Open jonathanmetzman opened 2 years ago
either there is an options file on what options to pass to a non-persistent target, or the readelf variant with old_main is being used. I think an options file would be less overall work? but up to the person who wants to implement that IMHO :)
note that you can also use honggfuzz with non-persistent targets, afl++ is not the only option.
note that you can also use honggfuzz with non-persistent targets, afl++ is not the only option.
I think we should go for this too then
If you (like me) find this googling for afl, OSS-fuzz and persistence; a workaround is through the env AFL_FUZZER_LOOPCOUNT=1
This will have numerous benefits, including:
To support this, we need to do the following:
Some thoughts on teaching ClusterFuzz to invoke non-afl_driver binaries properly: @AdamKorcz and @DavidKorczynski mentioned that we need to pass
@@
instead of this number to the binary. But I actually think it will be more complicated than this. Some of the binaries we fuzz will not simply read from the file named by @@ (e.g. it may need to be invoked like thisexample --file @@
, or read from stdin). We can handle this in two ways: 1. Force every binary to obey an API where they read from the file passed in the first argument. 2. Use .options files to allow users to specify how the binary should be invoked. I think 2 is the better option, it's much more user-friendly and will allow OSS-Fuzz to fuzz unmodified projects. It can also come in handy if users want to have "two" fuzz targets that are really the same binary but invoked in different ways.Some thoughts on coverage reports. I think this will complicate our lives quite a bit and it should definitely wait until there is serious demand for it.
CC @vanhauser-thc