ShuriZma
/
xemu
mirror of https://github.com/xemu-project/xemu.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

image-fuzzer: Add fuzzing functions for L1/L2 table entries 

Signed-off-by: Maria Kustova <maria.k@catit.be>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This commit is contained in:
Maria Kustova 2014-08-11 15:01:09 +04:00 committed by Stefan Hajnoczi
parent 489cb4d7f9
commit eeadd92487
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
tests/image-fuzzer/qcow2/fuzz.py
View File

@ -325,3 +325,31 @@ def feature_name(current):
truncate_string(STRING_V, 46) # Fuzz padding (field length = 46) truncate_string(STRING_V, 46) # Fuzz padding (field length = 46)
] ]
return selector(current, constraints, string_validator) return selector(current, constraints, string_validator)
def l1_entry(current):
"""Fuzz an entry of the L1 table."""
constraints = UINT64_V
# Reserved bits are ignored
# Added a possibility when only flags are fuzzed
offset = 0x7fffffffffffffff & random.choice([selector(current,
constraints),
current])
is_cow = random.randint(0, 1)
return offset + (is_cow << UINT64_M)
def l2_entry(current):
"""Fuzz an entry of an L2 table."""
constraints = UINT64_V
# Reserved bits are ignored
# Add a possibility when only flags are fuzzed
offset = 0x3ffffffffffffffe & random.choice([selector(current,
constraints),
current])
is_compressed = random.randint(0, 1)
is_cow = random.randint(0, 1)
is_zero = random.randint(0, 1)
value = offset + (is_cow << UINT64_M) + \
(is_compressed << UINT64_M - 1) + is_zero
return value