[PATCH] D70738: [libFuzzer] Add custom output function
Max Moroz via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Mon Dec 9 13:21:17 PST 2019
Dor1s added a comment.
Another (real) example, imagine a fuzz target like this: https://cs.chromium.org/chromium/src/net/spdy/fuzzing/http2_frame_decoder_fuzzer.cc?rcl=0be62a8d95f7fa1455fce1a76f0fa5b8484d0c8c&l=34
The data is being split into multiple pieces (e.g. chunk size and chunk buffer) in a loop (fuzzing a function that decodes frames coming from the network).
To write `LLVMFuzzerCustomOutput` function, you would need to either duplicate that data break up logic, or introduce another function for splitting the data and passing the objects around.
With the proposed solution (which we use in Chrome / at Google), you can print pretty much anything from anywhere. The `getenv` result might be put in a static variable and you'd print every chunk before actually decoding it. Flexible and easy to write / read / maintain.
Note that this is a real but still simple example. We have more sophisticated fuzz targets where implementing `LLVMFuzzerCustomOutput` would be a considerable waste of time.
Repository:
rCRT Compiler Runtime
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D70738/new/
https://reviews.llvm.org/D70738
More information about the llvm-commits
mailing list