Reviewing QEMU OSS-Fuzz Integration PR

Reviewing QEMU OSS-Fuzz Integration PR

[Alexander Bulekov]

Hello,
I submitted a Github PR to integrate QEMU into OSS-Fuzz. This is made
up of a Dockerfile and a build-script that builds all of the
virtual-device fuzzers and copies them to an output directory, along
with the dynamic-library and pc-bios images that they depend on.

Since this is maintained outside the qemu.git repo, and these changes
didn't go through the mailing list, can anyone provide feedback on this
PR?

https://github.com/google/oss-fuzz/pull/3935

Let me know if I can provide more details about the OSS-Fuzz Build
system.

These details are copied from an older email:
On oss-fuzz, the build and execution happens in two separate containers.

1.) In the build container, we can do whatever we want, but we must
place the executable(s) we produce at the root of a directory /out/.
e.g. one output executable is /out/qemu-system-target-i440fx-fuzz

2.) In the runner, this "build artifact" directory is mounted at
some location(we can't assume the location). This runner container
automatically identifies the executable within the root of the  "build
artifact" dir and runs it. The path to the executable could now be
/somedir/qemu-system-target-i440fx-fuzz

In the runner container we only have control over the files in /somedir/
(which was /out/ in the builder). Thus, in addition to copying over
shared-libs to /out/ we need to copy any data (pc-bios) that the binary
relies on. The problem is that we have to point qemu towards the
location of the bios. Normally qemu checks the /usr/share/... dir. For
local builds, qemu also examines the executable path and looks in
$executable_path/../pc-bios/. On the oss-fuzz runner we dont control
/somedir/../pc-bios, so we can't rely on this. This patch allows us to
specify /somedir/pc-bios as the datadir.

Thank you
-Alex