| /openbmc/qemu/docs/ |
| H A D | image-fuzzer.txt | 19 Image fuzzer
25 The goal of the image fuzzer is to catch crashes of qemu-io/qemu-img
44 The runner uses an external image fuzzer to generate test images. An image
102 a single public API. See details in 'Test runner/image fuzzer' chapter of
117 If a fuzzer configuration is specified, then it has the next interpretation:
134 * Test runner/image fuzzer
137 path to a backing file and its format and a fuzzer configuration.
158 Overall fuzzer requirements
171 Fuzzer requirements:
179 4. Image template should be autonomous and other fuzzer parts should not
[all …]
|
| /openbmc/qemu/docs/devel/testing/ |
| H A D | fuzzing.rst | 12 fuzzer tracks the code coverage triggered by the input. Based on these
13 findings, the fuzzer mutates the input and repeats the fuzzing.
16 is an *in-process* fuzzer. For the developer, this means that it is their
47 Now the only thing left to do is wait for the fuzzer to trigger potential
79 the fuzzer's input and Arg2 is a magic constant, then each time the Hamming
92 Code coverage is a crucial metric for evaluating a fuzzer's performance.
104 3. Re-run the fuzzer. Specify $CORPUS_DIR/* as an argument, telling libfuzzer
113 Adding a new fuzzer
127 3. Add the fuzzer to ``tests/qtest/fuzz/meson.build``.
132 fuzzer loops over the byte-array interpreting it as a list of qtest commands,
[all …]
|
| H A D | main.rst | 864 Image fuzzer testing
867 An image fuzzer was added to exercise format drivers. Currently only qcow2 is
868 supported. To start the fuzzer, run
872 tests/image-fuzzer/runner.py -c '[["qemu-img", "info", "$test_img"]]' /tmp/test qcow2
|
| /openbmc/qemu/tests/docker/ |
| H A D | test-fuzz | 24 for fuzzer in $(find ./build-oss-fuzz/DEST_DIR/ -executable -type f | grep -v slirp); do
25 grep "LLVMFuzzerTestOneInput" ${fuzzer} > /dev/null 2>&1 || continue ;
26 echo Testing ${fuzzer} ... ;
27 "${fuzzer}" -runs=1 -seed=1 || exit 1 ;
|
| /openbmc/qemu/scripts/oss-fuzz/ |
| H A D | instrumentation-filter-template | 1 # Code that we actually want the fuzzer to target
9 # We don't care about coverage over fuzzer-specific code, however we should
10 # instrument the fuzzer entry-point so libFuzzer always sees at least some
|
| H A D | reorder_fuzzer_qtest_trace.py | 5 Use this to convert qtest log info from a generic fuzzer input into a qtest
21 Some fuzzer make use of hooks that allow us to populate some memory range, just
22 before a DMA read from that range. This means that the fuzzer can produce
60 The fuzzer will annotate suspected double-fetches with [DOUBLE-FETCH]. This
|
| H A D | build.sh | 23 # -fsanitize=fuzzer /path/to/library.a
101 # Run the fuzzer with no arguments, to print the help-string and get the list
|
| H A D | output_reproducer.py | 29 * Autogenerated Fuzzer Test Case
|
| /openbmc/openbmc/poky/meta/recipes-connectivity/avahi/files/ |
| H A D | CVE-2023-38470-2.patch | 19 …#1 0x45ad2c in fuzzer::PrintStackTrace() (/home/vagrant/avahi/out/fuzz-domain+0x45ad2c) (BuildId: …
20 …#2 0x43fc07 in fuzzer::Fuzzer::CrashCallback() (/home/vagrant/avahi/out/fuzz-domain+0x43fc07) (Bui…
|
| /openbmc/openbmc/meta-openembedded/meta-oe/recipes-test/syzkaller/ |
| H A D | syzkaller_git.bb | 1 DESCRIPTION = "syzkaller is an unsupervised coverage-guided kernel fuzzer"
73 SYZ_BINS_TARGET="syz-fuzzer syz-execprog syz-stress syz-executor"
|
| /openbmc/qemu/tests/qtest/ |
| H A D | fuzz-xlnx-dp-test.c | 2 * QTest fuzzer-generated testcase for xlnx-dp display device
|
| H A D | fuzz-e1000e-test.c | 2 * QTest testcase for e1000e device generated by fuzzer
|
| H A D | fuzz-sb16-test.c | 2 * QTest fuzzer-generated testcase for sb16 audio device
|
| H A D | fuzz-virtio-scsi-test.c | 2 * QTest fuzzer-generated testcase for virtio-scsi device
|
| H A D | fuzz-megasas-test.c | 2 * QTest fuzzer-generated testcase for megasas device
|
| H A D | fuzz-lsi53c895a-test.c | 3 * QTest fuzzer-generated testcase for LSI53C895A device
|
| /openbmc/qemu/.gitlab-ci.d/ |
| H A D | buildtest.yml | 645 - for fuzzer in $(find ./build-oss-fuzz/DEST_DIR/ -executable -type f
647 grep "LLVMFuzzerTestOneInput" ${fuzzer} > /dev/null 2>&1 || continue ;
648 echo Testing ${fuzzer} ... ;
649 …"${fuzzer}" -runs=1 -seed=1 || { echo "FAILED:"" ${fuzzer} exit code is $?"; failures=$(($failures…
|
| /openbmc/qemu/tests/qtest/fuzz/ |
| H A D | generic_fuzz.c | 186 /* Are we in the generic-fuzzer or are we using another fuzz-target? */ in fuzz_dma_read_cb()
287 * Here we want to convert a fuzzer-provided [io-region-index, offset] to
596 * Here, we interpret random bytes from the fuzzer, as a sequence of commands.
611 * ignored. The fuzzer actively tries to reduce inputs, so such unused
614 * SEPARATOR is trivial for the fuzzer to discover when using ASan. Optionally,
|
| H A D | fuzz.h | 80 * The fuzzer can specify a "Custom Crossover" function for combining two
|
| H A D | virtio_net_fuzz.c | 69 * If checking used ring, ensure that the fuzzer doesn't trigger in virtio_net_fuzz_multi()
|
| /openbmc/openbmc/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto/ |
| H A D | 0001-Remove-check_build_deps-build-steps.patch | 63 # targets with the sanitizer/fuzzer flags
|
| /openbmc/libpldm/docs/ |
| H A D | fuzzing.md | 9 "control" stream which used to randomise certain events in the fuzzer, such as
|
| /openbmc/openbmc/meta-openembedded/meta-oe/lib/oeqa/selftest/cases/ |
| H A D | syzkaller.py | 101 fuzzing. It must be persistent between oe-selftest runs, so the fuzzer
|
| /openbmc/qemu/tests/image-fuzzer/ |
| H A D | runner.py | 295 --config=JSON take fuzzer configuration from the JSON
391 print("Error: JSON array with the fuzzer configuration cannot" \
|
| /openbmc/docs/designs/mctp/ |
| H A D | mctp-userspace.md | 142 (I have already been able to run a prototype MCTP stack through the afl fuzzer)
|