Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Detect and distinguish dual-use libfuzzer args for fuzzing #1437

Closed
ranweiler opened this issue Nov 5, 2021 · 1 comment · Fixed by #1610
Closed

Detect and distinguish dual-use libfuzzer args for fuzzing #1437

ranweiler opened this issue Nov 5, 2021 · 1 comment · Fixed by #1610
Assignees
Labels
enhancement New feature or request

Comments

@ranweiler
Copy link
Member

When creating libfuzzer jobs, users may add -runs=N to target_options to try to handle situations like target code that leaks memory. This is fine and expected, and handled by the libfuzzer_fuzz task.

However, when a libFuzzer is invoked in test case repro mode, the -runs=N option says "test the given input(s) N times each". This is definitely not what we want in analysis tasks like coverage, libfuzzer_crash_report, &c.

Revisit our task arguments, and fix this end-user facing API. Make it easy (at the job template level) to clearly distinguish between libFuzzer args meant for fuzzing only, test case repro, or both. This is more easily avoided outside of templates, where tasks must be created individually.

@ranweiler ranweiler added the enhancement New feature or request label Nov 5, 2021
@ghost ghost added the Needs: triage label Nov 5, 2021
@ranweiler
Copy link
Member Author

@ghost ghost locked as resolved and limited conversation to collaborators Feb 26, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants