User: Improve sydr-fuzz support and docs

.gitignore

@@ -41,8 +41,11 @@ Utilities/TestPeCoff/PeCoff
 *.exe
 *.gcda
 *.gcno
+sydr-fuzz.toml
 FUZZDICT
 COVERAGE
+*_SYDR
+sydr-fuzz-out
 fuzz-*.log
 crash-*
 oom-*

User/Makefile

@@ -267,15 +267,15 @@ sydr-fuzz: $(PROJECT)$(SUFFIX) $(PROJECT)_SYDR$(SUFFIX) FORCE
 		exit-on-time = 7200
 
 	 	[sydr]
-		args = "--invert-n 2048 -j 4"
+		args = "-s 90 -j $(FUZZ_JOBS)"
 		target = "$(PROJECT)_SYDR$(SUFFIX) @@"
 		jobs = 1
 
 		[libfuzzer]
 		path = "$(PROJECT)$(SUFFIX)"
-		args = "-jobs=4 -workers=4 -rss_limit_mb=4096 FUZZDICT"
+		args = "-jobs=$(FUZZ_JOBS) -workers=$(FUZZ_JOBS) -rss_limit_mb=$(FUZZ_MEM)"
 	EOF
-	sydr-fuzz run -l debug
+	sydr-fuzz -l debug run
 
 coverage: $(PRODUCT) FORCE
 	@$(LCOV) --version
@@ -290,6 +290,6 @@ coverage: $(PRODUCT) FORCE
 	$(GENHTML) --branch-coverage --output-directory COVERAGE COVERAGE/trace.lcov_info_final
 
 clean: FORCE
-	rm -rf $(OUT_DIR) $(PRODUCT) $(PRODUCT).exe
+	rm -rf $(OUT_DIR) $(PRODUCT) $(PRODUCT)_SYDR $(PRODUCT).exe $(PRODUCT)_SYDR.exe
 
 FORCE:

User/README.md

@@ -65,6 +65,8 @@ make clean
 COVERAGE=1 DEBUG=1 make coverage
 ```
 
+Note: fuzzing corpus is saved in `FUZZDICT`.
+
 Example 4. Perform fuzzing with the help of [Sydr](https://www.ispras.ru/en/technologies/crusher/) tool (path to which should be in `$PATH`):
 
 ```sh
@@ -73,6 +75,8 @@ CC=clang DEBUG=1 SYDR=1 make
 make sydr-fuzz
 ```
 
+Note: fuzzing corpus is saved in `sydr-fuzz-out/corpus`.
+
 ### Predefined variables
 
 Most UDK variables are available due to including the original headers.

Utilities/TestPeCoff/PeCoff.c

@@ -103,6 +103,15 @@ TestImageLoad (
   return EFI_SUCCESS;
 }
 
+INT32 LLVMFuzzerTestOneInput(CONST UINT8 *Data, UINTN Size) {
+  if (Data != NULL) {
+    void *DataCopy = AllocateCopyPool(Size, Data);
+    TestImageLoad (DataCopy, Size);
+    FreePool(DataCopy);
+  }
+  return 0;
+}
+
 int ENTRY_POINT (int argc, char *argv[]) {
   if (argc < 2) {
     printf ("Please provide a valid PE image path\n");