[Fuzzer] Testcase "fuzzilli('FUZZILLI_CRASH', {0 | 1 | 2})" did not crash

googleprojectzero / fuzzilli

A JavaScript Engine Fuzzer

Apache License 2.0

1.86k stars 300 forks source link

[Fuzzer] Testcase "fuzzilli('FUZZILLI_CRASH', {0 | 1 | 2})" did not crash #391

Open extf33 opened 1 year ago

extf33 commented 1 year ago

Fuzzilli: 8eec7a7 V8: 92a918e10bd36c1045b2f750b56fdab4b4148ae4

I've got

[Fuzzer] Testcase "fuzzilli('FUZZILLI_CRASH', 0)" did not crash

[Fuzzer] Testcase "fuzzilli('FUZZILLI_CRASH', 1)" did not crash

[Fuzzer] Testcase "fuzzilli('FUZZILLI_CRASH', 2)" did not crash

in release, debug build.

saelo commented 1 year ago

Hi! Did you compile V8 like this?

extf33 commented 1 year ago

Yes, I did.

saelo commented 1 year ago

Have you verified that e.g. fuzzilli('FUZZILLI_CRASH', 1) actually crashes in that d8 binary? You could also try running that d8 binary with the REPRLRun utility: swift run REPRLRun path/to/d8 and check if the crashes are detected there.