On Wed, Jan 30, 2013 at 4:37 PM, Kevin Wolf <kw...@redhat.com> wrote: > Am 19.01.2013 17:01, schrieb Blue Swirl: >> Perform input tests on random data. >> >> Improvement to code coverage for qapi/string-input-visitor.c >> is about 3 percentage points. >> >> Signed-off-by: Blue Swirl <blauwir...@gmail.com> > > Does this test pass for you? It consistently segfaults for me.
Yes, it works on x86_64, i386, arm and sparc64. > > /string-visitor/input/fuzz: ==30703== Conditional jump or move depends > on uninitialised value(s) > ==30703== at 0x508E738: g_free (gmem.c:262) > ==30703== by 0x10B123: test_visitor_in_fuzz > (test-string-input-visitor.c:207) > ==30703== by 0x50ABCA7: g_test_run_suite_internal (gtestutils.c:1174) > ==30703== by 0x50ABE15: g_test_run_suite_internal (gtestutils.c:1233) > ==30703== by 0x50ABE15: g_test_run_suite_internal (gtestutils.c:1233) > ==30703== by 0x50AC10E: g_test_run_suite (gtestutils.c:1282) > ==30703== by 0x108FBF: main (test-string-input-visitor.c:242) > ==30703== > ==30703== Conditional jump or move depends on uninitialised value(s) > ==30703== at 0x4A055B4: free (vg_replace_malloc.c:366) > ==30703== by 0x508E742: g_free (gmem.c:263) > ==30703== by 0x10B123: test_visitor_in_fuzz > (test-string-input-visitor.c:207) > ==30703== by 0x50ABCA7: g_test_run_suite_internal (gtestutils.c:1174) > ==30703== by 0x50ABE15: g_test_run_suite_internal (gtestutils.c:1233) > ==30703== by 0x50ABE15: g_test_run_suite_internal (gtestutils.c:1233) > ==30703== by 0x50AC10E: g_test_run_suite (gtestutils.c:1282) > ==30703== by 0x108FBF: main (test-string-input-visitor.c:242) > ==30703== > ==30703== Invalid free() / delete / delete[] > ==30703== at 0x4A055FE: free (vg_replace_malloc.c:366) > ==30703== by 0x508E742: g_free (gmem.c:263) > ==30703== by 0x10B123: test_visitor_in_fuzz > (test-string-input-visitor.c:207) > ==30703== by 0x50ABCA7: g_test_run_suite_internal (gtestutils.c:1174) > ==30703== by 0x50ABE15: g_test_run_suite_internal (gtestutils.c:1233) > ==30703== by 0x50ABE15: g_test_run_suite_internal (gtestutils.c:1233) > ==30703== by 0x50AC10E: g_test_run_suite (gtestutils.c:1282) > ==30703== by 0x108FBF: main (test-string-input-visitor.c:242) > ==30703== Address 0x2102508021024020 is not stack'd, malloc'd or > (recently) free'd > ==30703== The call to g_free() in the fuzz function looks suspect. I used test_visitor_in_string() as a model (which seems to have been copied from test-qmp-input-visitor.c), is the call to g_free() correct there either? Perhaps Paolo or Luiz would know?
