diff options
Diffstat (limited to 'tests/qtest/fuzz/fuzz.c')
| -rw-r--r-- | tests/qtest/fuzz/fuzz.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/tests/qtest/fuzz/fuzz.c b/tests/qtest/fuzz/fuzz.c index 33365c3782..a44fe479db 100644 --- a/tests/qtest/fuzz/fuzz.c +++ b/tests/qtest/fuzz/fuzz.c @@ -91,7 +91,12 @@ static void usage(char *path) printf(" * %s : %s\n", tmp->target->name, tmp->target->description); } - printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n"); + printf("Alternatively, add -target-FUZZ_TARGET to the executable name\n\n" + "Set the environment variable FUZZ_SERIALIZE_QTEST=1 to serialize\n" + "QTest commands into an ASCII protocol. Useful for building crash\n" + "reproducers, but slows down execution.\n\n" + "Set the environment variable QTEST_LOG=1 to log all qtest commands" + "\n"); exit(0); } @@ -138,6 +143,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) char *target_name; char *dir; + bool serialize = false; /* Initialize qgraph and modules */ qos_graph_init(); @@ -172,6 +178,13 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) usage(**argv); } + /* Should we always serialize qtest commands? */ + if (getenv("FUZZ_SERIALIZE_QTEST")) { + serialize = true; + } + + fuzz_qtest_set_serialize(serialize); + /* Identify the fuzz target */ fuzz_target = fuzz_get_target(target_name); if (!fuzz_target) { @@ -186,6 +199,11 @@ int LLVMFuzzerInitialize(int *argc, char ***argv, char ***envp) /* Run QEMU's softmmu main with the fuzz-target dependent arguments */ const char *init_cmdline = fuzz_target->get_init_cmdline(fuzz_target); + init_cmdline = g_strdup_printf("%s -qtest /dev/null -qtest-log %s", + init_cmdline, + getenv("QTEST_LOG") ? "/dev/fd/2" + : "/dev/null"); + /* Split the runcmd into an argv and argc */ wordexp_t result; |