| aizatsky | 9c8c5b0 | 2016-03-30 22:09:09 | [diff] [blame] | 1 | # libFuzzer Integration Reference |
| aizatsky | 88a677d | 2016-03-18 23:18:24 | [diff] [blame] | 2 | |
| Max Moroz | 9b37075 | 2018-03-20 22:05:32 | [diff] [blame] | 3 | ## Additional Sanitizer Configuration |
| Oliver Chang | d6ead47 | 2017-10-02 19:50:34 | [diff] [blame] | 4 | |
| 5 | ### MSan |
| 6 | |
| Jonathan Metzman | 15e88e7 | 2018-11-16 19:40:13 | [diff] [blame] | 7 | Memory Sanitizer (MSan) in Chromium only supports Ubuntu Precise/Trusty and not |
| 8 | Rodete. |
| 9 | Thus, our [reproduce tool] cannot reproduce bugs found using MSan. |
| 10 | You can try to reproduce them manually by using [these instructions] on how to |
| 11 | run MSan-instrumented code in docker. |
| Oliver Chang | d6ead47 | 2017-10-02 19:50:34 | [diff] [blame] | 12 | |
| 13 | ### UBSan |
| 14 | |
| Abhishek Arya | 9e4a72c | 2017-11-29 16:23:33 | [diff] [blame] | 15 | By default, UBSan does not crash when undefined behavior is detected. |
| 16 | To make it crash, the following option needs to be set in environment: |
| Oliver Chang | d6ead47 | 2017-10-02 19:50:34 | [diff] [blame] | 17 | ```bash |
| 18 | UBSAN_OPTIONS=halt_on_error=1 ./fuzzer <corpus_directory_or_single_testcase_path> |
| Oliver Chang | d6ead47 | 2017-10-02 19:50:34 | [diff] [blame] | 19 | ``` |
| Abhishek Arya | 9e4a72c | 2017-11-29 16:23:33 | [diff] [blame] | 20 | Other useful options are (also used by ClusterFuzz): |
| Oliver Chang | d6ead47 | 2017-10-02 19:50:34 | [
|
