diff options
| author | Richard Henderson <richard.henderson@linaro.org> | 2021-12-02 08:49:51 -0800 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2021-12-02 08:49:51 -0800 |
| commit | a69254a2b320e31d3aa63ca910b7aa02efcd5492 (patch) | |
| tree | 794167714b258376097fa0eb90e6a8d2904fae92 /tests/qtest/fdc-test.c | |
| parent | 682aa69b1f4dd5f2905a94066fa4c853adc33251 (diff) | |
| parent | cc20926e9b8077bff6813efc8dcdeae90d1a3b10 (diff) | |
| download | focaccia-qemu-a69254a2b320e31d3aa63ca910b7aa02efcd5492.tar.gz focaccia-qemu-a69254a2b320e31d3aa63ca910b7aa02efcd5492.zip | |
Merge tag 'ide-pull-request' of https://gitlab.com/jsnow/qemu into staging
Pull request # gpg: Signature made Wed 01 Dec 2021 10:17:38 PM PST # gpg: using RSA key F9B7ABDBBCACDF95BE76CBD07DEF8106AAFC390E # gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" [full] * tag 'ide-pull-request' of https://gitlab.com/jsnow/qemu: tests/qtest/fdc-test: Add a regression test for CVE-2021-20196 hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 hw/block/fdc: Extract blk_create_empty_drive() Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Diffstat (limited to 'tests/qtest/fdc-test.c')
| -rw-r--r-- | tests/qtest/fdc-test.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/tests/qtest/fdc-test.c b/tests/qtest/fdc-test.c index 26b69f7c5c..8f6eee84a4 100644 --- a/tests/qtest/fdc-test.c +++ b/tests/qtest/fdc-test.c @@ -32,6 +32,9 @@ /* TODO actually test the results and get rid of this */ #define qmp_discard_response(...) qobject_unref(qmp(__VA_ARGS__)) +#define DRIVE_FLOPPY_BLANK \ + "-drive if=floppy,file=null-co://,file.read-zeroes=on,format=raw,size=1440k" + #define TEST_IMAGE_SIZE 1440 * 1024 #define FLOPPY_BASE 0x3f0 @@ -546,6 +549,40 @@ static void fuzz_registers(void) } } +static bool qtest_check_clang_sanitizer(void) +{ +#if defined(__SANITIZE_ADDRESS__) || __has_feature(address_sanitizer) + return true; +#else + g_test_skip("QEMU not configured using --enable-sanitizers"); + return false; +#endif +} +static void test_cve_2021_20196(void) +{ + QTestState *s; + + if (!qtest_check_clang_sanitizer()) { + return; + } + + s = qtest_initf("-nographic -m 32M -nodefaults " DRIVE_FLOPPY_BLANK); + + qtest_outw(s, 0x3f4, 0x0500); + qtest_outb(s, 0x3f5, 0x00); + qtest_outb(s, 0x3f5, 0x00); + qtest_outw(s, 0x3f4, 0x0000); + qtest_outb(s, 0x3f5, 0x00); + qtest_outw(s, 0x3f1, 0x0400); + qtest_outw(s, 0x3f4, 0x0000); + qtest_outw(s, 0x3f4, 0x0000); + qtest_outb(s, 0x3f5, 0x00); + qtest_outb(s, 0x3f5, 0x01); + qtest_outw(s, 0x3f1, 0x0500); + qtest_outb(s, 0x3f5, 0x00); + qtest_quit(s); +} + int main(int argc, char **argv) { int fd; @@ -576,6 +613,7 @@ int main(int argc, char **argv) qtest_add_func("/fdc/read_no_dma_18", test_read_no_dma_18); qtest_add_func("/fdc/read_no_dma_19", test_read_no_dma_19); qtest_add_func("/fdc/fuzz-registers", fuzz_registers); + qtest_add_func("/fdc/fuzz/cve_2021_20196", test_cve_2021_20196); ret = g_test_run(); |