1*a2cd86a9SPhilippe Mathieu-Daudé /* 2*a2cd86a9SPhilippe Mathieu-Daudé * QTest fuzzer-generated testcase for sb16 audio device 3*a2cd86a9SPhilippe Mathieu-Daudé * 4*a2cd86a9SPhilippe Mathieu-Daudé * Copyright (c) 2021 Philippe Mathieu-Daudé <f4bug@amsat.org> 5*a2cd86a9SPhilippe Mathieu-Daudé * 6*a2cd86a9SPhilippe Mathieu-Daudé * SPDX-License-Identifier: GPL-2.0-or-later 7*a2cd86a9SPhilippe Mathieu-Daudé */ 8*a2cd86a9SPhilippe Mathieu-Daudé 9*a2cd86a9SPhilippe Mathieu-Daudé #include "qemu/osdep.h" 10*a2cd86a9SPhilippe Mathieu-Daudé #include "libqos/libqtest.h" 11*a2cd86a9SPhilippe Mathieu-Daudé 12*a2cd86a9SPhilippe Mathieu-Daudé /* 13*a2cd86a9SPhilippe Mathieu-Daudé * This used to trigger the assert in audio_calloc 14*a2cd86a9SPhilippe Mathieu-Daudé * https://bugs.launchpad.net/qemu/+bug/1910603 15*a2cd86a9SPhilippe Mathieu-Daudé */ 16*a2cd86a9SPhilippe Mathieu-Daudé static void test_fuzz_sb16_0x1c(void) 17*a2cd86a9SPhilippe Mathieu-Daudé { 18*a2cd86a9SPhilippe Mathieu-Daudé QTestState *s = qtest_init("-M q35 -display none " 19*a2cd86a9SPhilippe Mathieu-Daudé "-device sb16,audiodev=snd0 " 20*a2cd86a9SPhilippe Mathieu-Daudé "-audiodev none,id=snd0"); 21*a2cd86a9SPhilippe Mathieu-Daudé qtest_outw(s, 0x22c, 0x41); 22*a2cd86a9SPhilippe Mathieu-Daudé qtest_outb(s, 0x22c, 0x00); 23*a2cd86a9SPhilippe Mathieu-Daudé qtest_outw(s, 0x22c, 0x1004); 24*a2cd86a9SPhilippe Mathieu-Daudé qtest_outw(s, 0x22c, 0x001c); 25*a2cd86a9SPhilippe Mathieu-Daudé qtest_quit(s); 26*a2cd86a9SPhilippe Mathieu-Daudé } 27*a2cd86a9SPhilippe Mathieu-Daudé 28*a2cd86a9SPhilippe Mathieu-Daudé static void test_fuzz_sb16_0x91(void) 29*a2cd86a9SPhilippe Mathieu-Daudé { 30*a2cd86a9SPhilippe Mathieu-Daudé QTestState *s = qtest_init("-M pc -display none " 31*a2cd86a9SPhilippe Mathieu-Daudé "-device sb16,audiodev=none " 32*a2cd86a9SPhilippe Mathieu-Daudé "-audiodev id=none,driver=none"); 33*a2cd86a9SPhilippe Mathieu-Daudé qtest_outw(s, 0x22c, 0xf141); 34*a2cd86a9SPhilippe Mathieu-Daudé qtest_outb(s, 0x22c, 0x00); 35*a2cd86a9SPhilippe Mathieu-Daudé qtest_outb(s, 0x22c, 0x24); 36*a2cd86a9SPhilippe Mathieu-Daudé qtest_outb(s, 0x22c, 0x91); 37*a2cd86a9SPhilippe Mathieu-Daudé qtest_quit(s); 38*a2cd86a9SPhilippe Mathieu-Daudé } 39*a2cd86a9SPhilippe Mathieu-Daudé 40*a2cd86a9SPhilippe Mathieu-Daudé int main(int argc, char **argv) 41*a2cd86a9SPhilippe Mathieu-Daudé { 42*a2cd86a9SPhilippe Mathieu-Daudé const char *arch = qtest_get_arch(); 43*a2cd86a9SPhilippe Mathieu-Daudé 44*a2cd86a9SPhilippe Mathieu-Daudé g_test_init(&argc, &argv, NULL); 45*a2cd86a9SPhilippe Mathieu-Daudé 46*a2cd86a9SPhilippe Mathieu-Daudé if (strcmp(arch, "i386") == 0) { 47*a2cd86a9SPhilippe Mathieu-Daudé qtest_add_func("fuzz/test_fuzz_sb16/1c", test_fuzz_sb16_0x1c); 48*a2cd86a9SPhilippe Mathieu-Daudé qtest_add_func("fuzz/test_fuzz_sb16/91", test_fuzz_sb16_0x91); 49*a2cd86a9SPhilippe Mathieu-Daudé } 50*a2cd86a9SPhilippe Mathieu-Daudé 51*a2cd86a9SPhilippe Mathieu-Daudé return g_test_run(); 52*a2cd86a9SPhilippe Mathieu-Daudé } 53