<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/61990>61990</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            issue in libfuzzer's RunOne function w.r.t fork-mode fuzzing
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          boofish
      </td>
    </tr>
</table>

<pre>
    Hi, I recently analyzed the fork mode of libfuzzer and found a logic error in the `Runone` function.
The basic idea is: the shortened seed needs to be kept. Otherwise, we will lose the newfound interesting seeds under the fork mode.

Specifically, in the `RunOne` function of file `FuzzerLoop.cpp`, the code

```
  if (II && FoundUniqFeaturesOfII &&
      II->DataFlowTraceForFocusFunction.empty() &&
      FoundUniqFeaturesOfII == II->UniqFeatureSet.size() &&
 II->U.size() > Size) {
    auto OldFeaturesFile = Sha1ToString(II->Sha1);
    Corpus.Replace(II, {Data, Data + Size}, TimeOfUnit);
    RenameFeatureSetFile(Options.FeaturesDir, OldFeaturesFile,
                         Sha1ToString(II->Sha1));
 return true;

```

should be updated as follows (by adding `WriteToOutputCorpus({Data, Data + Size});`):

```
if (II && FoundUniqFeaturesOfII &&
      II->DataFlowTraceForFocusFunction.empty() &&
      FoundUniqFeaturesOfII == II->UniqFeatureSet.size() &&
 II->U.size() > Size) {
    auto OldFeaturesFile = Sha1ToString(II->Sha1);
    Corpus.Replace(II, {Data, Data + Size}, TimeOfUnit);
+   WriteToOutputCorpus({Data, Data + Size}); 
 RenameFeatureSetFile(Options.FeaturesDir, OldFeaturesFile,
 Sha1ToString(II->Sha1));
    return true;
```

</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzsVV1r60YQ_TWrlyFCXllfD3pI4itqKBhiX_q80o6s7V3vqvtR4_z6smsnsYMbSin05QojWZqZM2eORhxmrdgrxJYUT6RYJcy7SZu213oUdkp6zU_tL4LQZ1iDwQGVkydgisnTK3JwE8KozQ84aI6gR5CiH_3rKxpgisOoveLAQOq9GACN0QaEilWkzF680gpJmcHo1eCEVinJViR73E0IPbNiAMGRgbAkf4xFdtLGoUIOFpGDQuQWnIYe4QfOLoWNm9AchcVA-IhwFFKC1BZjucLjmZFQDg1aJ9Q-IlnwiqO5HedC5nzezjiIUQxMylPAvplicztF0GEUMka7KMavWs_pMM-kzEJxqBw0x-sGIXT-xVsAMQKh9XoNhJaEltAF5t-V-KND5rxBuxnfg2814VivH0j-bcUc66Q-7gwbsNOm04O33ZvMeJjdidCa0OYOwt90ylckX13gr6JbdKkVr3gP7pJ8E8-_wTbeNkCqp4--zDsNG8nfmnZRwXwF24ktdnrrjFD7qEjADA8JbUh-hfCszext-oKzZAPG1KA2qZ6CGuFvuAKhT2cG1So824kDbsbvSrjPeC-o2AE_xgyMCK03c9DQpm9EV8IEnE_UCX2-1vTO8eVc11QMOm8UOOPx_eHdpTmf7aS95OGb8DNnDjkwC6OWUh9tWKn-BIzzsPqkzH4zwuFOb7ybvTsLGF7UV5JFZmGRG5I_fsHm5wL_nwsckgD-5euFC6f_6Av4x5sOcH_Zbxcr4W3Om7xhCbaLss7qxbLKi2RqWV30TVPRfsyHKqdDhdky50Xdl3xcsmqZiJZmNM-WWUmzoi6KlNKqzItFXmesyhYUyTLDAxMylfLPQ6rNPhHWemzLRdNkiWQ9ShudklKFR4hBQmkwTtOGmofe7y1ZZlJYZz9QnHAS25gerOPdJQmtLJwd5MM-jqlJXfShh2irIVWofeKNbCfn5mCHhHaEdnvhJt-ngz4Q2oVml8vDbPTvODhCu9jTEtrFEf4KAAD__0NkYVQ">