Re: [PATCH v2] fuzz: select fuzz target using executable name

Fri, 01 May 2020 07:24:15 -0700 

On Friday, 2020-05-01 at 09:56:12 -04, Alexander Bulekov wrote:
> The fuzzers are built into a binary (e.g. qemu-fuzz-i386). To select the
> device to fuzz/fuzz target, we usually use the --fuzz-target= argument.
> This commit allows the fuzz-target to be specified using the name of the
> executable. If the executable name ends with -target-FUZZ_TARGET, then
> we select the fuzz target based on this name, rather than the
> --fuzz-target argument. This is useful for systems such as oss-fuzz
> where we don't have control of the arguments passed to the fuzzer.
>
> Signed-off-by: Alexander Bulekov <alx...@bu.edu>

Reviewed-by: Darren Kenny <darren.ke...@oracle.com>

> ---
>  tests/qtest/fuzz/fuzz.c | 19 +++++++++++--------
>  1 file changed, 11 insertions(+), 8 deletions(-)
>
> This patch should be free of any changes to the slirp submodule.
>
> diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c
> index 0d78ac8d36..c6932cec4a 100644
> --- a/tests/qtest/fuzz/fuzz.c
> +++ b/tests/qtest/fuzz/fuzz.c
> @@ -91,6 +91,7 @@ static void usage(char *path)
>          printf(" * %s  : %s\n", tmp->target->name,
>                  tmp->target->description);
>      }
> +    printf("Alternatively, add -target-FUZZ_TARGET to the executable 
> name\n");
>      exit(0);
>  }
>  
> @@ -143,18 +144,20 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char 
> ***envp)
>      module_call_init(MODULE_INIT_QOM);
>      module_call_init(MODULE_INIT_LIBQOS);
>  
> -    if (*argc <= 1) {
> +    target_name = strstr(**argv, "-target-");
> +    if (target_name) {        /* The binary name specifies the target */
> +                target_name += strlen("-target-");
> +    } else if (*argc > 1) {  /* The target is specified as an argument */
> +        target_name = (*argv)[1];
> +        if (!strstr(target_name, "--fuzz-target=")) {
> +            usage(**argv);
> +        }
> +        target_name += strlen("--fuzz-target=");
> +    } else {
>          usage(**argv);
>      }
>  
>      /* Identify the fuzz target */
> -    target_name = (*argv)[1];
> -    if (!strstr(target_name, "--fuzz-target=")) {
> -        usage(**argv);
> -    }
> -
> -    target_name += strlen("--fuzz-target=");
> -
>      fuzz_target = fuzz_get_target(target_name);
>      if (!fuzz_target) {
>          usage(**argv);
> -- 
> 2.26.2

Reply via email to