diff options
| author | Alexander Bulekov <alxndr@bu.edu> | 2020-10-23 11:07:31 -0400 |
|---|---|---|
| committer | Thomas Huth <thuth@redhat.com> | 2020-10-24 07:43:48 +0200 |
| commit | da9bf5319838c193f92a3444bd3258b32c606980 (patch) | |
| tree | c184dc511cb05553bc409237dc244556ed9e169c /tests/qtest/fuzz/meson.build | |
| parent | fb5ef4eeecd88b583d5a6dc8f7dc217179cbfc98 (diff) | |
fuzz: Add generic virtual-device fuzzer
This is a generic fuzzer designed to fuzz a virtual device's
MemoryRegions, as long as they exist within the Memory or Port IO (if it
exists) AddressSpaces. The fuzzer's input is interpreted into a sequence
of qtest commands (outb, readw, etc). The interpreted commands are
separated by a magic seaparator, which should be easy for the fuzzer to
guess. Without ASan, the separator can be specified as a "dictionary
value" using the -dict argument (see libFuzzer documentation).
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20201023150746.107063-3-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Diffstat (limited to 'tests/qtest/fuzz/meson.build')
| -rw-r--r-- | tests/qtest/fuzz/meson.build | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/tests/qtest/fuzz/meson.build b/tests/qtest/fuzz/meson.build index b31ace7d5a..5162321f30 100644 --- a/tests/qtest/fuzz/meson.build +++ b/tests/qtest/fuzz/meson.build @@ -5,6 +5,7 @@ specific_fuzz_ss.add(files('fuzz.c', 'fork_fuzz.c', 'qos_fuzz.c', specific_fuzz_ss.add(when: 'CONFIG_I440FX', if_true: files('i440fx_fuzz.c')) specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_NET', if_true: files('virtio_net_fuzz.c')) specific_fuzz_ss.add(when: 'CONFIG_VIRTIO_SCSI', if_true: files('virtio_scsi_fuzz.c')) +specific_fuzz_ss.add(files('generic_fuzz.c')) fork_fuzz = declare_dependency( link_args: config_host['FUZZ_EXE_LDFLAGS'].split() + |