Signed-off-by: Maria Kustova
---
v1 -> v2:
* Simplified format of test result strings (based on the review of Fam Zheng
and Markus Armbruster).
* Reverted signature of the 'fuzz.selector()' function (based on the review of
Stefan Hajnoczi).
tests/image-fuzzer/qcow2
Reviewed-by: Fam Zheng
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
docs/image-fuzzer.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/image-fuzzer.txt b/docs/image-fuzzer.txt
index 0d0005d..3e23ebe 100644
--- a/docs/image-fuzzer.txt
+++ b/docs
Reviewed-by: Fam Zheng
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 16 +++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index 57527f9..5852b4d
This patch series was created for the 'block-next' branch and based on the next
series:
[PATCH V3] layout: Reduce number of generator functions in __init__
v0 -> v1 (based on the review of Fam Zheng):
* Fixed typos
* Made calculation of a refcount block size clearer.
Mar
Refcount structures are placed in clusters randomly selected from all
unallocated host clusters.
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 138 -
1 file changed, 137 insertions(+), 1 deletion(-)
diff
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 15 ++--
tests/image-fuzzer/runner.py | 51
2 files changed, 34 insertions(+), 32 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2
Heuristic values were added to fuzzing constraints and vectors.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 71 +---
1 file changed, 37 insertions(+), 34 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer
Additional commands were added to the default runner list to cover all qcow2
related code. This qcow2 specificity is selected to reduce number of
non-relevant tests. After implementation of a fuzzer for a new format the
default list should be updated.
Signed-off-by: Maria Kustova
---
tests
This patch series contains changes improving test coverage.
Maria Kustova (2):
runner: Expand the list of default test commands
fuzz: Make fuzzing functions and values relevant to the qemu
implementation
tests/image-fuzzer/qcow2/fuzz.py | 71 +++--
tests
time-out (in some cases 5 minutes interval returned false
negatives)
Maria Kustova (2):
runner: Add an argument for test duration
runner: Kill a program under test by time-out
tests/image-fuzzer/runner.py | 50 +---
1 file changed, 42 insertions(+)
After the specified duration the runner stops executing new tests, but it
doesn't interrupt running ones.
Reviewed-by: Fam Zheng
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 21 +
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/tests/
image size to 10 MB as a maximum an execution of
each command takes about several seconds in general, so 10 minutes is enough to
discriminate freeze, but not drastically increase an overall test duration.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 29
Public bug reported:
qemu-img amend -o compat=0.10' failed with a segmentation fault on the
fuzzed image.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.qed in the same directory
3. Execute
qemu-img amend -o compat=0.10 -f qcow2 copy.img
R
Public bug reported:
'qemu-img amend' failed with the assert on the fuzzed image.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.vdi in the same directory
3. Execute
qemu-img amend -o compat=0.10 -f qcow2 copy.img
Result: qemu-img was kill
as failed.
If a program under test hangs, then the specified test duration can be overrun
up to 5 minutes.
The patch series is based on https://github.com/stefanha/qemu/commits/block,
commit 07a45925fa88376f8583a333e74f7eeb0f455685
Maria Kustova (2):
runner: Add an argument for test duratio
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 23 ++-
1 file changed, 18 insertions(+), 5 deletions(-)
diff --git a/tests/image-fuzzer/runner.py b/tests/image-fuzzer/runner.py
index 3fa7fca..688d470 100755
--- a/tests/image-fuzzer/runner.py
+++ b/tests
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 29 +
1 file changed, 25 insertions(+), 4 deletions(-)
diff --git a/tests/image-fuzzer/runner.py b/tests/image-fuzzer/runner.py
index 688d470..4399529 100755
--- a/tests/image-fuzzer/runner.py
+++ b
Public bug reported:
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.vdi in the same directory
3. Execute
qemu-io copy.img -c map
Result: qemu-io processes part of the image and then hangs loading 100%
of CPU time.
qemu.git HEAD 2d591ce2aeeb
Public bug reported:
'qemu-img check -r all' was killed by SIGTRAP.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.qed in the same directory
3. Execute
qemu-img check -f qcow2 -r all copy.img
Result: qemu-img was killed by SIGTRAP with the r
Public bug reported:
'qemu-img check -r all/leaks' failed with a segmentation fault on the
fuzzed image with L1/L2 entry values having UINT64 border values.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.raw in the same directory
3. Execute
This patch series adds support of refcount tables and blocks to the qcow2 image
generator.
