Pietro Borrello
Pietro Borrello
Thank you for your reply. That is the commit I tested the fuzzer on, not sure on master, but it is really a recent commit
Hello, I confirm the issue seems to reproduce on the current master. The ASAN stack trace does not provide full information, sorry for the confusion. The full (huge) stack trace...
I am not sure why it does not work for you, to reproduce on my machine I do exactly this (commit fee8e97b4eeb34fe2e6e6294413d84e9e7a072a7) : ``` $ CXX=clang++ CXXFLAGS='-O1 -fsanitize=address -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr' LIB_FUZZING_ENGINE='./libFuzzer.a'...
Uh I confirm that if I use the `standalone_fuzz_target_runner.cpp` provided as LIB_FUZZING_ENGINE, it does not crash. I'm not sure what the official llvm driver does to affect this issue to...
I can also confirm it reproduces when compiling with [AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) with default configurations: ``` $ CXX=./AFLplusplus/afl-clang-fast++ CXXFLAGS='-O1 -fsanitize=address -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr' LIB_FUZZING_ENGINE='AFLplusplus/libAFLDriver.a' make -j8 server_fuzzer ```
Ok the problem is that in `standalone_fuzz_target_runner.cpp` you do not call `LLVMFuzzerInitialize` which is actually used by the harness to setup different stuff. While both AFL++ and libfuzzer driver have...
I have added it as the first instruction inside the `for` loop, but I guess it could be also called just once at the beginning of the `main` function. It...
Ah yes, I'm on ubuntu 18.04 I assumed the crash was OS insensitive but maybe is not the case
So the way I'm compiling is ``` $ CXX=clang++ CXXFLAGS='-O1 -fsanitize=address -fsanitize=array-bounds,bool,builtin,enum,float-divide-by-zero,function,integer-divide-by-zero,null,object-size,return,returns-nonnull-attribute,shift,signed-integer-overflow,unreachable,vla-bound,vptr' LIB_FUZZING_ENGINE='./standalone_fuzz_target_runner.cpp' make -j8 server_fuzzer ``` Directly in the `test/fuzzing` folder. This produces the compilation command: ``` $ clang++...
So the bug does not reproduce in the Makefile in `test` since the `CXXFLAGS` I sent contain `-O1`, which in the Makefile in `test/fuzzing` is overridden by the `-O0`. And...