google
Changing CWD to where the fuzzer executable lives
I've been working on many fuzzing projects and quite some of them require loading some data files at start. Currently ClusterFuzz supports a "data archive" to include the required data files. However, the data files are extracted side by side to the fuzzer executable and the absolute location is not pre-determined. Since clusterfuzz currently won't change the current working directory (CWD) to where the fuzzer executable stays. The fuzzer has to implement logic at runtime to figure out the data file location by replacing the filename part of argv[0] with the name of the data file. Doing this is annoying and it's a pain in the ass if you are loading tons of files like this.
It would be much more elegant if we can do one of the following:
- clusterfuzz can start the fuzzer with CWD set to fuzzer's directory, or,
- clusterfuzz extract the data file to CWD, no matter where its pointing to so that the fuzzer can refer those files using hardcoded path like "./data/<my_file>".
Why not unpack fuzzer in the root directory, that is the model that works well, fuzzer cwd set to root of directory where all fuzzers are. also, you can always calculate data directory relative to directory where you fuzzer is in.
- "unpack fuzzer" has to be done by the clusterfuzz runtime, fuzzer can't do that by itself.
- "fuzzer cwd set to root of directory" fuzzer can probably do it by itself but this is dangerous and also sometimes not practical: first it can break assumptions clusterfuzz runtime has for CWD (if there is any) second, now this fuzzer has a hardcoded dependency of root directory, which means this fuzzer binary cannot run on any systems where the root is not writable.