Page MenuHomePhabricator

Manishearth (Manish Goregaokar)
User

Projects

User does not belong to any projects.

User Details

User Since
Jun 12 2016, 2:10 AM (267 w, 4 d)

Recent Activity

Dec 11 2019

Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

Can't you also generate LLVMFuzzerTestOneInput so that it calls LLVMFuzzerCustomOutput when e.g.

LPM_DUMP_NATIVE_INPUT=1 ./binary <crash_input>

is called?

Dec 11 2019, 7:40 AM · Restricted Project, Restricted Project

Dec 9 2019

Manishearth added a comment to D70738: [libFuzzer] Add custom output function.
  1. if a crash happens, execute LPM_DUMP_NATIVE_INPUT=1 ./binary <crash_input> to get the input fancy printed
Dec 9 2019, 4:52 PM · Restricted Project, Restricted Project
Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

Sorry, I wasn't clear. I mean if you write fuzz targets with the getenv() based solution I proposed, cargo fuzz can be extended so that it will execute the crashing input with the necessary env variable set. That way we achieve the following:

Dec 9 2019, 8:15 AM · Restricted Project, Restricted Project

Dec 6 2019

Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

If you're running fuzz targets manually, then it makes sense -- you need to type one command less to print the crash input. Although it seems like cargo fuzz can do that for you as well, so it will be still a single command.

Dec 6 2019, 3:57 PM · Restricted Project, Restricted Project
Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

Oh, why do you need to print it every time fuzz target hits a crash? It should be an option controlled during runtime, so that users or an automated infrastructure can easily turn it on when reproducing an individual crash.

Dec 6 2019, 3:11 PM · Restricted Project, Restricted Project
Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

Also, to be clear, since we build libFuzzer ourselves, this patch doesn't _have_ to be upstreamed for us to be able to use it, but we'd prefer to not have to fork libFuzzer, and I strongly feel that there will be other people for whom this patch will be useful.

Dec 6 2019, 2:26 PM · Restricted Project, Restricted Project
Manishearth added a comment to D70738: [libFuzzer] Add custom output function.
Dec 6 2019, 2:25 PM · Restricted Project, Restricted Project
Manishearth added a comment to D70738: [libFuzzer] Add custom output function.
In D70738#1773461, @kcc wrote:

BTW, may I ask you to provide some details of your Rust fuzz target examples?
(like the code of the fuzz target and the output with your patch)

Dec 6 2019, 2:25 PM · Restricted Project, Restricted Project
Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

You can consider just to link needed code into small binary which will printout serialized inputs from the drive. And call that e.g. in the following way:

Dec 6 2019, 1:20 PM · Restricted Project, Restricted Project

Dec 5 2019

Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

Looking more closely at the libfuzzer+protobuf stuff, what we're doing is quite similar to the protobuf thing, except we're not using protobufs since Rust lets you do custom derives which allow us to directly create a bits-to-structured data function.

Dec 5 2019, 10:52 PM · Restricted Project, Restricted Project
Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

I can totally see how this is helpful in some cases when running libFuzzer manually, but it can also be very annoying when the reproducer is large.
In any kind of automated scenario, it should be easy to add a separate binary that prints the inputs in human readable form.

Dec 5 2019, 10:43 PM · Restricted Project, Restricted Project

Nov 26 2019

Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

I don't see how this is a corner case: anything fuzzing with structured data by parsing the bytestring into something more structured will benefit from this. cargo-fuzz is used by a lot of Rust programs and some of them use the automatic structured data stuff, so they'd all benefit. I wish C++ codebases had something like this so that it would be easier to write good fuzz testcases, but as of now they don't and you have to convert bytestrings into input by hand. Still, such tests could still make use of a custom output formatter.

Nov 26 2019, 6:43 PM · Restricted Project, Restricted Project
Manishearth added a comment to D70738: [libFuzzer] Add custom output function.

We're hoping to use this in cargo-fuzz: https://github.com/rust-fuzz/libfuzzer-sys/pull/48

Nov 26 2019, 11:56 AM · Restricted Project, Restricted Project
Manishearth created D70738: [libFuzzer] Add custom output function.
Nov 26 2019, 11:54 AM · Restricted Project, Restricted Project