fields to be fuzzed
*** BLURB HERE ***
Maria Kustova (3):
image-fuzzer: runner: Added execution of multiple tests
image-fuzzer: Initial generator of qcow2 fuzzed images
image-fuzzer: docs: Added description for the qcow2 image generator
tests/image-fuzzer/docs/image-fuzzer.txt | 178 +++
0644
index 000..9f92fb1
--- /dev/null
+++ b/tests/image-fuzzer/runner/runner.py
@@ -0,0 +1,260 @@
+# Tool for running fuzz tests
+#
+# Copyright (C) 2014 Maria Kustova
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public
Apart from fixes the description for image generator was added.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 178 +++
1 file changed, 178 insertions(+)
create mode 100644 tests/image-fuzzer/docs/image-fuzzer.txt
diff --git a/tests
: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
tests/image-fuzzer/qcow2/fuzz.py | 271 +++
tests/image-fuzzer/qcow2/layout.py | 125
3 files changed, 397 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
Apart from fixes the description for image generator was added.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 178 +++
1 file changed, 178 insertions(+)
create mode 100644 tests/image-fuzzer/docs/image-fuzzer.txt
diff --git a/tests
zzed (20%-50% of all fields)
* random selection of fields to be fuzzed
*** BLURB HERE ***
Maria Kustova (3):
image-fuzzer: Added execution of multiple tests to the test runner
image-fuzzer: Initial generator of qcow2 fuzzed images
image-fuzzer: Added description for the qcow2 image generator
: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
tests/image-fuzzer/qcow2/fuzz.py | 271 +++
tests/image-fuzzer/qcow2/layout.py | 125
3 files changed, 397 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
0644
index 000..5d09b2e
--- /dev/null
+++ b/tests/image-fuzzer/runner/runner.py
@@ -0,0 +1,260 @@
+# Tool for running fuzz tests
+#
+# Copyright (C) 2014 Maria Kustova
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public
Public bug reported:
The qemu-img crashes on the next command:
qemu-img check test_image
'test_image' can be found in the attachment. It's a fuzzed test image
with the qcow2 image header only. Suppositional cause of the failure is
the value of 'size' header field set to maximum uint_64 value.
S
The bug description missed qemu-img error:
(process:12283): GLib-ERROR **: gmem.c:110: failed to allocate
18446744059294601304 bytes
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1332297
Title:
qe
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
docs/image-fuzzer.txt | 239 ++
1 file changed, 239
v5 -> v6:
* Moved the image fuzzer specification to the QEMU docs directory
* Moved the runner.py to the image fuzzer root directory
Maria Kustova (5):
docs: Specification for the image fuzzer
runner: Tool for fuzz tests execution
fuzz: Fuzzing functions for qcow2 images
layout: Genera
__init__.py provides the public API required by the test runner
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer
test runner doesn't depend on an image format, so it can be used with any
external image generator.
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 405 +++
1 file changed, 405 insertions(+)
create mode 1
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 327 +++
1 file changed, 327 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/fuzz.py
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
new file mode
The layout submodule of the qcow2 package creates a random valid image,
randomly selects some amount of its fields, fuzzes them and write the fuzzed
image to the file. Fuzzing process can be controlled by an external
configuration.
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 28
1 file changed, 28 insertions(+)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index a53c84f..57527f9 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b/tests
Signed-off-by: Maria Kustova
---
docs/image-fuzzer.txt | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/docs/image-fuzzer.txt b/docs/image-fuzzer.txt
index e73b182..0d0005d 100644
--- a/docs/image-fuzzer.txt
+++ b/docs/image-fuzzer.txt
@@ -125,8 +125,7 @@ If a fuzzer
of the parent patch series
Maria Kustova (3):
docs: Expand the list of supported image elements with L1/L2 tables
fuzz: Add fuzzing functions for L1/L2 table entries
layout: Add generators of L1/L2 tables
docs/image-fuzzer.txt | 3 +-
tests/image-fuzzer/qcow2/fuzz.py | 2
Entries in L1/L2 entries are based on a portion of random guest clusters.
L2 entries contain offsets to host image clusters filled with random data.
