Some fuzzer workarounds
Mark Wielaard
mark@klomp.org
Wed Mar 23 09:21:50 GMT 2022
Hi Evgeny,
On Wed, Mar 23, 2022 at 04:15:42AM +0300, Evgeny Vereshchagin wrote:
> > I think that is a good idea. I really believe all the issues reported
> > by MSAN are bogus.
>
> They are but all those issues should be gone once
> https://github.com/google/oss-fuzz/pull/7422 and
> https://github.com/google/oss-fuzz/pull/7401 are merged. I ran the
> fuzzers with those patches applied for a few hours and MSan didn't
> complain. I'll flip the flag there a bit later today anyway and
> maybe bring it back in a month or so if it isn't noisy.
That makes sense. You do indeed have to "rebuild the world" for MSAN
to work. I am slightly surprised it doesn't work with
-D_FORTIFY_SOURCE (which we indeed try to enable by default).
> > While the UBSAN and ASAN issues seem reasonable. At least I have a fix
> > for the last one (45952 Misaligned-address in elf_cvt_gnuhash):
> > https://sourceware.org/pipermail/elfutils-devel/2022q1/004782.html
> > https://code.wildebeest.org/git/user/mjw/elfutils/commit/?h=fuzz
>
> I rebased it on top my "fuzzing" branch and the fuzzers, static analyzers, the unit tests
> on various architectures and so on confirmed that the issue is gone. Thanks!
Thanks for testing. Pushed.
Cheers,
Mark
More information about the Elfutils-devel
mailing list