This patch series was created for the 'block-next' branch and based on the next
series:
[PATCH V3] layout: Reduce number of generator functions in __init__
Maria Kustova (3):
docs
Refcount structures are placed in clusters randomly selected from all not
allocated host clusters.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 136 -
1 file changed, 135 insertions(+), 1 deletion(-)
diff --git a/tests/image-fuzzer
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 16 +++-
1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index 57527f9..5852b4d 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b
Signed-off-by: Maria Kustova
---
docs/image-fuzzer.txt | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/docs/image-fuzzer.txt b/docs/image-fuzzer.txt
index 0d0005d..f707269 100644
--- a/docs/image-fuzzer.txt
+++ b/docs/image-fuzzer.txt
@@ -125,7 +125,8 @@ If a fuzzer
the 'create_image' API.
This patch series was created for the 'block-next' branch and based on the next
series:
[PATCH V4 0/3] image-fuzzer: Support L1/L2 tables in the qcow2 image
generator
Signed-off-by: Maria Kustova
---
v2 -> v3:
* Simplifi
Entries in L1/L2 entries are based on a portion of random guest clusters.
L2 entries contain offsets to host image clusters filled with random data.
Clusters for L1/L2 tables and guest data are selected randomly.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 255
of the parent patch series
Maria Kustova (3):
docs: Expand the list of supported image elements with L1/L2 tables
fuzz: Add fuzzing functions for L1/L2 table entries
layout: Add generators of L1/L2 tables
docs/image-fuzzer.txt | 3 +-
tests/image-fuzzer/qcow2/fuzz.py | 2
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 28
1 file changed, 28 insertions(+)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index a53c84f..57527f9 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b/tests
Signed-off-by: Maria Kustova
---
docs/image-fuzzer.txt | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/docs/image-fuzzer.txt b/docs/image-fuzzer.txt
index e73b182..0d0005d 100644
--- a/docs/image-fuzzer.txt
+++ b/docs/image-fuzzer.txt
@@ -125,8 +125,7 @@ If a fuzzer
The layout submodule of the qcow2 package creates a random valid image,
randomly selects some amount of its fields, fuzzes them and write the fuzzed
image to the file. Fuzzing process can be controlled by an external
configuration.
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 327 +++
1 file changed, 327 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/fuzz.py
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
new file mode
test runner doesn't depend on an image format, so it can be used with any
external image generator.
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 405 +++
1 file changed, 405 insertions(+)
create mode 1
__init__.py provides the public API required by the test runner
Reviewed-by: Stefan Hajnoczi
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer
v5 -> v6:
* Moved the image fuzzer specification to the QEMU docs directory
* Moved the runner.py to the image fuzzer root directory
Maria Kustova (5):
docs: Specification for the image fuzzer
runner: Tool for fuzz tests execution
fuzz: Fuzzing functions for qcow2 images
layout: Genera
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
docs/image-fuzzer.txt | 239 ++
1 file changed, 239
Public bug reported:
'qemu-io -c write' failed on the fuzzed image with missed refcount
tables:
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.cow in the same directory
3. Execute
qemu-io copy.img -c 'write 2856960 208896'
Result: qemu-io
methods are ordered by priority
* Removed redundant _join() method
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 293 ++---
1 file changed, 143 insertions(+), 150 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image
Entries in L1/L2 entries are based on a portion of random guest clusters.
L2 entries contain offsets to host image clusters filled with random data.
Clusters for L1/L2 tables and guest data are selected randomly.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 255
n the last L2 table
Maria Kustova (3):
docs: Expand the list of supported image elements with L1/L2 tables
fuzz: Add fuzzing functions for L1/L2 table entries
layout: Add generators of L1/L2 tables
tests/image-fuzzer/docs/image-fuzzer.txt | 3 +-
tests/image-fuzzer/qcow2/fuzz.py | 2
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 28
1 file changed, 28 insertions(+)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index a53c84f..57527f9 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b/tests
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tests/image-fuzzer/docs/image-fuzzer.txt
b/tests/image-fuzzer/docs/image-fuzzer.txt
index efe0ed4..2e8e3b9 100644
--- a/tests/image-fuzzer/docs/image
the 'create_image' API.