Clusters for L1/L2 tables and guest data are selected randomly.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 255
the 'create_image' API.
This patch series was created for the 'block-next' branch and based on the next
series:
[PATCH V4 0/3] image-fuzzer: Support L1/L2 tables in the qcow2 image
generator
Signed-off-by: Maria Kustova
---
v2 -> v3:
* Simplifi
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 16 +++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index 57527f9..5852b4d 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b
Signed-off-by: Maria Kustova
---
docs/image-fuzzer.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/image-fuzzer.txt b/docs/image-fuzzer.txt
index 0d0005d..f707269 100644
--- a/docs/image-fuzzer.txt
+++ b/docs/image-fuzzer.txt
@@ -125,7 +125,8 @@ If a fuzzer
Refcount structures are placed in clusters randomly selected from all not
allocated host clusters.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 136 -
1 file changed, 135 insertions(+), 1 deletion(-)
diff --git a/tests/image-fuzzer
This patch series adds support of refcount tables and blocks to the qcow2 image
generator.
This patch series was created for the 'block-next' branch and based on the next
series:
[PATCH V3] layout: Reduce number of generator functions in __init__
Maria Kustova (3):
docs
Public bug reported:
'qemu-img check -r all/leaks' failed with a segmentation fault on the
fuzzed image with L1/L2 entry values having UINT64 border values.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.raw in the same directory
3. Execute
Public bug reported:
'qemu-img check -r all' was killed by SIGTRAP.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.qed in the same directory
3. Execute
qemu-img check -f qcow2 -r all copy.img
Result: qemu-img was killed by SIGTRAP with the r
Public bug reported:
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.vdi in the same directory
3. Execute
qemu-io copy.img -c map
Result: qemu-io processes part of the image and then hangs loading 100%
of CPU time.
qemu.git HEAD 2d591ce2aeeb
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 29 +
1 file changed, 25 insertions(+), 4 deletions(-)
diff --git a/tests/image-fuzzer/runner.py b/tests/image-fuzzer/runner.py
index 688d470..4399529 100755
--- a/tests/image-fuzzer/runner.py
+++ b
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 23 ++-
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/tests/image-fuzzer/runner.py b/tests/image-fuzzer/runner.py
index 3fa7fca..688d470 100755
--- a/tests/image-fuzzer/runner.py
+++ b/tests
as failed.
If a program under test hangs, then the specified test duration can be overrun
up to 5 minutes.
The patch series is based on https://github.com/stefanha/qemu/commits/block,
commit 07a45925fa88376f8583a333e74f7eeb0f455685
Maria Kustova (2):
runner: Add an argument for test duratio
Public bug reported:
'qemu-img amend' failed with the assert on the fuzzed image.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.vdi in the same directory
3. Execute
qemu-img amend -o compat=0.10 -f qcow2 copy.img
Result: qemu-img was kill
Public bug reported:
qemu-img amend -o compat=0.10' failed with a segmentation fault on the
fuzzed image.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.qed in the same directory
3. Execute
qemu-img amend -o compat=0.10 -f qcow2 copy.img
R
image size to 10 MB as a maximum an execution of
each command takes about several seconds in general, so 10 minutes is enough to
discriminate freeze, but not drastically increase an overall test duration.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 29
After the specified duration the runner stops executing new tests, but it
doesn't interrupt running ones.
Reviewed-by: Fam Zheng
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 21 +
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/tests/
time-out (in some cases 5 minutes interval returned false
negatives)
Maria Kustova (2):
runner: Add an argument for test duration
runner: Kill a program under test by time-out
tests/image-fuzzer/runner.py | 50 +---
1 file changed, 42 insertions(+)
Additional commands were added to the default runner list to cover all qcow2
related code. This qcow2 specificity is selected to reduce number of
non-relevant tests. After implementation of a fuzzer for a new format the
default list should be updated.
Signed-off-by: Maria Kustova
---
tests
This patch series contains changes improving test coverage.
Maria Kustova (2):
runner: Expand the list of default test commands
fuzz: Make fuzzing functions and values relevant to the qemu
implementation
tests/image-fuzzer/qcow2/fuzz.py | 71 +++--
tests
Heuristic values were added to fuzzing constraints and vectors.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 71 +---
1 file changed, 37 insertions(+), 34 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 15 ++--
tests/image-fuzzer/runner.py | 51
2 files changed, 34 insertions(+), 32 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2
Refcount structures are placed in clusters randomly selected from all
unallocated host clusters.
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 138 -
1 file changed, 137 insertions(+), 1 deletion(-)
diff
This patch series was created for the 'block-next' branch and based on the next
series:
[PATCH V3] layout: Reduce number of generator functions in __init__
v0 -> v1 (based on the review of Fam Zheng):
* Fixed typos
* Made calculation of a refcount block size clearer.
Mar
Reviewed-by: Fam Zheng
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 16 +++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index 57527f9..5852b4d
Reviewed-by: Fam Zheng
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
docs/image-fuzzer.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/image-fuzzer.txt b/docs/image-fuzzer.txt
index 0d0005d..3e23ebe 100644
--- a/docs/image-fuzzer.txt
+++ b/docs
The 'refcount_bits' term used in the description of refcount block entry is
not defined in the specification. The definition is added in the
'refcount_order' section where refcount_bits was used as 'width in bits'.
Signed-off-by: Maria Kustova
---
docs/specs/qcow2
Signed-off-by: Maria Kustova
---
v1 -> v2:
* Simplified format of test result strings (based on the review of Fam Zheng
and Markus Armbruster).
* Reverted signature of the 'fuzz.selector()' function (based on the review of
Stefan Hajnoczi).
tests/image-fuzzer/qcow2
Public bug reported:
qemu-io and qemu-img fails with an assertion (see below) at attempt to
interact with the qcow2 image having large values in the 'incompatible
features' header field.
util/error.c:34: error_set: Assertion `*errp == ((void *)0)' failed.
The backtrace file and the test imag
runner doesn't depend on image format or a program will be tested, so
it can be used with any external image generator and program under test.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 370
1 file changed, 370 insertions(+)
c
of different formats
* the image generator supports backing file name
* the header extensions are generated dependently on available free space
* the specification reflects changes mentioned above
* the specification has the copyright header (based on Eric Blake comments)
Maria Kustova (5):
docs: Spec
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 239 +++
1 file changed, 239
__init__.py provides the public API required by the test runner
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer/qcow2/__init__.py
b/tests/image
generated.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 359 +
1 file changed, 359 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/layout.py
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image-fuzzer/qcow2/layout.py
potentially dangerous
values. But after investigation of code coverage by fuzz tests they will be
expanded by heuristic values based on inner checks and flows of a program
under test.
Now fuzzing of a header, header extensions and a backing file name is
supported.
Signed-off-by: Maria Kustova
h the unified validator
Layout:
* fixed typos
Docs:
* fixed wrong JSON terminology
Maria Kustova (5):
docs: Specification for the image fuzzer
runner: Tool for fuzz tests execution
fuzz: Fuzzing functions for qcow2 images
layout: Generator of fuzzed qcow2 images
package: Public API for image-
test runner doesn't depend on an image format or a program will be tested,
so it can be used with any external image generator and program under test.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 360
1 file changed, 360 inser
__init__.py provides the public API required by the test runner
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer/qcow2/__init__.py
b/tests/image
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 239 +++
1 file changed, 239
generated.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 359 +
1 file changed, 359 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/layout.py
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image-fuzzer/qcow2
or potentially dangerous
values. But after investigation of code coverage by fuzz tests they will be
expanded by heuristic values based on inner checks and flows of a program
under test.
Now fuzzing of a header, header extensions and a backing file name is
supported.
Signed-off-by: Maria Kustova
file name required to be placed after the header
extensions in the first image cluster.
Signed-off-by: Maria Kustova
---
docs/specs/qcow2.txt | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/docs/specs/qcow2.txt b/docs/specs/qcow2.txt
index 3f713a6..cfbc8b0 100644
TCH V4 0/5] tests: Add the image fuzzer with qcow2 support.
