Wrong crashes count?

[eranzim]

Hi!

I ran Jackalope, and the number of crashes I see on the screen doesn't seem to match the number of files in the crashes folder. For example, in my last run, it said Crashes: 24 (5 unique), but the crashes folder had 16 files, all marked flaky, and some of them identical to others (why does it output the same file several times?).

Is this correct behavior?

Thanks!

[ifratric]

Hi Eran, Jackalope stores (by default) 4 duplicates of every crash it considers unique, so for 5 unique crashes you can see between 5 and 20 files. You can distinguish the duplicates by having a different last digit in otherwise identical filename. Note that, if you restart or resume a fuzzing session you might see unexpected number of files in the output as currently the state of crashes isn't stored.

BTW a flaky crash means either that it wasn't possible to reproduce the crash within 10 (by default) retries or that it was impossible to reproduce the crash without instrumentation. Sometimes, flaky crashes can occur as a consequence of the target relying on C++ exceptions, for which unwinding data is missing by default. In that case, -generate_unwind flag should be used to generate this data for instrumented code.