qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [RFC 08/19] fuzz: add shims to intercept libfuzzer init

From: Stefan Hajnoczi
Subject: Re: [Qemu-devel] [RFC 08/19] fuzz: add shims to intercept libfuzzer init
Date: Fri, 26 Jul 2019 13:59:05 +0100
User-agent: Mutt/1.12.0 (2019-05-25) 
On Thu, Jul 25, 2019 at 10:21:18AM +0200, Paolo Bonzini wrote:
> On 25/07/19 05:23, Oleinik, Alexander wrote:
> > Intercept coverage buffer registration calls and use this information to
> > copy them to shared memory, if using fork() to avoid resetting device
> > state.
> > 
> > Signed-off-by: Alexander Oleinik <address@hidden>
> > ---
> >  tests/fuzz/fuzzer_hooks.c | 106 ++++++++++++++++++++++++++++++++++++++
> >  tests/fuzz/fuzzer_hooks.h |   9 ++++
> >  2 files changed, 115 insertions(+)
> >  create mode 100644 tests/fuzz/fuzzer_hooks.c
> >  create mode 100644 tests/fuzz/fuzzer_hooks.h
> > 
> > diff --git a/tests/fuzz/fuzzer_hooks.c b/tests/fuzz/fuzzer_hooks.c
> > new file mode 100644
> > index 0000000000..5a0bbec413
> > --- /dev/null
> > +++ b/tests/fuzz/fuzzer_hooks.c
> > @@ -0,0 +1,106 @@
> > +#include "qemu/osdep.h"
> > +#include "qemu/units.h"
> > +#include "qapi/error.h"
> > +#include "qemu-common.h"
> > +#include "fuzzer_hooks.h"
> > +
> > +#include <dlfcn.h>
> > +#include <elf.h>
> > +
> > +
> > +extern void* _ZN6fuzzer3TPCE;
> 
> Would it make sense to make this a C++ source, so that you can avoid
> using the mangled names (in this case, "namespace fuzzer { extern void
> *TPC; }" and then using fuzzer::TPC)?  Even if it's just a single symbol.

A proper libfuzzer API is nicest in the long term.

Alexander: Could you send a patch to libfuzzer to see if they are
willing to support this via their API?

Stefan

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]