Maria Kustova (4):
docs: Expand the list of supported image elements with L1/L2 tables
runner: Make a copy of a test image for destructive test commands
fuzz: Add fuzzing functions for L1/L2 table entries
layout: Add generators of L1
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/image-fuzzer/docs/image-fuzzer.txt
b/tests/image-fuzzer/docs/image-fuzzer.txt
index 2c4f346..08960ee 100644
--- a/tests/image-fuzzer/docs/image
.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 265 -
1 file changed, 206 insertions(+), 59 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image-fuzzer/qcow2/layout.py
index 2bad223..5f759e6 100644
--- a/tests/image
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/tests/image-fuzzer/runner/runner.py
b/tests/image-fuzzer/runner/runner.py
index 3e9e65d..6ec40a4 100755
--- a/tests/image-fuzzer/runner
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 28
1 file changed, 28 insertions(+)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index ef9198f..178fef8 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b/tests
Public bug reported:
The qemu-io always returns zero on exit independently on errors occurred
during the command execution.
Example,
$ qemu-io -c 'write 128 234' /tmp/run1/test-1/test.img
offset 128 is not sector aligned
$ echo $?
0
qemu.git HEAD: 41a1a9c42c4e
** Affects: qemu
Importan
Public bug reported:
qemu-io is killed by SIGIOT at the 'discard' command on the image having
no refcount information.
Sequence:
1. Unpack test.img and backing_img.qed in the same directory (see the attached
archives for images)
2. Make a copy of test.img to copy.img (qemu-io modifies the image
Public bug reported:
'qemu-io -c write' and 'qemu-io -c aio_write' crashes on a qcow2 image
with a fuzzed refcount table.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.file in the same directory
3. Execute
qemu-io copy.img -c write 279552
* Simplified attribute calls (based on the review of Stefan Hajnoczi)
Maria Kustova (5):
docs: Specification for the image fuzzer
runner: Tool for fuzz tests execution
fuzz: Fuzzing functions for qcow2 images
layout: Generator of fuzzed qcow2 images
package: Public API for image-fuzzer/run
__init__.py provides the public API required by the test runner
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer/qcow2/__init__.py
b/tests/image
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 239 +++
1 file changed, 239
The layout submodule of the qcow2 package creates a random valid image,
randomly selects some amount of its fields, fuzzes them and write the fuzzed
image to the file. Fuzzing process can be controlled by an external
configuration.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2
test runner doesn't depend on an image format or a program will be tested,
so it can be used with any external image generator and program under test.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 405
1 file changed, 405 inser
or potentially dangerous
values. But after investigation of code coverage by fuzz tests they will be
expanded by heuristic values based on inner checks and flows of a program
under test.
Now fuzzing of a header, header extensions and a backing file name is
supported.
Signed-off-by: Maria Kustova
of the parent patch series
* Fixed wrong maximum number of L2 tables
* Fixed missed whitespaces (based on the review of Stefan Hajnoczi)
Maria Kustova (3):
docs: Expand the list of supported image elements with L1/L2 tables
fuzz: Add fuzzing functions for L1/L2 table entries
layout: Add gen
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tests/image-fuzzer/docs/image-fuzzer.txt
b/tests/image-fuzzer/docs/image-fuzzer.txt
index efe0ed4..2e8e3b9 100644
--- a/tests/image-fuzzer/docs/image
.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 273 -
1 file changed, 211 insertions(+), 62 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image-fuzzer/qcow2/layout.py
index 4c08202..7839d2c 100644
--- a/tests/image
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 28
1 file changed, 28 insertions(+)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index a53c84f..57527f9 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b/tests
the 'create_image' API.
This patch series was created for the 'block-next' branch and based on the next
series:
[PATCH V2 0/3] image-fuzzer: Support L1/L2 tables in the qcow2 image
generator
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/
n the last L2 table
Maria Kustova (3):
docs: Expand the list of supported image elements with L1/L2 tables
fuzz: Add fuzzing functions for L1/L2 table entries
layout: Add generators of L1/L2 tables
tests/image-fuzzer/docs/image-fuzzer.txt | 3 +-
tests/image-fuzzer/qcow2/fuzz.py | 2
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 28
1 file changed, 28 insertions(+)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index a53c84f..57527f9 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b/tests
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tests/image-fuzzer/docs/image-fuzzer.txt
b/tests/image-fuzzer/docs/image-fuzzer.txt
index efe0ed4..2e8e3b9 100644
--- a/tests/image-fuzzer/docs/image
Entries in L1/L2 entries are based on a portion of random guest clusters.
