Comments (5)
Thanks for the report. This might have been fixed by
from honggfuzz.
actually, that only solves the first part, but the extra warnings still trigger -Werror
from honggfuzz.
Hi, could you post the compilation log? Seems my ultra-fresh Ubuntu doesn't have gcc-7, only gcc-6
from honggfuzz.
We have gcc7 in openSUSE Tumbleweed. But even on other/older OSes you can do
osc checkout devel:tools/honggfuzz ; cd $_
osc build --alternative-project openSUSE:Factory standard
I currently dropped -Werror there via gcc7.patch so it will not fail on the warnings.
Here is an extract:
cc -c -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -g -D_GNU_SOURCE -Wall -Wframe-larger-than=131072 -std=c11 -I/usr/local/include -I/usr/include -Wextra -Wno-override-init -funroll-loops -D_FILE_OFFSET_BITS=64 -D_HF_ARCH_LINUX -o util.o util.c
fuzz.c: In function 'fuzz_threadNew':
fuzz.c:275:40: warning: '.verified' directive output may be truncated writing 9 bytes into a region of size between 1 and 4096 [-Wformat-truncation=]
snprintf(verFile, sizeof(verFile), "%s.verified", crashedFuzzer->crashFileName);
^~~~~~~~~~~~~
In file included from /usr/include/stdio.h:939:0,
from fuzz.c:36:
/usr/include/bits/stdio2.h:64:10: note: '__builtin___snprintf_chk' output between 10 and 4105 bytes into a destination of size 4096
return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
__bos (__s), __fmt, __va_arg_pack ());
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
from honggfuzz.
Hm... this fortify source check here "is not the best one" ;). Thanks for the report. The snprintf() here is used as expected IMO, I'll see whether fortify source can be silenced/disabled for this code.
from honggfuzz.
Related Issues (20)
- Build Error on Linux with libbfd-2.38 HOT 2
- Some fuzz targets instrumented with honggfuzz seem to crash sometimes HOT 24
- honggfuzz seems to pass files with no hard links HOT 5
- issue with building honggfuzz on debian 10.7 -- error related to bfd? HOT 1
- Fuzzing targets that trigger and handle signals like SIGILL as part of normal operations HOT 1
- honggfuzz does not support file as input? HOT 2
- Current git doesn't compile HOT 2
- Does not support Apple Silicon HOT 10
- Undefined symbols for architecture arm64: "_OBJC_CLASS_$_CrashReport" HOT 6
- arch_prepareParentAfterFork():204 Couldn't attach to p id=XXXX
- _HF_DISASM_4_ARGS not reliable HOT 2
- Compile error on WSL2 Ubuntu HOT 12
- ubuntu18和ubuntu22都无法编译honggfuzz HOT 2
- Linker-related error: error adding symbols: file format not recognized
- Hongfuzz returns error when executed through ssh HOT 1
- How to restart fuzz without losing progress? HOT 1
- strlcat and strlcpy break Samba configure HOT 3
- Unable to compile due to bfd.c HOT 1
- Build errors on 32-bit architectures [-Werror=format=] HOT 2
- Coverage never reaches 100% HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from honggfuzz.