<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 3, 2015 at 11:03 AM, Greg Stark <span dir="ltr"><<a href="mailto:stark@mit.edu" target="_blank" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=stark@mit.edu&cc=&bcc=&su=&body=','_blank');return false;">stark@mit.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Thu, Sep 3, 2015 at 6:54 PM, Kostya Serebryany <<a href="mailto:kcc@google.com" onclick="window.open('https://mail.google.com/mail/?view=cm&tf=1&to=kcc@google.com&cc=&bcc=&su=&body=','_blank');return false;">kcc@google.com</a>> wrote:<br>
> Looks correct.<br>
<br>
Ah! With a fresh pair of eyes it's obvious what was wrong. I had<br>
compiled everything with sanitize-coverage except the Fuzzer code<br>
itself but that included the file with the wrapper function which<br>
calls the target function. And with the NULL data argument it wasn't<br>
passing the wrapper function. So no coverage. I'm still puzzled why<br>
about the NULL argument but compiling that file with coverage checking<br>
has made it proceed.<br>
<span class=""><br>
> Can you post the output of libFuzzer here?<br>
> Something like<br>
<br>
</span>I haven't looked into why yet, this is probably something simple but<br>
for the sake of it this is what I'm getting now with the above fixed:<br>
<br>
/usr/local/pgsql/bin/psql -c 'select fuzz()'<br>
Flag: verbosity 9<br>
Flag: iterations 100<br>
Flag: runs 10<br>
Flag: save_minimized_corpus 1<br>
Seed: <a href="tel:3416380570" value="+73416380570">3416380570</a><br>
SetTimer 601<br>
Tokens: {}<br>
PreferSmall: 1<br>
#0 READ cov: 0 bits: 0 units: 1 exec/s: 0<br>
Called with Data=(nil) size=0<br>
#1 pulse cov: 13790 bits: 21 units: 1 exec/s: 0<br>
NEW0: 13790 L 0<br>
#1 INITED cov: 13790 bits: 21 units: 1 exec/s: 0<br>
Written corpus of 1 files to /var/tmp/corpus<br>
Reload: read 1 new units.<br>
Called with Data=0x60600000e480 size=64<br>
#2 pulse cov: 14202 bits: 252 units: 1 exec/s: 0<br>
#2 NEW cov: 14202 bits: 252 units: 2 exec/s: 0 L: 64<br></blockquote><div>Ok, so now you are at least getting the coverage feedback. </div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Written to /var/tmp/corpus/67ffe57491b2903668530b6182e5aeb6113d3f28<br>
Called with Data=0x60600000e480 size=64<br>
#3 NEW cov: 14278 bits: 257 units: 3 exec/s: 0 L: 64<br>
Written to /var/tmp/corpus/67ffe57491b2903668530b6182e5aeb6113d3f28<br>
Called with Data=0x60600000e480 size=64<br>
#4 pulse cov: 14298 bits: 262 units: 3 exec/s: 0<br>
#4 NEW cov: 14298 bits: 262 units: 4 exec/s: 0 L: 64<br>
Written to /var/tmp/corpus/1ae4df94333696e5bba164df9cf5e93df7a72e20<br>
Called with Data=0x60600000e480 size=64<br>
#5 NEW cov: 14311 bits: 267 units: 5 exec/s: 0 L: 64<br>
Written to /var/tmp/corpus/c167e6439183f0df3ea25fcd30da80b27293e737<br>
Called with Data=0x60600000e480 size=64<br>
#6 NEW cov: 14311 bits: 271 units: 6 exec/s: 0 L: 64<br>
Written to /var/tmp/corpus/21e9212a20031de685b5b20d5d7752b17780303a<br>
Reload: read 0 new units.<br>
Called with Data=0x60600000e480 size=64<br>
PANIC: ERRORDATA_STACK_SIZE exceeded<br>
STATEMENT: select fuzz()<br>
LOG: server process (PID 8650) was terminated by signal 6: Aborted<br>
DETAIL: Failed process was running: select fuzz()<br>
PANIC: ERRORDATA_STACK_SIZE exceeded<br>
server closed the connection unexpectedly<br>
This probably means the server terminated abnormally<br>
before or while processing the request.<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
--<br>
greg<br>
</font></span></blockquote></div><br></div></div>