On Tue, Mar 21, 2017 at 11:15 AM, Michal Privoznik <mprivozn@xxxxxxxxxx> wrote:
Yes, I compiled, installed, and used the binaries successfully. On 03/21/2017 04:39 AM, D L wrote:
On Thu, Mar 16, 2017 at 1:03 PM, Michal Privoznik <mprivozn@xxxxxxxxxx>
wrote:
Hi Michal,
Hey,
I have been digesting your comments. Then I switched concentration from
general
instrumentation and fuzzing to qemuBuildCommandLine(). I have been having
difficulties of resolving the dependencies/shared objects in order to fuzz
a particular
function. Then I came to a conclusion, I would imagine, but have not
started yet,
to target specific functions, some helper functions need to be in place to
be
responsible of the callbacks, and it seems hand-crafted instrumentation is
also
necessary. This might be one of the cases where programming is necessary for
this project.
I don't think that we want to fuzz functions callde from qemuBuildCommandLine() separately. That indeed would be too overwhelming. I think we would be perfectly okay with fuzzing the qemuBuildCommandLine() itself (well, with help of XML parsing as described in my previous e-mails). So we might focus on generating XMLs for now (e.g. write a grammar that does that? dunno - don't have much experience with fuzzers). The whole idea that I have in my mind is as follows:
1) let fuzzer genereate a XML document
2) def = virDomainDefParse*(document);
3) qemuBuildCommandLine(def);
4) if SIGSEGV store XML somewhere for future inspection
5) goto 1)
For points 2) and 3) we might need to create a binary, but that should be fairly easy to do. Does this sound reasonable to you?
That's great. I really appreciate the clarity. Yes, I also think we need to generate binaries. The work flow sounds reasonable for me now.
Given the slow progress, or maybe I started later than an ideal situation,
I am a
bit worried if I could finish the requirement before the submission
deadline, not
to mention other libvirt community-specific requirement mentioned on the
website.
Well, the requirements for submitting are not have all the coding ready :-). You can check the requirements here:
http://wiki.libvirt.org/page/Google_Summer_of_Code_FAQ
Then, for the student application you should describe in the form how you want to achieve the goal, design some time line and so on. Don't worry, you can edit it until the deadline.
Thanks a lot for letting me know again about this.
So to make sure I am on the right track, what are the concrete goals to
achieve,
specific requirement to meet, or procedures for me to follow in order to
submit
the application by the deadline?
Well, you've successfully subscribed to the list and I assume you've cloned and compiled libvirt. So what you need to do is to prove it - send a patch that fixes something in libvirt. There is a link in the FAQ to a list of bite sized tasks. Or I can think of something easy if you want.>
> Michal
Could you confirm the location of bug list is the following, please?
https://bugzilla.redhat.com/buglist.cgi?component=libvirt&product=Virtualization%20Tools
https://bugzilla.redhat.com/enter_bug.cgi?product=Virtualization%20Tools&component=libvirt
"This list is too long for Red Hat Bugzilla's little mind"
I will take a look at several of the latest ones see if I can solve one of them; I will let you know otherwise.
Thanks a lot,
Dan
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list