|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH v2] fuzz/x86_emulate: fix bounds for input size
Hey George, On 02/27/2018 11:39 AM, George Dunlap wrote: Thanks for the patch. Looking a bit more at the code over the weekend, I figured out what that BUILD_BUG_ON() is for -- in afl_harness.c, we statically allocate a buffer of size INPUT_SIZE to hold the fuzz data. The BUILD_BUG_ON() is to make sure that this buffer is always big enough to hold the minimum input size. And increasing the size accepted by LLVMFuzzerTestOneInput() won't have any effect for anybody using afl-harness, as the size passed in will never be larger than INPUT_SIZE. Thanks for replying me ! Actually, I understood what this BUILD_BUG_ON() was for and I totally agree with you 🙂 Anyway, I am pretty sure that this check is not needed anymore for the new changes I made, as the condition is never reachable anymore. Are you running afl-harness, or are you using fuzz-emul directly some other way (e.g., through Google's fuzzing service)? I am actually not using it, but I discovered this tool some time before, and I am now trying to port the idea on an other emulator project.. 🙂 Anyway, I made much changes on my own version, and if it still does interest you, I can share those changes with you once I'm done with my thing ! -George -- Paul _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |