Message ID | 20170925142648.25959-2-george.dunlap@citrix.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
>>> On 25.09.17 at 16:26, <george.dunlap@citrix.com> wrote: > Commit c07574b reorganized the way fuzzing was done, explicitly > creating a structure that the input data would be copied into. > > Unfortunately, the cpu register state used by the emulator is on the > stack; it's cleared, but data is never copied into it. > > If we're explicitly setting an entirely new cpu_regs struct for each > new input anyway, there's no need to have two copies around anymore; > just point to the one in the data structure. > > Signed-off-by: George Dunlap <george.dunlap@citrix.com> > Reviewed-by: Wei Liu <wei.liu2@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com>
diff --git a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c index 105145e9f9..48a879cc88 100644 --- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c +++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c @@ -785,13 +785,12 @@ int LLVMFuzzerInitialize(int *argc, char ***argv) int LLVMFuzzerTestOneInput(const uint8_t *data_p, size_t size) { - struct cpu_user_regs regs = {}; struct fuzz_state state = { .ops = all_fuzzer_ops, }; struct x86_emulate_ctxt ctxt = { .data = &state, - .regs = ®s, + .regs = &input.regs, .addr_size = 8 * sizeof(void *), .sp_size = 8 * sizeof(void *), };