1 /* 2 * QTest fuzzer-generated testcase for sb16 audio device 3 * 4 * Copyright (c) 2021 Philippe Mathieu-Daudé <f4bug@amsat.org> 5 * 6 * SPDX-License-Identifier: GPL-2.0-or-later 7 */ 8 9 #include "qemu/osdep.h" 10 #include "libqos/libqtest.h" 11 12 /* 13 * This used to trigger the assert in audio_calloc 14 * https://bugs.launchpad.net/qemu/+bug/1910603 15 */ 16 static void test_fuzz_sb16_0x1c(void) 17 { 18 QTestState *s = qtest_init("-M q35 -display none " 19 "-device sb16,audiodev=snd0 " 20 "-audiodev none,id=snd0"); 21 qtest_outw(s, 0x22c, 0x41); 22 qtest_outb(s, 0x22c, 0x00); 23 qtest_outw(s, 0x22c, 0x1004); 24 qtest_outw(s, 0x22c, 0x001c); 25 qtest_quit(s); 26 } 27 28 static void test_fuzz_sb16_0x91(void) 29 { 30 QTestState *s = qtest_init("-M pc -display none " 31 "-device sb16,audiodev=none " 32 "-audiodev id=none,driver=none"); 33 qtest_outw(s, 0x22c, 0xf141); 34 qtest_outb(s, 0x22c, 0x00); 35 qtest_outb(s, 0x22c, 0x24); 36 qtest_outb(s, 0x22c, 0x91); 37 qtest_quit(s); 38 } 39 40 int main(int argc, char **argv) 41 { 42 const char *arch = qtest_get_arch(); 43 44 g_test_init(&argc, &argv, NULL); 45 46 if (strcmp(arch, "i386") == 0) { 47 qtest_add_func("fuzz/test_fuzz_sb16/1c", test_fuzz_sb16_0x1c); 48 qtest_add_func("fuzz/test_fuzz_sb16/91", test_fuzz_sb16_0x91); 49 } 50 51 return g_test_run(); 52 } 53