search

trailofbits / testing-handbook

Trail of Bits Testing Handbook
https://appsec.guide/
Creative Commons Attribution 4.0 International
36 stars 4 forks source link

Reject unwanted inputs in "Writing harnesses" example #22

Open mschwager opened 4 months ago

mschwager commented 4 months ago

We could improve the C/C++ example provided here.

We could turn the following code:

    // Ensure exactly 2 4-byte numbers (numerator and denominator) are read
    if(size != 2 * sizeof(uint32_t)){
        return 0;
    }

To something like:

    // Ensure exactly 2 4-byte numbers (numerator and denominator) are read
    if(size != 2 * sizeof(uint32_t)){
        return -1;  // Reject; The input will not be added to the corpus.
    }

As documented here. This makes the fuzzing harness more efficient, and documents the "reject input" feature of libFuzzer. We should then explain the return -1; and drop a link to the libFuzzer docs in the following paragraph.

maxammann commented 2 months ago

sounds good, however we should note that AFL++ ignore the return value