This patch series was created for the 'block-next' branch and based on the next
series:
[PATCH V2 0/3] image-fuzzer: Support L1/L2 tables in the qcow2 image
generator
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 28
1 file changed, 28 insertions(+)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index a53c84f..57527f9 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b/tests
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/tests/image-fuzzer/docs/image-fuzzer.txt
b/tests/image-fuzzer/docs/image-fuzzer.txt
index efe0ed4..2e8e3b9 100644
--- a/tests/image-fuzzer/docs/image
.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 273 -
1 file changed, 211 insertions(+), 62 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image-fuzzer/qcow2/layout.py
index 4c08202..7839d2c 100644
--- a/tests/image
of the parent patch series
* Fixed wrong maximum number of L2 tables
* Fixed missed whitespaces (based on the review of Stefan Hajnoczi)
Maria Kustova (3):
docs: Expand the list of supported image elements with L1/L2 tables
fuzz: Add fuzzing functions for L1/L2 table entries
layout: Add gen
or potentially dangerous
values. But after investigation of code coverage by fuzz tests they will be
expanded by heuristic values based on inner checks and flows of a program
under test.
Now fuzzing of a header, header extensions and a backing file name is
supported.
Signed-off-by: Maria Kustova
test runner doesn't depend on an image format or a program will be tested,
so it can be used with any external image generator and program under test.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 405
1 file changed, 405 inser
The layout submodule of the qcow2 package creates a random valid image,
randomly selects some amount of its fields, fuzzes them and write the fuzzed
image to the file. Fuzzing process can be controlled by an external
configuration.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 239 +++
1 file changed, 239
__init__.py provides the public API required by the test runner
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer/qcow2/__init__.py
b/tests/image
* Simplified attribute calls (based on the review of Stefan Hajnoczi)
Maria Kustova (5):
docs: Specification for the image fuzzer
runner: Tool for fuzz tests execution
fuzz: Fuzzing functions for qcow2 images
layout: Generator of fuzzed qcow2 images
package: Public API for image-fuzzer/run
Public bug reported:
'qemu-io -c write' and 'qemu-io -c aio_write' crashes on a qcow2 image
with a fuzzed refcount table.
Sequence:
1. Unpack the attached archive, make a copy of test.img
2. Put copy.img and backing_img.file in the same directory
3. Execute
qemu-io copy.img -c write 279552
Public bug reported:
qemu-io is killed by SIGIOT at the 'discard' command on the image having
no refcount information.
Sequence:
1. Unpack test.img and backing_img.qed in the same directory (see the attached
archives for images)
2. Make a copy of test.img to copy.img (qemu-io modifies the image
Public bug reported:
The qemu-io always returns zero on exit independently on errors occurred
during the command execution.
Example,
$ qemu-io -c 'write 128 234' /tmp/run1/test-1/test.img
offset 128 is not sector aligned
$ echo $?
0
qemu.git HEAD: 41a1a9c42c4e
** Affects: qemu
Importan
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 28
1 file changed, 28 insertions(+)
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
index ef9198f..178fef8 100644
--- a/tests/image-fuzzer/qcow2/fuzz.py
+++ b/tests
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 16 ++--
1 file changed, 10 insertions(+), 6 deletions(-)
diff --git a/tests/image-fuzzer/runner/runner.py
b/tests/image-fuzzer/runner/runner.py
index 3e9e65d..6ec40a4 100755
--- a/tests/image-fuzzer/runner
.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 265 -
1 file changed, 206 insertions(+), 59 deletions(-)
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image-fuzzer/qcow2/layout.py
index 2bad223..5f759e6 100644
--- a/tests/image
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/image-fuzzer/docs/image-fuzzer.txt
b/tests/image-fuzzer/docs/image-fuzzer.txt
index 2c4f346..08960ee 100644
--- a/tests/image-fuzzer/docs/image
TCH V4 0/5] tests: Add the image fuzzer with qcow2 support.
Maria Kustova (4):
docs: Expand the list of supported image elements with L1/L2 tables
runner: Make a copy of a test image for destructive test commands
fuzz: Add fuzzing functions for L1/L2 table entries
layout: Add generators of L1
file name required to be placed after the header
extensions in the first image cluster.
