Open kak-0 opened 2 years ago
Interesting. Just curious -- were these sequences obtained from fuzzing?
Interesting. Just curious -- were these sequences obtained from fuzzing?
I just generated random key sequences and passed them to kak -f
. I'm not familiar with dedicated fuzzing tools, but they will probably be able to find more crashes.
Here is the script I used if you're curious, but running it may be unsafe as random inputs can cause unpredictable behavior.
A tool like afl++ is pretty smart; build your tool with the provided instrumenting compilers, then run your tool inside the fuzzer and it will track which specific branch instructions a given input causes, automatically dropping inputs that explore previously well-explored branches and leaping at inputs that trigger new control-flows. It also produces a directory full of input files that have caused crashes, making it easy to automate regression testing.
The downside is that it expects the tool to take the fuzzing input on stdin, and I don't think there's an easy way to hack up Kakoune's filter mode to work like that.
Version of Kakoune
v2021.11.08-41-g6029ee98 (debug=yes)
Reproducer
kak -f
crashes when given some random sequences of keys. For example:These key sequences (with the exception of the last one) crash
execute-keys
too, but they don't crash Kakoune when pressed interactively.Outcome
Kakoune crashes.
Expectations
No response
Additional information
Kakoune must be built with
debug=yes
to enable assertions.