + +// memory address where emulation starts +#define ADDRESS 0x1000000 + +uc_engine *uc; +int initialized = 0; +FILE * outfile = NULL; + + +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + uc_err err; + + if (initialized == 0) { + if (outfile == NULL) { + // we compute the output + outfile = fopen("/dev/null", "w"); + if (outfile == NULL) { + printf("failed opening /dev/null\n"); + abort(); + return 0; + } + } + + initialized = 1; + } + + // Not global as we must reset this structure + // Initialize emulator in supplied mode + err = uc_open(UC_ARCH_S390X, UC_MODE_BIG_ENDIAN, &uc); + if (err != UC_ERR_OK) { + printf("Failed on uc_open() with error returned: %u\n", err); + abort(); + } + + // map 4MB memory for this emulation + uc_mem_map(uc, ADDRESS, 4 * 1024 * 1024, UC_PROT_ALL); + + // write machine code to be emulated to memory + if (uc_mem_write(uc, ADDRESS, Data, Size)) { + printf("Failed to write emulation code to memory, quit!\n"); + abort(); + } + + // emulate code in infinite time & 4096 instructions + // avoid timeouts with infinite loops + err=uc_emu_start(uc, ADDRESS, ADDRESS + Size, 0, 0x1000); + if (err) { + fprintf(outfile, "Failed on uc_emu_start() with error returned %u: %s\n", err, uc_strerror(err)); + } + + uc_close(uc); + + return 0; +} diff --git a/tests/fuzz/gentargets.sh b/tests/fuzz/gentargets.sh index 92385051..ac53ace8 100644 --- a/tests/fuzz/gentargets.sh +++ b/tests/fuzz/gentargets.sh @@ -19,3 +19,5 @@ sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_A sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_THUMB/' > fuzz_emu_arm_thumb.c sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_ARM + UC_MODE_BIG_ENDIAN/' > fuzz_emu_arm_armbe.c #sed 's/UC_ARCH_X86/UC_ARCH_ARM/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_THUMB + UC_MODE_BIG_ENDIAN/' > fuzz_emu_arm_thumbbe.c + +sed 's/UC_ARCH_X86/UC_ARCH_S390X/' fuzz_emu_x86_32.c | sed 's/UC_MODE_32/UC_MODE_BIG_ENDIAN/' > fuzz_emu_s390x_be.c \ No newline at end of file