Signed-off-by: Maria Kustova
---
docs/specs/qcow2.txt | 12 ++--
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/docs/specs/qcow2.txt b/docs/specs/qcow2.txt
index 3f713a6..cfbc8b0 100644
or potentially dangerous
values. But after investigation of code coverage by fuzz tests they will be
expanded by heuristic values based on inner checks and flows of a program
under test.
Now fuzzing of a header, header extensions and a backing file name is
supported.
Signed-off-by: Maria Kustova
generated.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 359 +
1 file changed, 359 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/layout.py
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image-fuzzer/qcow2
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 239 +++
1 file changed, 239
test runner doesn't depend on an image format or a program will be tested,
so it can be used with any external image generator and program under test.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 360
1 file changed, 360 inser
__init__.py provides the public API required by the test runner
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer/qcow2/__init__.py
b/tests/image
h the unified validator
Layout:
* fixed typos
Docs:
* fixed wrong JSON terminology
Maria Kustova (5):
docs: Specification for the image fuzzer
runner: Tool for fuzz tests execution
fuzz: Fuzzing functions for qcow2 images
layout: Generator of fuzzed qcow2 images
package: Public API for image-
potentially dangerous
values. But after investigation of code coverage by fuzz tests they will be
expanded by heuristic values based on inner checks and flows of a program
under test.
Now fuzzing of a header, header extensions and a backing file name is
supported.
Signed-off-by: Maria Kustova
generated.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py | 359 +
1 file changed, 359 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/layout.py
diff --git a/tests/image-fuzzer/qcow2/layout.py
b/tests/image-fuzzer/qcow2/layout.py
__init__.py provides the public API required by the test runner
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer/qcow2/__init__.py
b/tests/image
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 239 +++
1 file changed, 239
runner doesn't depend on image format or a program will be tested, so
it can be used with any external image generator and program under test.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 370
1 file changed, 370 insertions(+)
c
of different formats
* the image generator supports backing file name
* the header extensions are generated dependently on available free space
* the specification reflects changes mentioned above
* the specification has the copyright header (based on Eric Blake comments)
Maria Kustova (5):
docs: Spec
Public bug reported:
qemu-io and qemu-img fails with an assertion (see below) at attempt to
interact with the qcow2 image having large values in the 'incompatible
features' header field.
util/error.c:34: error_set: Assertion `*errp == ((void *)0)' failed.
The backtrace file and the test imag
zer configurations.
* Created general Image class:
** fixed mixed defs/classes module style
** internalized all functions related to image generation
** simplified internal image representation
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/layout.py |
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/LICENSE | 339 +
1 file changed, 339 insertions(+)
create mode 100644 tests/image-fuzzer/LICENSE
diff --git a/tests/image-fuzzer/LICENSE b/tests/image-fuzzer/LICENSE
new file mode 100644
index
on Eric Blake comments)
Maria Kustova (6):
docs: Specification for the image fuzzer
runner: Tool for fuzz tests execution
fuzz: Fuzzing functions for qcow2 images
layout: Generator of fuzzed qcow2 images
package: Public API for image-fuzzer/runner/runner.py
image-fuzzer: GPLv2 license file
__init__.py provides the public API required by the test runner
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer/qcow2/__init__.py
b/tests/image
e_string()'
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/fuzz.py | 328 +++
1 file changed, 328 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/fuzz.py
diff --git a/tests/image-fuzzer/qcow2/fuzz.py b/tests/image-fuzzer/qcow2/fuzz.py
runner doesn't depend on image format or a program will be tested, so
it can be used with any external image generator and program under test.
v1 -> v2:
Added parameter for a fuzzer configuration file
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.
7;s review
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/fuzzer.conf | 37 ++
tests/image-fuzzer/docs/image-fuzzer.txt | 216 +++
2 files changed, 253 insertions(+)
create mode 100644 tests/image-fuzzer/docs/fuzzer.conf
create mode 100644 tests
__init__.py provides the public API required by the test runner
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
1 file changed, 1 insertion(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
diff --git a/tests/image-fuzzer/qcow2/__init__.py
b/tests/image
dangerous values.
