You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is decent documentation to reproduce a failure -- https://google.github.io/oss-fuzz/advanced-topics/reproducing/
However, it's not clear how to attach a debugger to understand what's happening. I ask in the context of Java/JVM. The use of "jazzer_driver" which in turn invokes the JVM (vs simply calling "java") makes it unclear how to specify Java debugging parameters such as -agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005. One suggestion that could help would be if this driver specified the arguments it passes to java and outputs them so that I can manually do so. This technique is already done by other scripts like helper.py to show how Docker is invoked (immediately before running it) thus letting me invoke Docker myself with different arguments.
Additionally, it's unclear why there is all this instrumentation happening in a scenario where we are reproducing for a provided failing input. From my understanding, fuzzing helps explore how to generate different input, but here we already know the input. It's possible it will interfere with trying to attach a debugger.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
There is decent documentation to reproduce a failure -- https://google.github.io/oss-fuzz/advanced-topics/reproducing/
However, it's not clear how to attach a debugger to understand what's happening. I ask in the context of Java/JVM. The use of "jazzer_driver" which in turn invokes the JVM (vs simply calling "java") makes it unclear how to specify Java debugging parameters such as
-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=*:5005. One suggestion that could help would be if this driver specified the arguments it passes to java and outputs them so that I can manually do so. This technique is already done by other scripts like helper.py to show how Docker is invoked (immediately before running it) thus letting me invoke Docker myself with different arguments.Additionally, it's unclear why there is all this instrumentation happening in a scenario where we are reproducing for a provided failing input. From my understanding, fuzzing helps explore how to generate different input, but here we already know the input. It's possible it will interfere with trying to attach a debugger.
Beta Was this translation helpful? Give feedback.
All reactions