For some device configurations, it is useful to configure some
resources, and adjust QEMU arguments at runtime, prior to fuzzing. This
patch adds an "argfunc" to generic the generic_fuzz_config. When
specified, it is responsible for configuring the resources and returning
a string containing the corresponding QEMU arguments. This can be useful
for targets that rely on e.g.:
* a temporary qcow2 image
* a temporary directory
* an unused TCP port used to bind the VNC server
Signed-off-by: Alexander Bulekov <alx...@bu.edu>
Reviewed-by: Thomas Huth <th...@redhat.com>
---
tests/qtest/fuzz/generic_fuzz.c | 10 +++++++++-
tests/qtest/fuzz/generic_fuzz_configs.h | 1 +
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index deb74f15be..ee8c17a04c 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -933,12 +933,20 @@ static GString *generic_fuzz_cmdline(FuzzTarget *t)
static GString *generic_fuzz_predefined_config_cmdline(FuzzTarget *t)
{
+ gchar *args;
const generic_fuzz_config *config;
g_assert(t->opaque);
config = t->opaque;
setenv("QEMU_AVOID_DOUBLE_FETCH", "1", 1);
- setenv("QEMU_FUZZ_ARGS", config->args, 1);
+ if (config->argfunc) {
+ args = config->argfunc();
+ setenv("QEMU_FUZZ_ARGS", args, 1);
+ g_free(args);
+ } else {
+ g_assert_nonnull(config->args);
+ setenv("QEMU_FUZZ_ARGS", config->args, 1);
+ }
setenv("QEMU_FUZZ_OBJECTS", config->objects, 1);
return generic_fuzz_cmdline(t);
}
diff --git a/tests/qtest/fuzz/generic_fuzz_configs.h
b/tests/qtest/fuzz/generic_fuzz_configs.h
index aa4c03f1ae..51e69c6e42 100644
--- a/tests/qtest/fuzz/generic_fuzz_configs.h
+++ b/tests/qtest/fuzz/generic_fuzz_configs.h
@@ -16,6 +16,7 @@
typedef struct generic_fuzz_config {
const char *name, *args, *objects;
+ gchar* (*argfunc)(void); /* Result must be freeable by g_free() */
} generic_fuzz_config;
const generic_fuzz_config predefined_configs[] = {
--
2.28.0
