[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[RFC PATCH 3/5] tests: add a sdhci reproducer
From: |
Alexander Bulekov |
Subject: |
[RFC PATCH 3/5] tests: add a sdhci reproducer |
Date: |
Thu, 18 Feb 2021 16:12:21 -0500 |
This patch serves as an example of a file generated with the
./scripts/oss-fuzz/output_reproducer.py script:
The source file in this patch was generated like this:
$ wget https://paste.debian.net/plain/118513 -O /tmp/trace
$ export QEMU_ARGS="-nographic -machine accel=qtest -m 512M \
-nodefaults -device sdhci-pci,sd-spec-version=3 -drive \
if=sd,index=0,file=null-co://,format=raw,id=mydrive \
-device sd-card,drive=mydrive -qtest stdio"
$ export QEMU_PATH=./qemu-system-i386
$ ./scripts/oss-fuzz/output_reproducer.py \
-owner "Alexander Bulekov <alxndr@bu.edu>" /tmp/trace | \
clang-format -style="{BasedOnStyle: llvm, IndentWidth: 4, \
ColumnLimit: 90, BreakBeforeBraces: Linux}" > ../tests/qtest/fuzz-sdhci.c
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
---
tests/qtest/fuzz-sdhci.c | 90 ++++++++++++++++++++++++++++++++++++++++
tests/qtest/meson.build | 2 +
2 files changed, 92 insertions(+)
create mode 100644 tests/qtest/fuzz-sdhci.c
diff --git a/tests/qtest/fuzz-sdhci.c b/tests/qtest/fuzz-sdhci.c
new file mode 100644
index 0000000000..0ce7378c69
--- /dev/null
+++ b/tests/qtest/fuzz-sdhci.c
@@ -0,0 +1,90 @@
+/*
+ * Autogenerated Fuzzer Test Case
+ *
+ * Copyright (c) 2021 Alexander Bulekov <alxndr@bu.edu>
+ *
+ * This work is licensed under the terms of the GNU GPL, version 2 or later.
+ * See the COPYING file in the top-level directory.
+ */
+
+#include "qemu/osdep.h"
+
+#include "libqos/libqtest.h"
+
+/*
+ * cat << EOF | ./qemu-system-i386 -nographic -machine accel=qtest -m 512M \
+ * -nodefaults -device sdhci-pci,sd-spec-version=3 -drive \
+ * if=sd,index=0,file=null-co://,format=raw,id=mydrive -device \
+ * sd-card,drive=mydrive -qtest stdio
+ * outl 0xcf8 0x80001010
+ * outl 0xcfc 0xfbefff00
+ * outl 0xcf8 0x80001001
+ * outl 0xcfc 0x06000000
+ * write 0xfbefff2c 0x1 0x05
+ * write 0xfbefff0f 0x1 0x37
+ * write 0xfbefff0a 0x1 0x01
+ * write 0xfbefff0f 0x1 0x29
+ * write 0xfbefff0f 0x1 0x02
+ * write 0xfbefff0f 0x1 0x03
+ * write 0xfbefff04 0x1 0x01
+ * write 0xfbefff05 0x1 0x01
+ * write 0xfbefff07 0x1 0x02
+ * write 0xfbefff0c 0x1 0x33
+ * write 0xfbefff0e 0x1 0x20
+ * write 0xfbefff0f 0x1 0x00
+ * write 0xfbefff2a 0x1 0x01
+ * write 0xfbefff0c 0x1 0x00
+ * write 0xfbefff03 0x1 0x00
+ * write 0xfbefff05 0x1 0x00
+ * write 0xfbefff2a 0x1 0x02
+ * write 0xfbefff0c 0x1 0x32
+ * write 0xfbefff01 0x1 0x01
+ * write 0xfbefff02 0x1 0x01
+ * write 0xfbefff03 0x1 0x01
+ * EOF
+ */
+static void test_fuzz(void)
+{
+ QTestState *s =
+ qtest_init("-nographic -m 512M -nodefaults -device
sdhci-pci,sd-spec-version=3 "
+ "-drive if=sd,index=0,file=null-co://,format=raw,id=mydrive
-device "
+ "sd-card,drive=mydrive ");
+ qtest_outl(s, 0xcf8, 0x80001010);
+ qtest_outl(s, 0xcfc, 0xfbefff00);
+ qtest_outl(s, 0xcf8, 0x80001001);
+ qtest_outl(s, 0xcfc, 0x06000000);
+ qtest_bufwrite(s, 0xfbefff2c, "\x05", 0x1);
+ qtest_bufwrite(s, 0xfbefff0f, "\x37", 0x1);
+ qtest_bufwrite(s, 0xfbefff0a, "\x01", 0x1);
+ qtest_bufwrite(s, 0xfbefff0f, "\x29", 0x1);
+ qtest_bufwrite(s, 0xfbefff0f, "\x02", 0x1);
+ qtest_bufwrite(s, 0xfbefff0f, "\x03", 0x1);
+ qtest_bufwrite(s, 0xfbefff04, "\x01", 0x1);
+ qtest_bufwrite(s, 0xfbefff05, "\x01", 0x1);
+ qtest_bufwrite(s, 0xfbefff07, "\x02", 0x1);
+ qtest_bufwrite(s, 0xfbefff0c, "\x33", 0x1);
+ qtest_bufwrite(s, 0xfbefff0e, "\x20", 0x1);
+ qtest_bufwrite(s, 0xfbefff0f, "\x00", 0x1);
+ qtest_bufwrite(s, 0xfbefff2a, "\x01", 0x1);
+ qtest_bufwrite(s, 0xfbefff0c, "\x00", 0x1);
+ qtest_bufwrite(s, 0xfbefff03, "\x00", 0x1);
+ qtest_bufwrite(s, 0xfbefff05, "\x00", 0x1);
+ qtest_bufwrite(s, 0xfbefff2a, "\x02", 0x1);
+ qtest_bufwrite(s, 0xfbefff0c, "\x32", 0x1);
+ qtest_bufwrite(s, 0xfbefff01, "\x01", 0x1);
+ qtest_bufwrite(s, 0xfbefff02, "\x01", 0x1);
+ qtest_bufwrite(s, 0xfbefff03, "\x01", 0x1);
+ qtest_quit(s);
+}
+int main(int argc, char **argv)
+{
+ const char *arch = qtest_get_arch();
+
+ g_test_init(&argc, &argv, NULL);
+
+ if (strcmp(arch, "i386") == 0) {
+ qtest_add_func("fuzz/test_fuzz", test_fuzz);
+ }
+
+ return g_test_run();
+}
diff --git a/tests/qtest/meson.build b/tests/qtest/meson.build
index c83bc211b6..97caf84443 100644
--- a/tests/qtest/meson.build
+++ b/tests/qtest/meson.build
@@ -56,6 +56,8 @@ qtests_i386 = \
'rtc-test',
'i440fx-test',
'fuzz-test',
+ 'fuzz-sdhci',
+ 'sdhci-test',
'fw_cfg-test',
'device-plug-test',
'drive_del-test',
--
2.28.0