[llvm-dev] Question about libFuzzer
Kókai Péter via llvm-dev
llvm-dev at lists.llvm.org
Mon Oct 12 23:51:20 PDT 2020
Hello,
When it found some defect, it should print a line like this:
artifact_prefix='./'; Test unit written to
./crash-b13e8756b13a00cf168300179061fb4b91fefbed
(see: http://llvm.org/docs/LibFuzzer.html)
That file should contain a data caused a crash, you can even try it
out with calling your fuzzer binary ./test
./crash-b13e8756b13a00cf168300179061fb4b91fefbed (using it as an
argument will cause it to run with that input).
The generated file prefix can be other than `crash-`, based on quick
grepping in source:
FuzzerLoop.cpp
132: DumpCurrentUnit("oom-");
176:void Fuzzer::DumpCurrentUnit(const char *Prefix) {
193: DumpCurrentUnit("crash-");
238: DumpCurrentUnit("crash-");
252: DumpCurrentUnit("crash-");
298: DumpCurrentUnit("timeout-");
317: DumpCurrentUnit("oom-");
559: DumpCurrentUnit("crash-");
693: DumpCurrentUnit("leak-");
Maybe your unit under test has heap overflow with empty string ?
--
Kokan
On Tue, 13 Oct 2020 at 05:05, Wingkin Mak via llvm-dev
<llvm-dev at lists.llvm.org> wrote:
>
> Hello,
> i hope this is the right place to ask. I'm currently working on my bachelor thesis which compares fuzzing tools.
> So i used libFuzzer to test some files (with AdressSanitizer)
> It found heap buffer overflow. How i understand is that the input which cause this error, should be written in the crash file.
> But my crash file is empty. So does that mean, that libFuzzer found the overflow without an input or where can i find the input which caused the buffer overflow?
>
> Sincerely Yours
>
> Wingkin Mak
> _______________________________________________
> LLVM Developers mailing list
> llvm-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-dev
More information about the llvm-dev
mailing list