libFuzzer no longer behaves as expected on re2 benchmark
morehouse opened this issue · 6 comments
The line below is never output:
INFO: found line matching 're2/dfa.cc:474'
Also, my last run encountered the OOM below before it ever found the heap buffer overflow.
==170102== ERROR: libFuzzer: out-of-memory (used: 2049Mb; limit: 2048Mb)
To change the out-of-memory limit use -rss_limit_mb=<N>
Live Heap Allocations: 26732490 bytes in 16269 chunks; quarantined: 254950065 bytes in 10775 chunks; 7819808 other chunks; total chunks: 7846852; showing top 95% (at most 8 unique contexts)
16777432 byte(s) (62%) in 1 allocation(s)
#0 0x4eb062 in operator new(unsigned long) /usr/local/google/home/mascasa/code/llvm/llvm-project/compiler-rt/lib/asan/asan_new_delete.cc:92:3
#1 0x59071d in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /usr/local/google/home/mascasa/code/fts/re2/../Fuzzer/FuzzerDriver.cpp:622:18
#2 0x58bd90 in main /usr/local/google/home/mascasa/code/fts/re2/../Fuzzer/FuzzerMain.cpp:20:10
#3 0x7f1954107f44 in __libc_start_main /build/eglibc-SvCtMH/eglibc-2.19/csu/libc-start.c:287
How do you build?
The libFuzzer bot is green, and it runs this benchmark:
http://lab.llvm.org:8011/builders/sanitizer-x86_64-linux-fuzzer/builds/8928
Hmm... Running ~/code/fts/fts/build-and-test.sh re2-2014-12-09 causes the behavior described above. But running FUZZING_ENGINE=fsanitize_fuzzer ~/code/fts/fts/build-and-test.sh re2-2014-12-09 (as the bot does) causes the INFO line to be printed out.
Yes, that's expected. I intentionally broke print_pcs with the old coverage flags.
It now requires -fsanitize-coverage=...,pc-table
Got it. I guess it's time switch the default fuzzing engine here then.
You can't switch the default yet, because the tutorial still uses an older clang which doesn't have pc-table
We'll need to switch to a newer clang first, and I was waiting to see if we can use a standard llvm release for that. Not sure how long we'll have to wait though