Experimental fork of QEMU with video encoding patches https://git.openslx.org/bwlp/qemu.git/atom/scripts/oss-fuzz?h=master 2022-07-22T17:01:44+00:00 2022-07-22T17:01:44+00:00 Alexander Bulekov 2022-07-20T18:09:46+00:00 urn:sha1:7906f11e62c39cdbf8edc274cb311a420d675371 Depending on how the target list is sorted in by qemu, the first target (used as the base copy of the fuzzer, to which all others are linked) might not be a generic-fuzzer. Since we are trying to only use generic-fuzz, on oss-fuzz, fix that, to ensure the base copy is a generic-fuzzer. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20220720180946.2264253-1-alxndr@bu.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> 2022-07-22T17:01:44+00:00 Paolo Bonzini 2022-07-20T08:40:06+00:00 urn:sha1:d5b50236915be6f48e9ade9152273f0e902c63be oss-fuzz is finding possible fuzzing targets even under qemu-bundle/.../bin, but they cannot be used because the required shared libraries are missing. Since the fuzzing targets are already placed manually in $OUT, the bindir and libexecdir subtrees are not needed; remove them. Cc: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> 2022-07-13T14:58:57+00:00 Akihiko Odaki 2022-06-24T14:50:38+00:00 urn:sha1:882084a04ae9bec00e510a2319feba1d1a653fb1 softmmu/datadir.c had its own implementation to find files in the build tree, but now bundle mechanism provides the unified implementation which works for datadir and the other files. Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Message-Id: <20220624145039.49929-4-akihiko.odaki@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> 2022-07-08T09:03:36+00:00 Alexander Bulekov 2022-06-23T12:55:05+00:00 urn:sha1:0e76929d6539a609a49bac09c27444ef576fa74a The non-generic-fuzz targets often time-out, or run out of memory. Additionally, they create unreproducible bug-reports. It is possible that this is resulting in failing coverage-reports on OSS-Fuzz. In the future, these test-cases should be fixed, or removed. Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20220623125505.2137534-1-alxndr@bu.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> 2022-05-03T11:16:51+00:00 Marc-André Lureau 2022-03-30T09:39:05+00:00 urn:sha1:907b5105f1b9e1af1abbdbb4f2039c7ab105c001 Since commit a2ce7dbd917 ("meson: convert tests/qtest to meson"), libqtest.h is under libqos/ directory, while libqtest.c is still in qtest/. Move back to its original location to avoid mixing with libqos/. Suggested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> 2021-09-01T11:33:13+00:00 Alexander Bulekov 2021-07-13T15:00:37+00:00 urn:sha1:dfc86c0f25126ce3242b317087234c7228418eb2 By default, -fsanitize=fuzzer instruments all code with coverage information. However, this means that libfuzzer will track coverage over hundreds of source files that are unrelated to virtual-devices. This means that libfuzzer will optimize inputs for coverage observed in timer code, memory APIs etc. This slows down the fuzzer and stores many inputs that are not relevant to the actual virtual-devices. With this change, clang versions that support the "-fsanitize-coverage-allowlist" will only instrument a subset of the compiled code, that is directly related to virtual-devices. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> 2021-08-11T11:40:01+00:00 Alexander Bulekov 2021-08-09T11:16:21+00:00 urn:sha1:3973e7ae63cdbd974731e590fcca694d46a82bd2 On oss-fuzz, we build twice, to put together a build that is portable to the runner containers. On gitlab ci, this is wasteful and contributes to timeouts on the build-oss-fuzz job. Avoid building twice on gitlab, at the remote cost of potentially missing some cases that break oss-fuzz builds. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20210809111621.54454-1-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com> 2021-06-05T19:29:39+00:00 Philippe Mathieu-Daudé 2021-06-02T17:07:59+00:00 urn:sha1:eeae5466c47ef06e8cc59e2cb114e094e722e389 While we only use stdin, the chardev is named 'stdio'. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20210602170759.2500248-4-f4bug@amsat.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu> 2021-03-16T18:19:54+00:00 Alexander Bulekov 2021-03-14T04:23:56+00:00 urn:sha1:97ef5f8862e1442a8d1c6044e19aa19ce9d1e974 Currently, bash and C crash reproducers are be built manually. This is a problem, as we want to integrate reproducers into the tree, for regression testing. This patch adds a script that converts a sequence of QTest commands into a pasteable Bash reproducer, or a libqtest-based C program. This will try to wrap pasteable reproducers to 72 chars, but the generated C code will not have nice formatting. Therefore, the C output of this script should be piped through an auto-formatter, such as clang-format Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> 2021-02-08T13:43:54+00:00 Qiuhao Li 2021-01-28T03:59:28+00:00 urn:sha1:487a1d13baf46dd72b95f8919d6d40e938fd25c3 Signed-off-by: Qiuhao Li <Qiuhao.Li@outlook.com> Message-Id: <SYCPR01MB3502E9F6EB06DEDCD484F738FCBA9@SYCPR01MB3502.ausprd01.prod.outlook.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>