| /qemu/docs/devel/testing/ |
| H A D | fuzzing.rst | 15 To fuzz QEMU, we rely on libfuzzer. Unlike other fuzzers such as AFL, libfuzzer
33 make qemu-fuzz-i386
35 This builds ``./qemu-fuzz-i386``
37 The first option to this command is: ``--fuzz-target=FUZZ_NAME``
38 To list all of the available fuzzers run ``qemu-fuzz-i386`` with no arguments.
42 ./qemu-fuzz-i386 --fuzz-target=virtio-scsi-fuzz
110 llvm-cov show ./path/to/qemu-fuzz-i386 -instr-profile=default.profdata \
117 Fuzzers are kept in ``tests/qtest/fuzz/`` and should be added to
118 ``tests/qtest/fuzz/meson.build``
122 1. Create a new source file. For example ``tests/qtest/fuzz/foo-device-fuzz.c``.
[all …]
|
| /qemu/scripts/oss-fuzz/ |
| H A D | build.sh | 70 if ! make "-j$(nproc)" qemu-fuzz-i386; then
77 for i in $(ldd ./qemu-fuzz-i386 | cut -f3 -d' '); do
80 rm qemu-fuzz-i386
87 make "-j$(nproc)" qemu-fuzz-i386 V=1
92 rm -rf $DEST_DIR/qemu-bundle/opt/qemu-oss-fuzz/bin
93 rm -rf $DEST_DIR/qemu-bundle/opt/qemu-oss-fuzz/libexec
96 targets=$(./qemu-fuzz-i386 | grep generic-fuzz | awk '$1 ~ /\*/ {print $2}')
|
| H A D | instrumentation-filter-template | 12 src:*/tests/qtest/fuzz/fuzz.c
|
| /qemu/tests/docker/ |
| H A D | test-fuzz | 20 mkdir build-oss-fuzz
21 export LSAN_OPTIONS=suppressions=scripts/oss-fuzz/lsan_suppressions.txt
22 env CC="clang" CXX="clang++" CFLAGS="-fsanitize=address" ./scripts/oss-fuzz/build.sh
24 for fuzzer in $(find ./build-oss-fuzz/DEST_DIR/ -executable -type f | grep -v slirp); do
|
| /qemu/tests/image-fuzzer/qcow2/ |
| H A D | layout.py | 21 from . import fuzz
468 def fuzz(self, fields_to_fuzz=None): member in Image
489 field.value = getattr(fuzz, field.name)(field.value)
495 field.value = getattr(fuzz,
501 field.value = getattr(fuzz, field.name)(field.value)
610 image.fuzz(fields_to_fuzz)
|
| /qemu/tests/qtest/fuzz/ |
| H A D | i440fx_fuzz.c | 164 .fuzz = i440fx_fuzz_qtest}); in register_pci_fuzz_targets()
176 .fuzz = i440fx_fuzz_qos,}, in register_pci_fuzz_targets()
|
| H A D | fuzz.h | 77 void(*fuzz)(QTestState *, const unsigned char *, size_t); member
|
| H A D | meson.build | 5 specific_fuzz_ss.add(files('fuzz.c', 'qos_fuzz.c',
|
| H A D | virtio_net_fuzz.c | 151 .fuzz = virtio_net_fuzz_check_used,}, in register_virtio_net_fuzz_targets()
|
| H A D | virtio_scsi_fuzz.c | 172 .fuzz = virtio_scsi_with_flag_fuzz,}, in register_virtio_scsi_fuzz_targets()
|
| H A D | fuzz.c | 159 fuzz_target->fuzz(fuzz_qts, Data, Size); in LLVMFuzzerTestOneInput()
|
| H A D | virtio_blk_fuzz.c | 191 .fuzz = virtio_blk_with_flag_fuzz,}, in register_virtio_blk_fuzz_targets()
|
| H A D | generic_fuzz.c | 953 .fuzz = generic_fuzz, in register_generic_fuzz_targets()
964 .fuzz = generic_fuzz, in register_generic_fuzz_targets()
|
| /qemu/tests/qtest/ |
| H A D | meson.build | 88 (config_all_devices.has_key('CONFIG_E1000E_PCI_EXPRESS') ? ['fuzz-e1000e-test'] : []) + \
89 (config_all_devices.has_key('CONFIG_MEGASAS_SCSI_PCI') ? ['fuzz-megasas-test'] : []) + \
90 (config_all_devices.has_key('CONFIG_LSI_SCSI_PCI') ? ['fuzz-lsi53c895a-test'] : []) + \
91 (config_all_devices.has_key('CONFIG_VIRTIO_SCSI') ? ['fuzz-virtio-scsi-test'] : []) + \
94 (config_all_devices.has_key('CONFIG_SB16') ? ['fuzz-sb16-test'] : []) + \
95 (config_all_devices.has_key('CONFIG_SDHCI_PCI') ? ['fuzz-sdcard-test'] : []) + \
257 …(config_all_devices.has_key('CONFIG_XLNX_ZYNQMP_ARM') ? ['xlnx-can-test', 'fuzz-xlnx-dp-test'] : […
|
| /qemu/include/standard-headers/linux/ |
| H A D | virtio_input.h | 45 uint32_t fuzz; member
|
| H A D | input.h | 94 int32_t fuzz; member
|
| /qemu/hw/input/ |
| H A D | virtio-input-host.c | 91 config.u.abs.fuzz = cpu_to_le32(absinfo.fuzz); in virtio_input_abs_config()
|
| /qemu/docs/ |
| H A D | image-fuzzer.txt | 1 # Specification for the fuzz testing tool
105 Qcow2 contains two submodules: fuzz.py and layout.py.
107 'fuzz.py' contains all fuzzing functions, one per image field. It's assumed
116 fields by 'fuzz.py' module and writes a fuzzed image to the file specified.
|
| /qemu/qga/ |
| H A D | meson.build | 187 # the leak detector in build-oss-fuzz Gitlab CI test. we should re-enable
|
| /qemu/ |
| H A D | MAINTAINERS | 1989 F: tests/qtest/fuzz-sb16-test.c
2181 F: tests/qtest/fuzz-virtio-scsi-test.c
2183 F: tests/qtest/fuzz-lsi53c895a-test.c
2209 F: tests/qtest/fuzz-sdcard-test.c
2518 F: tests/qtest/fuzz-megasas-test.c
2561 F: tests/qtest/fuzz-e1000e-test.c
3457 F: tests/qtest/fuzz/
3458 F: tests/qtest/fuzz-*test.c
3459 F: tests/docker/test-fuzz
3460 F: scripts/oss-fuzz/
|
| H A D | meson.build | 630 input: 'scripts/oss-fuzz/instrumentation-filter-template',
3911 subdir('tests/qtest/fuzz')
4455 'name': 'qemu-fuzz-' + target_name,
|