xref: /aosp_15_r20/tools/security/fuzzing/example_rust_fuzzer/fuzzer.rs (revision d9ecfb0f4d734c9ce41cde8ac4d585b094fd4222) 
1*d9ecfb0fSAndroid Build Coastguard Worker // Copyright 2021, The Android Open Source Project
2*d9ecfb0fSAndroid Build Coastguard Worker //
3*d9ecfb0fSAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License");
4*d9ecfb0fSAndroid Build Coastguard Worker // you may not use this file except in compliance with the License.
5*d9ecfb0fSAndroid Build Coastguard Worker // You may obtain a copy of the License at
6*d9ecfb0fSAndroid Build Coastguard Worker //
7*d9ecfb0fSAndroid Build Coastguard Worker //     http://www.apache.org/licenses/LICENSE-2.0
8*d9ecfb0fSAndroid Build Coastguard Worker //
9*d9ecfb0fSAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software
10*d9ecfb0fSAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS,
11*d9ecfb0fSAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*d9ecfb0fSAndroid Build Coastguard Worker // See the License for the specific language governing permissions and
13*d9ecfb0fSAndroid Build Coastguard Worker // limitations under the License.
14*d9ecfb0fSAndroid Build Coastguard Worker 
15*d9ecfb0fSAndroid Build Coastguard Worker #![allow(missing_docs)]
16*d9ecfb0fSAndroid Build Coastguard Worker #![no_main]
17*d9ecfb0fSAndroid Build Coastguard Worker 
18*d9ecfb0fSAndroid Build Coastguard Worker use libfuzzer_sys::fuzz_target;
19*d9ecfb0fSAndroid Build Coastguard Worker 
heap_oob()20*d9ecfb0fSAndroid Build Coastguard Worker fn heap_oob() {
21*d9ecfb0fSAndroid Build Coastguard Worker     let xs = [0, 1, 2, 3];
22*d9ecfb0fSAndroid Build Coastguard Worker     // SAFETY: This is in fact intentionally unsound, but we hope the fuzzer will catch it.
23*d9ecfb0fSAndroid Build Coastguard Worker     let val = unsafe { *xs.as_ptr().offset(4) };
24*d9ecfb0fSAndroid Build Coastguard Worker     println!("Out-of-bounds heap value: {}", val);
25*d9ecfb0fSAndroid Build Coastguard Worker }
26*d9ecfb0fSAndroid Build Coastguard Worker 
27*d9ecfb0fSAndroid Build Coastguard Worker fuzz_target!(|data: &[u8]| {
28*d9ecfb0fSAndroid Build Coastguard Worker     let magic_number = 327;
29*d9ecfb0fSAndroid Build Coastguard Worker     if data.len() == magic_number {
30*d9ecfb0fSAndroid Build Coastguard Worker         heap_oob();
31*d9ecfb0fSAndroid Build Coastguard Worker     }
32*d9ecfb0fSAndroid Build Coastguard Worker });
33