A small but substantial minority of libFuzzer-based fuzzers run code that does not play well with fork in global constructors or LLVMFuzzerInitialize.
This patch allows these fuzzers to use afl_driver by allowing them to opt-out of using AFL's deferred forkserver which deferres calling fork until after this code.
Details
Diff Detail
- Repository
- rCRT Compiler Runtime
- Build Status
Buildable 17159 Build 17159: arc lint + arc unit
Event Timeline
I don't think so. What makes you think this?
My understanding is that every time AFL tries a new input, lines 350-376 are executed, nothing here is really changed by this commit.
Oh, I see. It still looks like the process is only forked every 1000 inputs by default. So LLVMFuzzerInitialize will only run every 1000 inputs, or less if a higher N is specified on the command line.
This patch seems reasonable to me, but let Kostya comment on it.
If the Chromium fuzzers are currently using the default N, you may want to bump it up so you're not calling LLVMFuzzerInitialize multiple times a second.
Right (unless the process is restarted because it OOMs or times out).
This patch seems reasonable to me, but let Kostya comment on it.
If the Chromium fuzzers are currently using the default N, you may want to bump it up so you're not calling LLVMFuzzerInitialize multiple times a second.
This makes sense. But I don't think it is necessary since, as you said N can be specified on the command line (we do this on ClusterFuzz so it isn't useful for me personally).