Some fuzzer workarounds
Evgeny Vereshchagin
evvers@ya.ru
Wed Mar 23 01:15:42 GMT 2022
Hi Mark,
>> I can also prevent OSS-Fuzz from reporting new bugs found by MSan
>> by setting the experimental flag
>>
>> From https://google.github.io/oss-fuzz/getting-started/new-project-guide/#sanitizers
>>> If you want to test a particular sanitizer to see what crashes it generates
>>> without filing them in the issue tracker, you can set an experimental flag
>>
>> It should help to figure out whether it makes sense to keep it without spamming the mailing list
>> in the process. What do you think?
>
> I think that is a good idea. I really believe all the issues reported
> by MSAN are bogus.
They are but all those issues should be gone once https://github.com/google/oss-fuzz/pull/7422 and
https://github.com/google/oss-fuzz/pull/7401 are merged. I ran the fuzzers with
those patches applied for a few hours and MSan didn't complain. I'll flip the
flag there a bit later today anyway and maybe bring it back in a month or so if it isn't noisy.
>
> While the UBSAN and ASAN issues seem reasonable. At least I have a fix
> for the last one (45952 Misaligned-address in elf_cvt_gnuhash):
> https://sourceware.org/pipermail/elfutils-devel/2022q1/004782.html
> https://code.wildebeest.org/git/user/mjw/elfutils/commit/?h=fuzz
I rebased it on top my "fuzzing" branch and the fuzzers, static analyzers, the unit tests
on various architectures and so on confirmed that the issue is gone. Thanks!
Thanks,
Evgeny Vereshchagin
More information about the Elfutils-devel
mailing list