[libvirt] [GSOC] project libvirt fuzzing
Peter Krempa
pkrempa at redhat.com
Tue Mar 21 15:34:36 UTC 2017
On Tue, Mar 21, 2017 at 16:15:35 +0100, Michal Privoznik wrote:
> On 03/21/2017 04:39 AM, D L wrote:
> > On Thu, Mar 16, 2017 at 1:03 PM, Michal Privoznik <mprivozn at redhat.com>
> > wrote:
[...]
> > necessary. This might be one of the cases where programming is necessary for
> > this project.
>
> I don't think that we want to fuzz functions callde from
> qemuBuildCommandLine() separately. That indeed would be too overwhelming. I
> think we would be perfectly okay with fuzzing the qemuBuildCommandLine()
> itself (well, with help of XML parsing as described in my previous e-mails).
> So we might focus on generating XMLs for now (e.g. write a grammar that does
> that? dunno - don't have much experience with fuzzers). The whole idea that
Ideally it should take the grammar we have for our XMLs so that we don't
have to update it manually all the time.
> I have in my mind is as follows:
>
> 1) let fuzzer genereate a XML document
> 2) def = virDomainDefParse*(document);
> 3) qemuBuildCommandLine(def);
> 4) if SIGSEGV store XML somewhere for future inspection
including backtrace
> 5) goto 1)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170321/d39ab108/attachment-0001.sig>
More information about the libvir-list
mailing list