L2 entries contain offsets to host image clusters filled with random data.
Clusters for L1/L2 tables and guest data are selected randomly.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 255
methods are ordered by priority
* Removed redundant _join() method
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 293 ++---
1 file changed, 143 insertions(+), 150 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image
Public bug reported:
'qemu-io -c write' failed on the fuzzed image with missed refcount
tables:
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.cow in the same directory
3. Execute
qemu-io copy.img -c 'write 2856960 208896'
Result: qemu-io
uot;--cmd" option.
Signed-off-by: Maria Kustova
---
qemu-io.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/qemu-io.c b/qemu-io.c
index fc38608..be68d96 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -194,10 +194,11 @@ static const cmdinfo_t quit_cmd = {
Signed-off-by: Maria Kustova
---
block/curl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/curl.c b/block/curl.c
index 3494c6d..359637e 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -538,7 +538,7 @@ static int curl_open(BlockDriverState *bs, QDict *options,
int
These patches are the part of OPW application.
Two of them update help messages of qemu-io utility.
And last one replaces fprintf() with error_setg() in curl.c
Maria Kustova (3):
qemu-io-cmds: Fixed typo in example for writev.
block: Replaced old error handling with error reporting API
Signed-off-by: Maria Kustova
---
qemu-io-cmds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index f1de24c..5707bda 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -1087,7 +1087,7 @@ writev_help(void)
" writes a range of bytes fro
These patches are the part of OPW application.
Two of them update help messages of qemu-io utility.
And last one replaces fprintf() with error_setg() in curl.c
Changes v1 -> v2:
* Removed trailing "\n" from the error string in error_setg() call
Maria Kustova (3):
qemu-io-cmds:
uot;--cmd" option.
Signed-off-by: Maria Kustova
---
qemu-io.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/qemu-io.c b/qemu-io.c
index fc38608..be68d96 100644
--- a/qemu-io.c
+++ b/qemu-io.c
@@ -194,10 +194,11 @@ static const cmdinfo_t quit_cmd = {
Signed-off-by: Maria Kustova
---
qemu-io-cmds.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/qemu-io-cmds.c b/qemu-io-cmds.c
index f1de24c..5707bda 100644
--- a/qemu-io-cmds.c
+++ b/qemu-io-cmds.c
@@ -1087,7 +1087,7 @@ writev_help(void)
" writes a range of bytes fro
Signed-off-by: Maria Kustova
---
Changes v1 -> v2:
* Removed trailing "\n" from the error string
---
block/curl.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/curl.c b/block/curl.c
index 3494c6d..359637e 100644
--- a/block/curl.c
+++ b/block/curl.c
@@
Initial documentation for the image fuzzer
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 126 +++
1 file changed, 126 insertions(+)
create mode 100644 tests/image-fuzzer/docs/image-fuzzer.txt
diff --git a/tests/image-fuzzer/docs/image
This version of test runner executes only one test. In future it will be
extended to execute multiple tests in a run.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 225 +++
1 file changed, 225 insertions(+)
create mode 100644 tests
The series fixed the crash, but qemu-img started to produce the
confusing output:
$ qemu-img check test_image
ERROR: I/O error in check_refcounts_l1
No errors were found on the image.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
its format specification with
some fields having random invalid values.
Patch 1 contains documentation for the image fuzzer, patch 2 is the test runner
and remaining ones relate to the image generator for qcow2 format.
Maria Kustova (5):
docs: Specification for the image fuzzer
runner: Tool
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 176 +++
1 file changed, 176
Layout submodule of qcow2 package creates a random valid image, randomly
selects some amount of its fields, fuzzes them and write the fuzzed image to
the file.
Now only header and header extensions are generated, remaining file is filled
by zeroes.
Signed-off-by: Maria Kustova
---
tests/image
runner doesn't depend on image format or a program will be tested, so
it can be used with any external image generator and program under test.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 270
1 file changed, 270 insertions(+)
c
1 - 100 of 109 matches
Mail list logo
