The fuzzer doesn't sign transactions, so if it tries to validate one with signature checking enabled, it gets txBAD_AUTH. Once or twice I've run stellar-core fuzz and gotten a crash because of a failed setup operation, and have thought to myself, "uh oh, what did I break?" for a couple minutes before realizing that I'd built that stellar-core without --enable-afl!
Should we remove the stellar-core fuzz command when stellar-core is built without --enable-afl, or maybe keep it in but make it return an error saying "This stellar-core was built without fuzzing enabled"?
yes that's a good idea: if afl is not enabled we should not register the commands fuzz and genfuzz. We should keep compiling as much code as possible though as to avoid code rot.
The fuzzer doesn't sign transactions, so if it tries to validate one with signature checking enabled, it gets
txBAD_AUTH
. Once or twice I've runstellar-core fuzz
and gotten a crash because of a failed setup operation, and have thought to myself, "uh oh, what did I break?" for a couple minutes before realizing that I'd built thatstellar-core
without--enable-afl
!Should we remove the
stellar-core fuzz
command whenstellar-core
is built without--enable-afl
, or maybe keep it in but make it return an error saying "This stellar-core was built without fuzzing enabled"?