[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v2] fuzz/x86_emulate: fix bounds for input size

Hey George,

On 02/27/2018 11:39 AM, George Dunlap wrote:
Thanks for the patch. Looking a bit more at the code over the weekend,
I figured out what that BUILD_BUG_ON() is for -- in afl_harness.c, we
statically allocate a buffer of size INPUT_SIZE to hold the fuzz data.
The BUILD_BUG_ON() is to make sure that this buffer is always big enough
to hold the minimum input size.  And increasing the size accepted by
LLVMFuzzerTestOneInput() won't have any effect for anybody using
afl-harness, as the size passed in will never be larger than INPUT_SIZE.

Thanks for replying me ! Actually, I understood what this BUILD_BUG_ON() was for and I totally agree with you 🙂

Anyway, I am pretty sure that this check is not needed anymore for the new changes I made, as the condition is never reachable anymore.

Are you running afl-harness, or are you using fuzz-emul directly some
other way (e.g., through Google's fuzzing service)?

I am actually not using it, but I discovered this tool some time before, and I am now trying to port the idea on an other emulator project.. 🙂 Anyway, I made much changes on my own version, and if it still does interest you, I can share those changes with you once I'm done with my thing !


Xen-devel mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.