| Message ID | 20210218211224.2513413-4-alxndr@bu.edu (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | fuzz: add a script to help build reproducers | expand |
On 2/18/21 10:12 PM, Alexander Bulekov wrote: > This patch serves as an example of a file generated with the > ./scripts/oss-fuzz/output_reproducer.py script: > The source file in this patch was generated like this: > > $ wget https://paste.debian.net/plain/118513 -O /tmp/trace > $ export QEMU_ARGS="-nographic -machine accel=qtest -m 512M \ > -nodefaults -device sdhci-pci,sd-spec-version=3 -drive \ > if=sd,index=0,file=null-co://,format=raw,id=mydrive \ > -device sd-card,drive=mydrive -qtest stdio" > $ export QEMU_PATH=./qemu-system-i386 > $ ./scripts/oss-fuzz/output_reproducer.py \ > -owner "Alexander Bulekov <alxndr@bu.edu>" /tmp/trace | \ > clang-format -style="{BasedOnStyle: llvm, IndentWidth: 4, \ > ColumnLimit: 90, BreakBeforeBraces: Linux}" > ../tests/qtest/fuzz-sdhci.c > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > --- > tests/qtest/fuzz-sdhci.c | 90 ++++++++++++++++++++++++++++++++++++++++ > tests/qtest/meson.build | 2 + > 2 files changed, 92 insertions(+) > create mode 100644 tests/qtest/fuzz-sdhci.c ... > diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build > index c83bc211b6..97caf84443 100644 > --- a/tests/qtest/meson.build > +++ b/tests/qtest/meson.build > @@ -56,6 +56,8 @@ qtests_i386 = \ > 'rtc-test', > 'i440fx-test', > 'fuzz-test', > + 'fuzz-sdhci', > + 'sdhci-test', This line ^ belongs to the next patch. > 'fw_cfg-test', > 'device-plug-test', > 'drive_del-test', >
On 210219 2306, Philippe Mathieu-Daudé wrote: > On 2/18/21 10:12 PM, Alexander Bulekov wrote: > > This patch serves as an example of a file generated with the > > ./scripts/oss-fuzz/output_reproducer.py script: > > The source file in this patch was generated like this: > > > > $ wget https://paste.debian.net/plain/118513 -O /tmp/trace > > $ export QEMU_ARGS="-nographic -machine accel=qtest -m 512M \ > > -nodefaults -device sdhci-pci,sd-spec-version=3 -drive \ > > if=sd,index=0,file=null-co://,format=raw,id=mydrive \ > > -device sd-card,drive=mydrive -qtest stdio" > > $ export QEMU_PATH=./qemu-system-i386 > > $ ./scripts/oss-fuzz/output_reproducer.py \ > > -owner "Alexander Bulekov <alxndr@bu.edu>" /tmp/trace | \ > > clang-format -style="{BasedOnStyle: llvm, IndentWidth: 4, \ > > ColumnLimit: 90, BreakBeforeBraces: Linux}" > ../tests/qtest/fuzz-sdhci.c > > > > Signed-off-by: Alexander Bulekov <alxndr@bu.edu> > > --- > > tests/qtest/fuzz-sdhci.c | 90 ++++++++++++++++++++++++++++++++++++++++ > > tests/qtest/meson.build | 2 + > > 2 files changed, 92 insertions(+) > > create mode 100644 tests/qtest/fuzz-sdhci.c > ... > > > diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build > > index c83bc211b6..97caf84443 100644 > > --- a/tests/qtest/meson.build > > +++ b/tests/qtest/meson.build > > @@ -56,6 +56,8 @@ qtests_i386 = \ > > 'rtc-test', > > 'i440fx-test', > > 'fuzz-test', > > + 'fuzz-sdhci', > > + 'sdhci-test', > > This line ^ belongs to the next patch. I think the line doesn't belong at all. The next patch justs adds to fuzz-sdhci.c > > > 'fw_cfg-test', > > 'device-plug-test', > > 'drive_del-test', > >
diff --git a/tests/qtest/fuzz-sdhci.c b/tests/qtest/fuzz-sdhci.c new file mode 100644 index 0000000000..0ce7378c69 --- /dev/null +++ b/tests/qtest/fuzz-sdhci.c @@ -0,0 +1,90 @@ +/* + * Autogenerated Fuzzer Test Case + * + * Copyright (c) 2021 Alexander Bulekov <alxndr@bu.edu> + * + * This work is licensed under the terms of the GNU GPL, version 2 or later. + * See the COPYING file in the top-level directory. + */ + +#include "qemu/osdep.h" + +#include "libqos/libqtest.h" + +/* + * cat << EOF | ./qemu-system-i386 -nographic -machine accel=qtest -m 512M \ + * -nodefaults -device sdhci-pci,sd-spec-version=3 -drive \ + * if=sd,index=0,file=null-co://,format=raw,id=mydrive -device \ + * sd-card,drive=mydrive -qtest stdio + * outl 0xcf8 0x80001010 + * outl 0xcfc 0xfbefff00 + * outl 0xcf8 0x80001001 + * outl 0xcfc 0x06000000 + * write 0xfbefff2c 0x1 0x05 + * write 0xfbefff0f 0x1 0x37 + * write 0xfbefff0a 0x1 0x01 + * write 0xfbefff0f 0x1 0x29 + * write 0xfbefff0f 0x1 0x02 + * write 0xfbefff0f 0x1 0x03 + * write 0xfbefff04 0x1 0x01 + * write 0xfbefff05 0x1 0x01 + * write 0xfbefff07 0x1 0x02 + * write 0xfbefff0c 0x1 0x33 + * write 0xfbefff0e 0x1 0x20 + * write 0xfbefff0f 0x1 0x00 + * write 0xfbefff2a 0x1 0x01 + * write 0xfbefff0c 0x1 0x00 + * write 0xfbefff03 0x1 0x00 + * write 0xfbefff05 0x1 0x00 + * write 0xfbefff2a 0x1 0x02 + * write 0xfbefff0c 0x1 0x32 + * write 0xfbefff01 0x1 0x01 + * write 0xfbefff02 0x1 0x01 + * write 0xfbefff03 0x1 0x01 + * EOF + */ +static void test_fuzz(void) +{ + QTestState *s = + qtest_init("-nographic -m 512M -nodefaults -device sdhci-pci,sd-spec-version=3 " + "-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive -device " + "sd-card,drive=mydrive "); + qtest_outl(s, 0xcf8, 0x80001010); + qtest_outl(s, 0xcfc, 0xfbefff00); + qtest_outl(s, 0xcf8, 0x80001001); + qtest_outl(s, 0xcfc, 0x06000000); + qtest_bufwrite(s, 0xfbefff2c, "\x05", 0x1); + qtest_bufwrite(s, 0xfbefff0f, "\x37", 0x1); + qtest_bufwrite(s, 0xfbefff0a, "\x01", 0x1); + qtest_bufwrite(s, 0xfbefff0f, "\x29", 0x1); + qtest_bufwrite(s, 0xfbefff0f, "\x02", 0x1); + qtest_bufwrite(s, 0xfbefff0f, "\x03", 0x1); + qtest_bufwrite(s, 0xfbefff04, "\x01", 0x1); + qtest_bufwrite(s, 0xfbefff05, "\x01", 0x1); + qtest_bufwrite(s, 0xfbefff07, "\x02", 0x1); + qtest_bufwrite(s, 0xfbefff0c, "\x33", 0x1); + qtest_bufwrite(s, 0xfbefff0e, "\x20", 0x1); + qtest_bufwrite(s, 0xfbefff0f, "\x00", 0x1); + qtest_bufwrite(s, 0xfbefff2a, "\x01", 0x1); + qtest_bufwrite(s, 0xfbefff0c, "\x00", 0x1); + qtest_bufwrite(s, 0xfbefff03, "\x00", 0x1); + qtest_bufwrite(s, 0xfbefff05, "\x00", 0x1); + qtest_bufwrite(s, 0xfbefff2a, "\x02", 0x1); + qtest_bufwrite(s, 0xfbefff0c, "\x32", 0x1); + qtest_bufwrite(s, 0xfbefff01, "\x01", 0x1); + qtest_bufwrite(s, 0xfbefff02, "\x01", 0x1); + qtest_bufwrite(s, 0xfbefff03, "\x01", 0x1); + qtest_quit(s); +} +int main(int argc, char **argv) +{ + const char *arch = qtest_get_arch(); + + g_test_init(&argc, &argv, NULL); + + if (strcmp(arch, "i386") == 0) { + qtest_add_func("fuzz/test_fuzz", test_fuzz); + } + + return g_test_run(); +} diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build index c83bc211b6..97caf84443 100644 --- a/tests/qtest/meson.build +++ b/tests/qtest/meson.build @@ -56,6 +56,8 @@ qtests_i386 = \ 'rtc-test', 'i440fx-test', 'fuzz-test', + 'fuzz-sdhci', + 'sdhci-test', 'fw_cfg-test', 'device-plug-test', 'drive_del-test',
This patch serves as an example of a file generated with the ./scripts/oss-fuzz/output_reproducer.py script: The source file in this patch was generated like this: $ wget https://paste.debian.net/plain/118513 -O /tmp/trace $ export QEMU_ARGS="-nographic -machine accel=qtest -m 512M \ -nodefaults -device sdhci-pci,sd-spec-version=3 -drive \ if=sd,index=0,file=null-co://,format=raw,id=mydrive \ -device sd-card,drive=mydrive -qtest stdio" $ export QEMU_PATH=./qemu-system-i386 $ ./scripts/oss-fuzz/output_reproducer.py \ -owner "Alexander Bulekov <alxndr@bu.edu>" /tmp/trace | \ clang-format -style="{BasedOnStyle: llvm, IndentWidth: 4, \ ColumnLimit: 90, BreakBeforeBraces: Linux}" > ../tests/qtest/fuzz-sdhci.c Signed-off-by: Alexander Bulekov <alxndr@bu.edu> --- tests/qtest/fuzz-sdhci.c | 90 ++++++++++++++++++++++++++++++++++++++++ tests/qtest/meson.build | 2 + 2 files changed, 92 insertions(+) create mode 100644 tests/qtest/fuzz-sdhci.c