Closed Bug 1919833 Opened 1 year ago Closed 1 year ago

Remove AFL_INIT call in fuzzing interface

Categories

(Core :: Fuzzing, defect, P1)

Product:
Core
Component:
Fuzzing
Platform:
All
Linux
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
133 Branch
Tracking Flags:
Tracking Status
firefox132 --- wontfix
firefox133 --- fixed

People

(Reporter: decoder, Assigned: decoder)

Details

Attachments

(1 file)

Bug 1919833 - Remove AFL_INIT call from fuzzing interface. r?truber
48 bytes, text/x-phabricator-request
Details | Review

We currently have an AFL_INIT() call in the AFL part of the fuzzing interface here:

https://searchfox.org/mozilla-central/source/tools/fuzzing/interface/FuzzingInterface.cpp#36

That likely got added in the latest AFL++ refactorings, but it's actually harmful: At that point, we can already have threads running (e.g. when running via JSRT) and this call basically tells AFL++ to defer fork server initialization until that point in time. The result is a fork with threads running, causing random hangs.

Pushed by jdschwa@gmail.com: https://hg.mozilla.org/integration/autoland/rev/988e8b78a2c4 Remove AFL_INIT call from fuzzing interface. r=truber

https://hg.mozilla.org/mozilla-central/rev/988e8b78a2c4

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
status-firefox133: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 133 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: