Feature requestion: specify target for casr-afl
Closed this issue · 5 comments
Hi guys,
little feature request by me that would help me in my projects:
a parameter to casr-afl that allows me to override the target being executed instead the one being gathered from fuzzer_setup.
thank you if you have time for that :)
I try to propose a simple solution. The usage of casr-afl is looked like this:
Usage: casr-afl [OPTIONS] --input <INPUT_DIR> --output <OUTPUT_DIR> [-- <ARGS>...]
Arguments:
[ARGS]... Add "-- ./gdb_fuzz_target <arguments>" to generate additional crash reports
with casr-gdb (e.g., test whether program crashes without sanitizers)
ARGS are optional for casr-gdb run. What if we use have --ignore-cmdline option to ignore cmdline file? We could use ARGS to run casr-san as the main analyzer then. I think it's easy to implement and use. What do you think, @vanhauser-thc @SweetVishnya ?
This is like @SweetVishnya already proposed, but more detailed:).
@anfedotoff, I agree!
The reason for the feature request: I might have a fuzzing harness, but the verifier (that uses asan, ubsan, etc.) might not be the one used for that specific fuzzer. casr-afl is beautifully easy to use, for specific cases like I described it lacks options though.
but maybe I overcomplicate things and it is easier to use casr-gdb / casr-asan instead :-)
The reason for the feature request: I might have a fuzzing harness, but the verifier (that uses asan, ubsan, etc.) might not be the one used for that specific fuzzer. casr-afl is beautifully easy to use, for specific cases like I described it lacks options though.
but maybe I overcomplicate things and it is easier to use casr-gdb / casr-asan instead :-)
It would be nice to support this feature in cars-afl! It will be more convenient than using casr-san, casr-gdb, casr-cluster directly. Will schedule it right after #128:).