From 70d99cbaf70a0044d06b0ee804cb2b9c5f879a77 Mon Sep 17 00:00:00 2001
From: Dave Tucker <dave@dtucker.co.uk>
Date: Wed, 22 Jun 2022 23:34:14 +0100
Subject: [PATCH] aya: Add fuzz targets

This is an initial attempt to add fuzzing with cargo-fuzz.
2 targets seemed simple enough to add which are Bpf::load and
Btf::parse_file since these are both public APIs which take byte
streams. Other more structured fuzzing can be added later

Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
---
 aya/fuzz/.gitignore                     |  3 +++
 aya/fuzz/Cargo.toml                     | 31 +++++++++++++++++++++++++
 aya/fuzz/fuzz_targets/fuzz_bpf_load.rs  |  7 ++++++
 aya/fuzz/fuzz_targets/fuzz_btf_parse.rs | 13 +++++++++++
 4 files changed, 54 insertions(+)
 create mode 100644 aya/fuzz/.gitignore
 create mode 100644 aya/fuzz/Cargo.toml
 create mode 100644 aya/fuzz/fuzz_targets/fuzz_bpf_load.rs
 create mode 100644 aya/fuzz/fuzz_targets/fuzz_btf_parse.rs

diff --git a/aya/fuzz/.gitignore b/aya/fuzz/.gitignore
new file mode 100644
index 00000000..a0925114
--- /dev/null
+++ b/aya/fuzz/.gitignore
@@ -0,0 +1,3 @@
+target
+corpus
+artifacts
diff --git a/aya/fuzz/Cargo.toml b/aya/fuzz/Cargo.toml
new file mode 100644
index 00000000..998b9d88
--- /dev/null
+++ b/aya/fuzz/Cargo.toml
@@ -0,0 +1,31 @@
+[package]
+name = "aya-fuzz"
+version = "0.0.0"
+authors = ["Automatically generated"]
+publish = false
+edition = "2018"
+
+[package.metadata]
+cargo-fuzz = true
+
+[dependencies]
+libfuzzer-sys = "0.4"
+
+[dependencies.aya]
+path = ".."
+
+# Prevent this from interfering with workspaces
+[workspace]
+members = ["."]
+
+[[bin]]
+name = "fuzz_bpf_load"
+path = "fuzz_targets/fuzz_bpf_load.rs"
+test = false
+doc = false
+
+[[bin]]
+name = "fuzz_btf_parse"
+path = "fuzz_targets/fuzz_btf_parse.rs"
+test = false
+doc = false
diff --git a/aya/fuzz/fuzz_targets/fuzz_bpf_load.rs b/aya/fuzz/fuzz_targets/fuzz_bpf_load.rs
new file mode 100644
index 00000000..2fbe3968
--- /dev/null
+++ b/aya/fuzz/fuzz_targets/fuzz_bpf_load.rs
@@ -0,0 +1,7 @@
+#![no_main]
+use aya::Bpf;
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+    let _ = Bpf::load(data);
+});
diff --git a/aya/fuzz/fuzz_targets/fuzz_btf_parse.rs b/aya/fuzz/fuzz_targets/fuzz_btf_parse.rs
new file mode 100644
index 00000000..327ea5fb
--- /dev/null
+++ b/aya/fuzz/fuzz_targets/fuzz_btf_parse.rs
@@ -0,0 +1,13 @@
+#![no_main]
+use aya::{Btf, Endianness};
+use libfuzzer_sys::fuzz_target;
+use std::{env::temp_dir, fs::File, io::Write};
+
+fuzz_target!(|data: &[u8]| {
+    let mut path = temp_dir();
+    path.push("btf");
+    let mut file = File::create(&path).unwrap();
+    file.write_all(data).unwrap();
+    file.flush().unwrap();
+    let _ = Btf::parse_file(path, Endianness::default());
+});