Commit 8bba6ed6 authored Feb 12, 2024 by Sebastian Brzezinka Committed by Tomasz Zawadzki Feb 14, 2024

fuzz/llvm_vfio_fuzz: Adjust array index to avoid overflow



fuzz_vfio_user_set_msix test uses 9 bytes for a single test, this
patch fixes `data` array indexes to match the requested size.

Change-Id: I19762de62173f885ee28a5a4b2a8e500c8c6dd81
Signed-off-by: Sebastian Brzezinka <sebastian.brzezinka@intel.com>
Reviewed-on: https://review.spdk.io/gerrit/c/spdk/spdk/+/21820


Reviewed-by: Jim Harris <jim.harris@samsung.com>
Reviewed-by: Konrad Sztyber <konrad.sztyber@intel.com>
Reviewed-by: Marcin Spiewak <marcin.spiewak@intel.com>
Tested-by: SPDK CI Jenkins <sys_sgci@intel.com>

parent 387dbedc

test/app/fuzz/llvm_vfio_fuzz/llvm_vfio_fuzz.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -189,8 +189,8 @@ fuzz_vfio_user_set_msix(const uint8_t data, size_t size, struct vfio_device de
		/* Max value is VFIO_IRQ_SET_ACTION_TRIGGER, try different combination too */
		irq_set.flags = data[0] & ((1 << 6) - 1);
		irq_set.index = VFIO_PCI_MSIX_IRQ_INDEX;
		memcpy(&irq_set.start, &data[2], 4);
		memcpy(&irq_set.count, &data[6], 4);
		memcpy(&irq_set.start, &data[1], 4);
		memcpy(&irq_set.count, &data[5], 4);

		spdk_vfio_user_dev_send_request(dev, VFIO_USER_DEVICE_SET_IRQS,
		&irq_set, sizeof(irq_set), sizeof(irq_set), NULL, 0);