[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH 05/10] tools/insn-fuzz: Fix a stability bug in afl-clang-fast mode
>>> On 27.03.17 at 11:56, <andrew.cooper3@xxxxxxxxxx> wrote: > The fuzzing harness conditionally disables hooks to test error paths in the > emulator. However, fuzz_emulops is a static structure. > > c/s 69f4633 "tools/insn-fuzz: Support AFL's afl-clang-fast mode" introduced > persistent mode, but because fuzz_emulops is static, the clobbering of hooks > accumulates over repeated input, meaning that previous corpora influence the > execution over the current corpus. > > Move the partially clobbered struct x86_emulate_ops into struct fuzz_state, > which is re-initialised from full on each call to LLVMFuzzerTestOneInput() > > Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx> _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |