For some device configurations, it is useful to configure some
resources, and adjust QEMU arguments at runtime, prior to fuzzing. This
patch adds an "argfunc" to generic the generic_fuzz_config. When
specified, it is responsible for configuring the resources and returning
a string containing the corresponding QEMU arguments. This can be useful
for targets that rely on e.g.:
* a temporary qcow2 image
* a temporary directory
* an unused TCP port used to bind the VNC server
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20210117230924.449676-2-alxndr@bu.edu>
static GString *generic_fuzz_predefined_config_cmdline(FuzzTarget *t)
{
+ gchar *args;
const generic_fuzz_config *config;
g_assert(t->opaque);
config = t->opaque;
setenv("QEMU_AVOID_DOUBLE_FETCH", "1", 1);
- setenv("QEMU_FUZZ_ARGS", config->args, 1);
+ if (config->argfunc) {
+ args = config->argfunc();
+ setenv("QEMU_FUZZ_ARGS", args, 1);
+ g_free(args);
+ } else {
+ g_assert_nonnull(config->args);
+ setenv("QEMU_FUZZ_ARGS", config->args, 1);
+ }
setenv("QEMU_FUZZ_OBJECTS", config->objects, 1);
return generic_fuzz_cmdline(t);
}
typedef struct generic_fuzz_config {
const char *name, *args, *objects;
+ gchar* (*argfunc)(void); /* Result must be freeable by g_free() */
} generic_fuzz_config;
const generic_fuzz_config predefined_configs[] = {
projects / qemu.git / commitdiff