Why is g_previous_input necessary in MySQL/AFL/afl-fuzz.c

[findo]

I compare PostgreSQL/AFL/afl-fuzz.c and MySQL/AFL/afl-fuzz.c. I found the global variable g_previous_input only appears in MySQL/AFL/afl-fuzz.c.

if (fault == FAULT_CRASH)
  {
    //cout << "NIU BI!" << endl;
    //cout << "\n\n\n";
    for (auto i : g_previous_input)
    {
      write(crash_fd, i, strlen(i));
      write(crash_fd, "\n\n", 2);
    }
    write(crash_fd, "-------------\n\n", strlen("-------------\n\n"));
    //cout << "Previous input might crash the server: " << i << endl;
    //exit(0);
  }

Why PostgreSQL doesn't need that ?

[zr950624]

MySQL performs much multithread, so the crash reproduce is unstable. For this reason, we record 10 input test cases for MySQL to help reproduce the real crash test case. Luckily, most bugs can be triggered without using multithread, so the last input(cur_input) will be the crash test case.

[findo]

if (!conn)
    {
      string previous_inputs = "";
      for (auto i : g_previous_input)
        previous_inputs += string(i) + "\n\n";
      previous_inputs += "-------------\n\n";
      write(crash_fd, previous_inputs.c_str(), previous_inputs.size());
    }

Does those code really work since crash_fd always -1 ?

[zr950624]

crash_fd = open(fn3, O_RDWR | O_CREAT | O_EXCL, 0600);

I don't get why crash_fd is always -1?

[findo]

I see... crash_fd opens {output}/.crashes file.. However, is {output}/.crashes file ever used ? {output}/crashes is the final folder storing all crashes I think.