Fuzzing hits a bug with null input already, but the bug seems to be in fuzzer::FileToVector?
18 views
Skip to first unread message
Neven Sajko
Nov 8, 2020, 1:38:53 AM11/8/20
to libf...@googlegroups.com
Hello,
I don't know if this is a bug in libfuzzer or if I'm just doing
something wrong, but I can't seem to fuzz a toy program of mine, it
fails right away with an input file of zero bytes. The program is
C++20, don't know if that's important. The code, just a single file,
is here: https://github.com/nsajko/hammingCode/blob/master/hammingCoder.cc
The same Git repository has the build.sh file which shows which
compiler options I use, and fuzz.sh, which shows which options I pass
to the fuzzer. Some fuzzer output is attached. The weird thing is that
the stack trace does not mention any lines from my code, thus it seems
like a libfuzzer bug.
The same thing happens with both 10.0.1 and a couple days old trunk.
I don't know if this is a bug in libfuzzer or if I'm just doing
something wrong, but I can't seem to fuzz a toy program of mine, it
fails right away with an input file of zero bytes. The program is
C++20, don't know if that's important. The code, just a single file,
is here: https://github.com/nsajko/hammingCode/blob/master/hammingCoder.cc
The same Git repository has the build.sh file which shows which
compiler options I use, and fuzz.sh, which shows which options I pass
to the fuzzer. Some fuzzer output is attached. The weird thing is that
the stack trace does not mention any lines from my code, thus it seems
like a libfuzzer bug.
The same thing happens with both 10.0.1 and a couple days old trunk.
Neven Sajko
Nov 8, 2020, 1:38:53 AM11/8/20
to libf...@googlegroups.com
I just tried running the fuzzer with no options except the corpus, and
the same thing does not happen (i.e., it seems now I get an actual bug
in my code). Thus it seems like I hit an unsupported combination of
argv options for the fuzzer.
Neven
the same thing does not happen (i.e., it seems now I get an actual bug
in my code). Thus it seems like I hit an unsupported combination of
argv options for the fuzzer.
Neven
Neven Sajko
Nov 8, 2020, 1:38:53 AM11/8/20
to libf...@googlegroups.com
Oh, yeah, this is AMD64 Linux with libstdc++.
Neven Sajko
Nov 8, 2020, 1:38:53 AM11/8/20
to libf...@googlegroups.com
I pinpointed this issue down to the usage of the -minimize_crash=1 setting.
If I give the fuzzer that option, either alone or with -runs=N for any
N, I get the crash in fuzzer::MinimizeCrashInput.
And this is without any indication that my code is faulty, all the
stack trace elements are either libfuzzer or libc (maybe with
libstdc++, too).
Neven
If I give the fuzzer that option, either alone or with -runs=N for any
N, I get the crash in fuzzer::MinimizeCrashInput.
And this is without any indication that my code is faulty, all the
stack trace elements are either libfuzzer or libc (maybe with
libstdc++, too).
Neven
Reply all
Reply to author
Forward
0 new messages