DavidKorczynski
DavidKorczynski
> 403 is forbidden. Do you have access to every project in OSS-Fuzz already? If not do you want access? Hmm -- I get 403 as well, but we should...
> the Detailed report should state explicitly the environment variables that the fuzzer set You can extract this when the fuzzers are build as it's printed to stdout. Specifically for...
@jreiser I think I understand the situation now -- I think it's likely because you didn't write the harnesses that things got confusing. There are currently three fuzzers for UPX...
For reference, the fuzzers I linked to are all "in-process` fuzzing, meaning `LLVMFuzzerTestOneInput` in each of the fuzzers will be called N (many) times in each process. Thus, `upx_main` is...
The fuzztest repository cloned here https://github.com/google/oss-fuzz/blob/413bb8be7a15e616dd262b24f53f08a22a19a08a/infra/base-images/base-builder/Dockerfile#L134-L142 is used by OSS-Fuzz to build the centipede fuzzing engine, and not really as the source module for projects using fuzztest fuzzers. As far...
A separate question is whether centipede should be bumped since it hasn't been bumped sine https://github.com/google/oss-fuzz/pull/10248 -- but I still recommend not using `$SRC/fuzztest` for the fuzztest version your project...
For the record, we can use any sort of fuzztest version as long as it supports the libfuzzer compatibility. Since the libfuzzer engine will be used at runtime the version...
> My idea is to make all the files in the /tmp. That should work, shouldn't it? No, we did this and there are some complications with the approach. I'll...
I couldn't find issues in the logs because I disabled the cmd fuzzers. From memory, I think what happens when you change the working directory of the fuzzer to `/tmp/`...
This was previously suggested, but was considered too small -- https://github.com/google/oss-fuzz/pull/4982 Maybe CFLite would be more appropriate