On 10/13/2017 10:54 AM, Jan Beulich wrote:
On 13.10.17 at 11:22, wrote:
>> On 10/12/2017 04:16 PM, Jan Beulich wrote:
>> On 11.10.17 at 19:52, wrote:
@@ -761,12 +757,11 @@ static void disable_hooks(struct x86_emulate_ctxt
*ctxt)
static void sanitize_input(struct x86_emul
>>> On 13.10.17 at 11:22, wrote:
> On 10/12/2017 04:16 PM, Jan Beulich wrote:
> On 11.10.17 at 19:52, wrote:
>>> @@ -761,12 +757,11 @@ static void disable_hooks(struct x86_emulate_ctxt
>>> *ctxt)
>>> static void sanitize_input(struct x86_emulate_ctxt *ctxt)
>>> {
>>> struct fuzz_state
On 10/12/2017 04:16 PM, Jan Beulich wrote:
On 11.10.17 at 19:52, wrote:
>> --- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
>> +++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
>> @@ -22,34 +22,31 @@
>>
>> #define SEG_NUM x86_seg_none
>>
>> -/* Layout of data expected as fuzzing
>>> On 11.10.17 at 19:52, wrote:
> --- a/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
> +++ b/tools/fuzz/x86_instruction_emulator/fuzz-emul.c
> @@ -22,34 +22,31 @@
>
> #define SEG_NUM x86_seg_none
>
> -/* Layout of data expected as fuzzing input. */
> -struct fuzz_corpus
> +/*
> + * State
At the moment we copy data from the input into a struct named
'corpus', then read and write this state (so that it no longer
resembles the corpus that we read from).
Instead, move all "emulated cpu" state into fuzz_state, and explicitly
state that we are expecting to change it. Get rid of 'input'