Pull in hardened BPF virtual machine (#9931)

2020-05-08 12:37:04 -07:00
parent 01c490d354
commit 92562b4349
8 changed files with 451 additions and 808 deletions
--- a/programs/bpf_loader/src/lib.rs
+++ b/programs/bpf_loader/src/lib.rs
@@ -250,8 +250,9 @@ pub fn process_instruction(
 #[cfg(test)]
 mod tests {
    use super::*;
+    use rand::Rng;
    use solana_sdk::{account::Account, rent::Rent};
-    use std::{fs::File, io::Read};
+    use std::{fs::File, io::Read, ops::Range};

    #[test]
    #[should_panic(expected = "ExceededMaxInstructions(10)")]
@@ -416,4 +417,61 @@ mod tests {
            process_instruction(&bpf_loader::id(), &keyed_accounts, &vec![])
        );
    }
+
+    /// fuzzing utility function
+    fn fuzz<F>(
+        bytes: &[u8],
+        outer_iters: usize,
+        inner_iters: usize,
+        offset: Range<usize>,
+        value: Range<u8>,
+        work: F,
+    ) where
+        F: Fn(&mut [u8]),
+    {
+        let mut rng = rand::thread_rng();
+        for _ in 0..outer_iters {
+            let mut mangled_bytes = bytes.to_vec();
+            for _ in 0..inner_iters {
+                let offset = rng.gen_range(offset.start, offset.end);
+                let value = rng.gen_range(value.start, value.end);
+                mangled_bytes[offset] = value;
+                work(&mut mangled_bytes);
+            }
+        }
+    }
+
+    #[test]
+    #[ignore]
+    fn test_fuzz() {
+        let program_id = Pubkey::new_rand();
+        let program_key = Pubkey::new_rand();
+
+        // Create program account
+        let mut file = File::open("test_elfs/noop.so").expect("file open failed");
+        let mut elf = Vec::new();
+        file.read_to_end(&mut elf).unwrap();
+
+        info!("mangle the whole file");
+        fuzz(
+            &elf,
+            1_000_000_000,
+            100,
+            0..elf.len(),
+            0..255,
+            |bytes: &mut [u8]| {
+                let program_account = Account::new_ref(1, 0, &program_id);
+                program_account.borrow_mut().data = bytes.to_vec();
+                program_account.borrow_mut().executable = true;
+
+                let parameter_account = Account::new_ref(1, 0, &program_id);
+                let keyed_accounts = vec![
+                    KeyedAccount::new(&program_key, false, &program_account),
+                    KeyedAccount::new(&program_key, false, &parameter_account),
+                ];
+
+                let _result = process_instruction(&bpf_loader::id(), &keyed_accounts, &vec![]);
+            },
+        );
+    }
 }