diff --git a/fuzz/fuzz_targets/snapshot2.rs b/fuzz/fuzz_targets/snapshot2.rs index f84cf31a..b34fc5d3 100644 --- a/fuzz/fuzz_targets/snapshot2.rs +++ b/fuzz/fuzz_targets/snapshot2.rs @@ -1,4 +1,3 @@ -#![allow(dead_code)] #![no_main] use ckb_vm::{ elf::{LoadingAction, ProgramMetadata}, @@ -61,7 +60,11 @@ impl DataSource for DummyData { }; let offset = std::cmp::min(offset as usize, data.len()); let full_size = data.len() - offset; - let real_size = std::cmp::min(full_size, length as usize); + let real_size = if length > 0 { + std::cmp::min(full_size, length as usize) + } else { + full_size + }; Ok((data.slice(offset..offset + real_size), full_size as u64)) } } @@ -156,6 +159,19 @@ fuzz_target!(|data: [u8; 96]| { return; } } + for _ in 0..2 { + let length = deque.u32() as u64; + let offset = deque.u32() as u64; + let addr = deque.u32() as u64; + let data = dummy_data + .load_data(&DATA_SOURCE_CONTENT, offset, length) + .unwrap() + .0; + let result = machine1.memory_mut().store_bytes(addr, &data); + if result.is_err() { + return; + } + } let snapshot = ctx.make_snapshot(&mut machine1).unwrap(); ctx.resume(&mut machine2, &snapshot).unwrap(); for i in 0..DEFAULT_MEMORY_SIZE / RISCV_PAGESIZE { @@ -168,8 +184,8 @@ fuzz_target!(|data: [u8; 96]| { .load_bytes((i * RISCV_PAGESIZE) as u64, RISCV_PAGESIZE as u64) .unwrap(); if mem1 != mem2 { - eprintln!("mem1[0..16] = {:?}", &mem1[0..32]); - eprintln!("mem2[0..16] = {:?}", &mem2[0..32]); + eprintln!("mem1[0..32] = {:?}", &mem1[0..32]); + eprintln!("mem2[0..32] = {:?}", &mem2[0..32]); eprintln!("program length = {}", dummy_data.program.len()); eprintln!("content length = {}", dummy_data.content.len()); for action in &loading_action_vec {