[llvm-dev] libFuzzer: add an option to always null-terminate?
Kostya Serebryany via llvm-dev
llvm-dev at lists.llvm.org
Wed Aug 2 12:42:55 PDT 2017
On Wed, Aug 2, 2017 at 12:24 PM, Johan Engelen via llvm-dev <
llvm-dev at lists.llvm.org> wrote:
> Hi all,
> While playing with libFuzzer, it's a little cumbersome to having to copy
> the buffer just in order to null-terminate it.
>
It's just one line, isn't it?
(Well, in C++; in C this would be 3 lines)
> Is a null-terminated buffer an often-enough
>
It's somewhat frequent, yes.
> usage scenario to warrant a libFuzzer commandline configuration switch to
> always generate a null-terminated test case?
>
Such option will need to be *off* by default, because there are lots of
cases where we must not null-terminate the input (otherwise we'll hide some
bugs).
And when an option is off by default and some targets *require* it to be on
in order to function properly it becomes a very bad idea, IMHO.
Besides, the LLVMFuzzerTestOneInput is supposed to be a general interface
between the APIs under test and any fuzzing engine (AFL, honggfuzz, SAGE,
KLEE, etc) and we should not expect all of them to implement the flag.
--kcc
>
> Thanks,
> Johan
>
>
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20170802/1e117306/attachment.html>
More information about the llvm-dev
mailing list