From: Alexander Bulekov Date: Tue, 21 Apr 2020 18:22:30 +0000 (-0400) Subject: fuzz: select fuzz target using executable name X-Git-Tag: v5.1.0-rc0~144^2~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=05509c8e6def8a23878b93eda3163b7b405a5d57;p=thirdparty%2Fqemu.git fuzz: select fuzz target using executable name The fuzzers are built into a binary (e.g. qemu-fuzz-i386). To select the device to fuzz/fuzz target, we usually use the --fuzz-target= argument. This commit allows the fuzz-target to be specified using the name of the executable. If the executable name ends with -target-FUZZ_TARGET, then we select the fuzz target based on this name, rather than the --fuzz-target argument. This is useful for systems such as oss-fuzz where we don't have control of the arguments passed to the fuzzer. [Fixed incorrect indentation. --Stefan] Signed-off-by: Alexander Bulekov Reviewed-by: Darren Kenny Message-id: 20200421182230.6313-1-alxndr@bu.edu Signed-off-by: Stefan Hajnoczi --- diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index 0d78ac8d364..f5c923852ee 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -91,6 +91,7 @@ static void usage(char *path) printf(" * %s : %s\n", tmp->target->name, tmp->target->description); } + printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n"); exit(0); } @@ -143,18 +144,20 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) module_call_init(MODULE_INIT_QOM); module_call_init(MODULE_INIT_LIBQOS); - if (*argc <= 1) { + target_name = strstr(**argv, "-target-"); + if (target_name) { /* The binary name specifies the target */ + target_name += strlen("-target-"); + } else if (*argc > 1) { /* The target is specified as an argument */ + target_name = (*argv)[1]; + if (!strstr(target_name, "--fuzz-target=")) { + usage(**argv); + } + target_name += strlen("--fuzz-target="); + } else { usage(**argv); } /* Identify the fuzz target */ - target_name = (*argv)[1]; - if (!strstr(target_name, "--fuzz-target=")) { - usage(**argv); - } - - target_name += strlen("--fuzz-target="); - fuzz_target = fuzz_get_target(target_name); if (!fuzz_target) { usage(**argv);