libdiffuzz
libdiffuzz copied to clipboard
Shnatsel
Custom memory allocator that helps discover reads from uninitialized memory
Hey @Shnatsel, I was trying to work out whether msan was giving me false positives when I happened upon `libdiffuzz`. It segfaulted immediately, but in a _completely different part of...
libdiffuzz doesn't make much use of the standard library. It can probably be switched to the corresponding libcore primitives and compiled in #![no_std] mode. Among other things, this will reduce...
Currently libdiffuzz switches to non-deterministic mode after reading an environment variable from a function called from link-time "constructors" section: https://github.com/Shnatsel/libdiffuzz/blob/f0c7a8f3b27df24d389d9e003ebda01ad89eb1cf/src/lib.rs#L31-L33 This is not a great idea for two reasons: 1....
It would be nice to be able to detect out-of-bounds reads as well. This is actually pretty easy to implement - just allocate more memory than was requested and clobber...