diff options
| author | Alexander Bulekov <alxndr@bu.edu> | 2020-04-21 14:22:30 -0400 |
|---|---|---|
| committer | Stefan Hajnoczi <stefanha@redhat.com> | 2020-05-04 16:07:33 +0100 |
| commit | 05509c8e6def8a23878b93eda3163b7b405a5d57 (patch) | |
| tree | a3787d14bd03ded9f08fa248699f47938c5471c0 /tests | |
| parent | 9af638cc1f665712522608c5d6b8c03d8fa67666 (diff) | |
fuzz: select fuzz target using executable name
The fuzzers are built into a binary (e.g. qemu-fuzz-i386). To select the
device to fuzz/fuzz target, we usually use the --fuzz-target= argument.
This commit allows the fuzz-target to be specified using the name of the
executable. If the executable name ends with -target-FUZZ_TARGET, then
we select the fuzz target based on this name, rather than the
--fuzz-target argument. This is useful for systems such as oss-fuzz
where we don't have control of the arguments passed to the fuzzer.
[Fixed incorrect indentation.
--Stefan]
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Message-id: 20200421182230.6313-1-alxndr@bu.edu
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/qtest/fuzz/fuzz.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index 0d78ac8d36..f5c923852e 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -91,6 +91,7 @@ static void usage(char *path) printf(" * %s : %s\n", tmp->target->name, tmp->target->description); } + printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n"); exit(0); } @@ -143,18 +144,20 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) module_call_init(MODULE_INIT_QOM); module_call_init(MODULE_INIT_LIBQOS); - if (*argc <= 1) { + target_name = strstr(**argv, "-target-"); + if (target_name) { /* The binary name specifies the target */ + target_name += strlen("-target-"); + } else if (*argc > 1) { /* The target is specified as an argument */ + target_name = (*argv)[1]; + if (!strstr(target_name, "--fuzz-target=")) { + usage(**argv); + } + target_name += strlen("--fuzz-target="); + } else { usage(**argv); } /* Identify the fuzz target */ - target_name = (*argv)[1]; - if (!strstr(target_name, "--fuzz-target=")) { - usage(**argv); - } - - target_name += strlen("--fuzz-target="); - fuzz_target = fuzz_get_target(target_name); if (!fuzz_target) { usage(**argv); |