cmd/go: fuzz crash minimizer should try deleting, rewriting input bytes #48129
Labels
FrozenDueToAge
fuzz
Issues related to native fuzzing support
NeedsFix
The path to resolution is known, but the work has not been done.
Milestone
The fuzzer found a crash in a package I'm working on:
I can manually minimize this input further by just doing a trial deletion of each byte, keeping each deletion only if it preserves the crash (not the exact panic message, because slice bounds are changing while remaining invalid, but the fact of a crash). This reduces the input to:
Then I can change each input byte to an A, one at a time, keeping the crashes. This simplifies to:
which appears to be the simplest possible (and more readable) form of this crasher.
What I did, the crash minimizer should be able to do. It will result in more ASCII-only crashes. I would suggest for the input byte rewriting to have a priority list
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 !"#$%&'()*+,-./:;<=>?@[\]^_`{|}~
trying letters, digit, space, and finally punctuation for each byte, stopping at the first one that preserves the crash. The letters could be thinned out and the punctuation elided if this is too much. EvenABCXYZabcxyz012789
would be fine./cc @jayconrod @katiehockman
The text was updated successfully, but these errors were encountered: