| commit | da9bf5319838c193f92a3444bd3258b32c606980 | |
| author | Alexander Bulekov <alxndr@bu.edu> | |
| Fri, 23 Oct 2020 15:07:31 +0000 (23 11:07 -0400) | ||
| committer | Thomas Huth <thuth@redhat.com> | |
| Sat, 24 Oct 2020 05:43:48 +0000 (24 07:43 +0200) | ||
| tree | c184dc511cb05553bc409237dc244556ed9e169c | treesnapshot (tar.gz zip) |
| parent | fb5ef4eeecd88b583d5a6dc8f7dc217179cbfc98 | commitdiff |
fuzz: Add generic virtual-device fuzzer
This is a generic fuzzer designed to fuzz a virtual device's
MemoryRegions, as long as they exist within the Memory or Port IO (if it
exists) AddressSpaces. The fuzzer's input is interpreted into a sequence
of qtest commands (outb, readw, etc). The interpreted commands are
separated by a magic seaparator, which should be easy for the fuzzer to
guess. Without ASan, the separator can be specified as a "dictionary
value" using the -dict argument (see libFuzzer documentation).
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201023150746.107063-3-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
This is a generic fuzzer designed to fuzz a virtual device's
MemoryRegions, as long as they exist within the Memory or Port IO (if it
exists) AddressSpaces. The fuzzer's input is interpreted into a sequence
of qtest commands (outb, readw, etc). The interpreted commands are
separated by a magic seaparator, which should be easy for the fuzzer to
guess. Without ASan, the separator can be specified as a "dictionary
value" using the -dict argument (see libFuzzer documentation).
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201023150746.107063-3-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
| tests/qtest/fuzz/generic_fuzz.c | [new file with mode: 0644] | blob |
| tests/qtest/fuzz/meson.build | diffblobblamehistory |