Skip to content

Commit

Permalink
Improve documentation to discourage non-zero returncodes (google#12955)
Browse files Browse the repository at this point in the history 
This PR adds a small documentation change to discourage the use of
non-zero return values.

Based on this issue google#11983,
Honggfuzz does not support other return values, while libFuzzer, in my
opinion unexpectedly, discards inputs for return values other than zero
which can cause creation of faulty harnesses. As a result I think it is
fair to discourage all uses of non-zero return values from
LLVMFuzzerTestOneInput.
  • Loading branch information
@phi-go
phi-go authored Jan 27, 2025
1 parent 1188a70 commit 7e8d53b
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions docs/advanced-topics/ideal_integration.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,13 +45,13 @@ This makes it easy to maintain the fuzzers and minimizes breakages that can
arise as source code changes over time.

Make sure to fuzz the target locally for a small period of time to ensure that
it does not crash, hang, or run out of memory instantly. If you're having
trouble, read about [what makes a good fuzz
it does not crash, hang, or run out of memory instantly. Also make sure that the fuzzer can
make at least some progress. If you're having trouble, read about [what makes a good fuzz
target](https://github.com/google/fuzzing/blob/master/docs/good-fuzz-target.md).

The interface between the [fuzz target](https://llvm.org/docs/LibFuzzer.html#fuzz-target)
and the fuzzing engines is C, so you can use either C or C++ to implement the
fuzz target.
fuzz target. Make sure to not return values other than **zero** [^1].

Examples:
[boringssl](https://github.com/google/boringssl/tree/master/fuzz),
Expand All @@ -64,6 +64,10 @@ Examples:
[pcre2](https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_fuzzsupport.c?view=markup),
[ffmpeg](https://github.com/FFmpeg/FFmpeg/blob/master/tools/target_dec_fuzzer.c).

[^1]: While LibFuzzer uses a non-zero value as a signal to discard inputs other fuzzers in
use by OSS-Fuzz do not necessarily support this behavior. (Discarding inputs can be used
to stop a fuzzer from exploring further, which should only be used with good reason.)

## Build support

Many different build systems exist in the open-source world. The less OSS-Fuzz
Expand Down

0 comments on commit 7e8d53b

Please sign in to comment.