fix: gate generate_minibsod behind LIBAFL_MINIBSOD env var#3826
Open
kx7m2qd wants to merge 3 commits into
Open
fix: gate generate_minibsod behind LIBAFL_MINIBSOD env var#3826kx7m2qd wants to merge 3 commits into
kx7m2qd wants to merge 3 commits into
Conversation
Calling generate_minibsod() unconditionally in inproc_crash_handler produces megabytes of output (backtrace, registers, memory maps) that doesn't appear in standard libFuzzer. This is especially noisy in libafl_libfuzzer_runtime compatibility mode where ASan already provides the relevant stack trace. Gate the minibsod output behind the LIBAFL_MINIBSOD environment variable so it is opt-in. Users who want the full diagnostic output can set LIBAFL_MINIBSOD=1. Fixes AFLplusplus#3792
Member
|
So I think the env shouldn't be part of LibAFL, that's against the "Lib" part, right? IMHO it should be a simple variable that we set when creating the executor (builder/..) and then the libfuzzer shim just sets this to false, other fuzzers can chose what they want (or read an env). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
generate_minibsod()was being called unconditionally ininproc_crash_handler, producing megabytes of output (Rust backtrace, register dump,/proc/self/maps) on every target crash. This output doesn't appear in standard libFuzzer and is particularly noisy inlibafl_libfuzzer_runtimecompatibility mode, where ASan already provides the relevant stack trace. The Rust backtrace is especially problematic sinceBacktrace::force_capture()ignoresRUST_BACKTRACE=0, giving users no way to suppress it.This PR gates the
generate_minibsod()calls inunix.rsandinprocess.rsbehind theLIBAFL_MINIBSODenvironment variable, making the full diagnostic output opt-in:LIBAFL_MINIBSOD=1: full minibsod output (registers, backtrace, memory maps) for debugging fuzzer internalsThe crash handler in
libafl_qemu/src/executor.rswas intentionally left ungated — that path fires when the fuzzer itself crashes (not the target), where the diagnostic info is genuinely useful.Fixes #3792
Checklist
./scripts/precommit.shand addressed all comments