But after investigation of code coverage by fuzz tests they will be expanded
by heuristic values based on inner checks and flows of a program under test.
Now fuzzing of header and header extensions is only supported.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/qcow2
runner doesn't depend on image format or a program will be tested, so
it can be used with any external image generator and program under test.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner/runner.py | 270
1 file changed, 270 insertions(+)
c
Layout submodule of qcow2 package creates a random valid image, randomly
selects some amount of its fields, fuzzes them and write the fuzzed image to
the file.
Now only header and header extensions are generated, remaining file is filled
by zeroes.
Signed-off-by: Maria Kustova
---
tests/image
'Overall fuzzer requirements' chapter contains the current product vision and
features done and to be done. This chapter is still in progress.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 176 +++
1 file changed, 176
its format specification with
some fields having random invalid values.
Patch 1 contains documentation for the image fuzzer, patch 2 is the test runner
and remaining ones relate to the image generator for qcow2 format.
Maria Kustova (5):
docs: Specification for the image fuzzer
runner: Tool
The series fixed the crash, but qemu-img started to produce the
confusing output:
$ qemu-img check test_image
ERROR: I/O error in check_refcounts_l1
No errors were found on the image.
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
The bug description missed qemu-img error:
(process:12283): GLib-ERROR **: gmem.c:110: failed to allocate
18446744059294601304 bytes
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1332297
Title:
qe
Public bug reported:
The qemu-img crashes on the next command:
qemu-img check test_image
'test_image' can be found in the attachment. It's a fuzzed test image
with the qcow2 image header only. Suppositional cause of the failure is
the value of 'size' header field set to maximum uint_64 value.
S
0644
index 000..5d09b2e
--- /dev/null
+++ b/tests/image-fuzzer/runner/runner.py
@@ -0,0 +1,260 @@
+# Tool for running fuzz tests
+#
+# Copyright (C) 2014 Maria Kustova
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public
: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
tests/image-fuzzer/qcow2/fuzz.py | 271 +++
tests/image-fuzzer/qcow2/layout.py | 125
3 files changed, 397 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
zzed (20%-50% of all fields)
* random selection of fields to be fuzzed
*** BLURB HERE ***
Maria Kustova (3):
image-fuzzer: Added execution of multiple tests to the test runner
image-fuzzer: Initial generator of qcow2 fuzzed images
image-fuzzer: Added description for the qcow2 image generator
Apart from fixes the description for image generator was added.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 178 +++
1 file changed, 178 insertions(+)
create mode 100644 tests/image-fuzzer/docs/image-fuzzer.txt
diff --git a/tests
: Maria Kustova
---
tests/image-fuzzer/qcow2/__init__.py | 1 +
tests/image-fuzzer/qcow2/fuzz.py | 271 +++
tests/image-fuzzer/qcow2/layout.py | 125
3 files changed, 397 insertions(+)
create mode 100644 tests/image-fuzzer/qcow2/__init__.py
Apart from fixes the description for image generator was added.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 178 +++
1 file changed, 178 insertions(+)
create mode 100644 tests/image-fuzzer/docs/image-fuzzer.txt
diff --git a/tests
0644
index 000..9f92fb1
--- /dev/null
+++ b/tests/image-fuzzer/runner/runner.py
@@ -0,0 +1,260 @@
+# Tool for running fuzz tests
+#
+# Copyright (C) 2014 Maria Kustova
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public
fields to be fuzzed
*** BLURB HERE ***
Maria Kustova (3):
image-fuzzer: runner: Added execution of multiple tests
image-fuzzer: Initial generator of qcow2 fuzzed images
image-fuzzer: docs: Added description for the qcow2 image generator
tests/image-fuzzer/docs/image-fuzzer.txt | 178 +++
This version of test runner executes only one test. In future it will be
extended to execute multiple tests in a run.
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/runner.py | 225 +++
1 file changed, 225 insertions(+)
create mode 100644 tests
Initial documentation for the image fuzzer
Signed-off-by: Maria Kustova
---
tests/image-fuzzer/docs/image-fuzzer.txt | 126 +++
1 file changed, 126 insertions(+)
create mode 100644 tests/image-fuzzer/docs/image-fuzzer.txt
diff --git a/tests/image-fuzzer/docs/image
1 - 100 of 109 matches
Mail list logo
