|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] fuzz/x86_emulate: fix bounds for input size
On 02/23/2018 10:48 PM, Paul Semel wrote: > The maximum size for the input size was set to INPUT_SIZE, which is actually > the size of the data array inside the fuzz_corpus structure and so was not > abling user (or AFL) to fill in the whole structure. Changing to > sizeof(struct fuzz_corpus) correct this problem. > > Signed-off-by: Paul Semel <semelpaul@xxxxxxxxx> Hey Paul, Thanks for the patch. Looking a bit more at the code over the weekend, I figured out what that BUILD_BUG_ON() is for -- in afl_harness.c, we statically allocate a buffer of size INPUT_SIZE to hold the fuzz data. The BUILD_BUG_ON() is to make sure that this buffer is always big enough to hold the minimum input size. And increasing the size accepted by LLVMFuzzerTestOneInput() won't have any effect for anybody using afl-harness, as the size passed in will never be larger than INPUT_SIZE. Are you running afl-harness, or are you using fuzz-emul directly some other way (e.g., through Google's fuzzing service)? -George _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |