-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fuzzing halts on expected errors #570
Comments
Hi, thx for reporting this!
Skipping findings, as you suggested, is still on the list of features to implement. It shouldn't be too hard to build this, though. The general idea is to hash a finding's stack trace and and print that as de-duplication token on exit. In subsequent runs it can be used to ignore findings resulting in the same token/hash. Do you want to give it a try? BTW: Nice blog post you wrote there on Jazzer.js 👍 |
Yes, the Jazzer js halts on expected error but you can control by your own code to ignore those, |
Good to know:
|
True, but Jazzer.js does not support this, at least for now. Actually, Jazzer.js uses a patched libFuzzer version where returning Happy to help you implement this feature 😄 |
Well, that's good to know. It also took me a while to find the documentation for the output, and I would have loved to pass I guess there are more differences, and a quick overview about those would be helpful to understand what is possible and what is not. PS: Even if I would have the time to look into it, I have no clue regarding C/C++ so I don't feel capable of diving into the code base to implement this. |
No worries, thx for bringing this up! I added it to our list of missing features. Ideally users would not need to know which or even if an external fuzzing engine is used internally. As libFuzzer has quite a few useful features not directly exposed by Jazzer.js it's possible to pass in fuzzer engine arguments directly. And you're definitely right that documentation is lacking in this regard. To enable fork mode and ignore crashes you could use something like this: In general libFuzzer parameters can be passed in after |
Ah, I was missing the |
When an expected error is received, the fuzzing halts. My expected behaviour is that the fuzzing will continue and ignore the error, unless it is actually not received at all.
Minimal example to reproduce this:
contents of
fuzz-expected-error-bug.js
:Jazzer 1.6.1 on OSX, node v18.17.1.
The text was updated successfully, but these errors were encountered: