[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support |
Date: |
Fri, 11 Jan 2019 21:27:26 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1 |
On 11/01/19 20:09, Jonathan Metzman wrote:
> Could you clarify what you think the relationship between the qtest
> process, QEMU, and afl-fuzz will look like when fuzzing?
>
> Is it something like this:
> 1. afl-fuzz mutates a buffer, starts a qtest process, and gives the
> qtest process the mutated buffer.
> 2. The qtest process starts a QEMU process and interacts with QEMU
> process based on the buffer AFL gave it (qtest).
> 3. goto 1
>
> I don't think this works (under normal circumstances). AFL will think it
> is fuzzing qtest and will not learn about coverage or crashes from qsym.
> There probably are ways to get this working, but I just want to make
> sure I understand.
It should be possible to turn the qtest process into a test
postprocessor, and remove the second process. It's much harder to
remove the QEMU process as well and turn it into a TestOneInput function.
Paolo
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, (continued)
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Bandan Das, 2019/01/10
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Dmitry Vyukov, 2019/01/10
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Max Moroz, 2019/01/10
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/10
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Stefan Hajnoczi, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Max Moroz, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Max Moroz, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Paolo Bonzini, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Jonathan Metzman, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support,
Paolo Bonzini <=
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Jonathan Metzman, 2019/01/11
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Stefan Hajnoczi, 2019/01/14
- Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Bandan Das, 2019/01/18
Re: [Qemu-devel] Internship idea: virtio-blk oss-fuzz support, Dmitry Vyukov, 2019/01/10