| commit | a9f67c1d51dda405bc6a406d13c8802b98df904e | |
| author | Alexander Bulekov <alxndr@bu.edu> | |
| Thu, 29 Oct 2020 17:28:58 +0000 (29 13:28 -0400) | ||
| committer | Paolo Bonzini <pbonzini@redhat.com> | |
| Tue, 3 Nov 2020 18:17:27 +0000 (3 13:17 -0500) | ||
| tree | a590677d6939a50aabef4293bb320c75d5f1f116 | treesnapshot (tar.gz zip) |
| parent | c59c582d56ee3bbde15e6788c0d28329792b2573 | commitdiff |
fuzz: fix writing DMA patterns
This code had all sorts of issues. We used a loop similar to
address_space_write_rom, but I did not remove a "break" that only made
sense in the context of the switch statement in the original code. Then,
after the loop, we did a separate qtest_memwrite over the entire DMA
access range, defeating the purpose of the loop. Additionally, we
increment the buf pointer, and then try to g_free() it. Fix these
problems.
Reported-by: OSS-Fuzz (Issue 26725)
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: OSS-Fuzz (Issue 26691)
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20201029172901.534442-2-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This code had all sorts of issues. We used a loop similar to
address_space_write_rom, but I did not remove a "break" that only made
sense in the context of the switch statement in the original code. Then,
after the loop, we did a separate qtest_memwrite over the entire DMA
access range, defeating the purpose of the loop. Additionally, we
increment the buf pointer, and then try to g_free() it. Fix these
problems.
Reported-by: OSS-Fuzz (Issue 26725)
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: OSS-Fuzz (Issue 26691)
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-Id: <20201029172901.534442-2-alxndr@bu.edu>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| tests/qtest/fuzz/generic_fuzz.c | diffblobblamehistory |