It's very rare that such little context is required; requires functions that only examine their arguments, and those arguments are primitive/simple types. I sometimes use similar tricks, but very rarely is it simple enough that generating a harness could be automated (imho)!
Not always, for example, strlen can crash if the input isn't nul terminated. That's not a bug, you're expected to ensure the parameter is well-formed. In general, a tool has to prove the input can come from untrusted sources to be useful.
-
-
These definitions constraints can be enforced in the libFuzzer 'wrapper'. "attacker reachable inputs" ⊂ "inputs respecting definition" ⊂ "all possible inputs"
-
Crashes caused by input in the 3rd set but not in the 2nd set are not interesting. I think Felix was talking about inputs in the 2nd set but not in the 1st one.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.