handle libfuzzer fuzzing non-zero exits better (#381)

When running libfuzzer in 'fuzzing' mode, we expect the following on exit. If the exit code is zero, crashing input isn't required. This happens if the user specifies '-runs=N' If the exit code is non-zero, then crashes are expected. In practice, there are two causes to non-zero exits. 1. If the binary can't execute for some reason, like a missing prerequisite 2. If the binary _can_ execute, sometimes the sanitizers are put in such a bad place that they are unable to record the input that caused the crash. This PR enables handling these two non-zero exit cases. 1. Optionally verify the libfuzzer target loads appropriately using `target_exe -help=1`. This allows failing faster in the common issues, such a missing prerequisite library. 2. Optionally allow non-zero exits without crashes to be a warning, rather than a task failure.
2025-06-17 20:38:06 +00:00 · 2021-01-05 09:40:15 -05:00
parent 75d2ffd7f4
commit 37f06bb324
20 changed files with 240 additions and 21 deletions
--- a/src/cli/onefuzz/api.py
+++ b/src/cli/onefuzz/api.py
@ -777,6 +777,8 @@ class Tasks(Endpoint):
        check_asan_log: bool = False,
        check_debugger: bool = True,
        check_retry_count: Optional[int] = None,
+        check_fuzzer_help: Optional[bool] = None,
+        expect_crash_on_failure: Optional[bool] = None,
        debug: Optional[List[enums.TaskDebugFlag]] = None,
        duration: int = 24,
        ensemble_sync_delay: Optional[int] = None,
@ -851,6 +853,8 @@ class Tasks(Endpoint):
                check_asan_log=check_asan_log,
                check_debugger=check_debugger,
                check_retry_count=check_retry_count,
+                check_fuzzer_help=check_fuzzer_help,
+                expect_crash_on_failure=expect_crash_on_failure,
                duration=duration,
                ensemble_sync_delay=ensemble_sync_delay,
                generator_exe=generator_exe,