1 /* 2 * QTest fuzzer-generated testcase for sb16 audio device 3 * 4 * Copyright (c) 2021 Philippe Mathieu-Daudé <f4bug@amsat.org> 5 * 6 * SPDX-License-Identifier: GPL-2.0-or-later 7 */ 8 9 #include "qemu/osdep.h" 10 #include "libqos/libqtest.h" 11 12 /* 13 * This used to trigger the assert in audio_calloc 14 * https://bugs.launchpad.net/qemu/+bug/1910603 15 */ 16 static void test_fuzz_sb16_0x1c(void) 17 { 18 QTestState *s = qtest_init("-M q35 -display none " 19 "-device sb16,audiodev=snd0 " 20 "-audiodev none,id=snd0"); 21 qtest_outw(s, 0x22c, 0x41); 22 qtest_outb(s, 0x22c, 0x00); 23 qtest_outw(s, 0x22c, 0x1004); 24 qtest_outw(s, 0x22c, 0x001c); 25 qtest_quit(s); 26 } 27 28 static void test_fuzz_sb16_0x91(void) 29 { 30 QTestState *s = qtest_init("-M pc -display none " 31 "-device sb16,audiodev=none " 32 "-audiodev id=none,driver=none"); 33 qtest_outw(s, 0x22c, 0xf141); 34 qtest_outb(s, 0x22c, 0x00); 35 qtest_outb(s, 0x22c, 0x24); 36 qtest_outb(s, 0x22c, 0x91); 37 qtest_quit(s); 38 } 39 40 /* 41 * This used to trigger the assert in audio_calloc 42 * through command 0xd4 43 */ 44 static void test_fuzz_sb16_0xd4(void) 45 { 46 QTestState *s = qtest_init("-M pc -display none " 47 "-device sb16,audiodev=none " 48 "-audiodev id=none,driver=none"); 49 qtest_outb(s, 0x22c, 0x41); 50 qtest_outb(s, 0x22c, 0x00); 51 qtest_outb(s, 0x22c, 0x14); 52 qtest_outb(s, 0x22c, 0xd4); 53 qtest_quit(s); 54 } 55 56 int main(int argc, char **argv) 57 { 58 const char *arch = qtest_get_arch(); 59 60 g_test_init(&argc, &argv, NULL); 61 62 if (strcmp(arch, "i386") == 0) { 63 qtest_add_func("fuzz/test_fuzz_sb16/1c", test_fuzz_sb16_0x1c); 64 qtest_add_func("fuzz/test_fuzz_sb16/91", test_fuzz_sb16_0x91); 65 qtest_add_func("fuzz/test_fuzz_sb16/d4", test_fuzz_sb16_0xd4); 66 } 67 68 return g_test_run(); 69 } 70