Minor tweak to default ASAN_OPTIONS in afl-fuzz

[Bhargava Shastry]

Hi all,

I noticed that my ASAN crash corpuses generally have a large number of "sig:06" crash file names. On further inspection, it turns out that quite of few of these might actually be "sig:11" (seg faults) but are interpreted as aborts due to AFL's default ASAN_OPTIONS, which is:

> setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" "symbolize=0:" "allocator_may_return_null=1", 0);

I presume a lot of us might benefit from a slight tweak, like so:

> setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" "symbolize=0:" "handle_segv=0:" "allocator_may_return_null=1", 0);

Basically, this is telling ASAN to not handle Seg faults (default is true for Linux, false for windows [1]). This way, we can get AFL to name these "sig:11" crashes, possibly arousing interest during crash triage. My two cents...

[1]: https://github.com/google/sanitizers/wiki/SanitizerCommonFlags

Regards,

Bhargava

[Yuri Gribov]

As a side note, we've recently added a list of "aggressive" Asan
options to wiki
(https://github.com/google/sanitizers/wiki/AddressSanitizer):
Q: Can I run AddressSanitizer with more aggressive diagnostics enabled?
A: Yes! In particular you may want to enable
CFLAGS += -fsanitize-address-use-after-scope
ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1
The options report violations which are usually treated as
non-critical (strict_init_order), may produce FPs
(strict_string_checks) or significantly slow down execution
(detect_stack_use_after_return). -fsanitize-address-use-after-scope is
only supported in Clang and a bit unstable.

> --
> You received this message because you are subscribed to the Google Groups
> "afl-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to afl-users+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.