[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH-for-5.2 2/3] fuzz: check the MR in the DMA callback
From: |
Alexander Bulekov |
Subject: |
[PATCH-for-5.2 2/3] fuzz: check the MR in the DMA callback |
Date: |
Thu, 29 Oct 2020 13:28:59 -0400 |
We should be checking that the device is trying to read from RAM, before
filling the region with data. Otherwise, we will try to populate
nonsensical addresses in RAM for callbacks on PIO/MMIO reads. We did
this originally, however the final version I sent had the line commented
out..
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
---
tests/qtest/fuzz/generic_fuzz.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/qtest/fuzz/generic_fuzz.c b/tests/qtest/fuzz/generic_fuzz.c
index 3e2d50feaa..31f24ad06f 100644
--- a/tests/qtest/fuzz/generic_fuzz.c
+++ b/tests/qtest/fuzz/generic_fuzz.c
@@ -192,7 +192,7 @@ void fuzz_dma_read_cb(size_t addr, size_t len, MemoryRegion
*mr, bool is_write)
*/
if (dma_patterns->len == 0
|| len == 0
- /* || mr != MACHINE(qdev_get_machine())->ram */
+ || mr != MACHINE(qdev_get_machine())->ram
|| is_write
|| addr > current_machine->ram_size) {
return;
--
2.28.0