| 10 Oct 2025 |
 fzakaria | maybe those are normal ?
I thought fuzzing is only looking for things that cause SIGSEGV | 00:22:39 |
| fzakaria | unless you set AFL_CRASH_EXITCODE='-1' | 00:23:23 |
| fzakaria | (or something) | 00:23:27 |
| fzakaria | (or special catching for MSAN/ASAN) | 00:24:12 |
| fzakaria |
Note that in nearly all cases you can never reach full coverage. A lot of functionality is usually dependent on exclusive options that would need individual fuzzing campaigns each with one of these options set. E.g., if you fuzz a library to convert image formats and your target is the png to tiff API, then you will not touch any of the other library APIs and features.
| 00:25:11 |
 lovesegfault | yeah. i've seen coverage go up to ~35% so maybe it's good? | 00:26:02 |
| lovesegfault | honggfuzz seemed to do better, maybe I should rescue that work | 00:26:17 |
| lovesegfault | I had another branch that used honggfuzz instead of afl++ | 00:26:30 |
| lovesegfault | the UI was much nicer | 00:26:34 |
| fzakaria | hmm | 01:40:55 |
| fzakaria | ¯\_(ツ)_/¯ don't know enough to comment on which is better | 01:41:04 |
| fzakaria | I see LLVM also has one included | 01:41:08 |
| lovesegfault | Another little bit of the curl-s3 work is up: https://github.com/NixOS/nix/pull/14206 | 14:56:17 |
 John Ericson | Sergei Zimmerman (xokdvium): would inline in a top-level function definition affect linking? | 16:38:40 |
| John Ericson | I am having some trouble with missing from_json and to_json deps | 16:39:00 |
| John Ericson | * I am having some trouble with missing from_json and to_json methods, from the macro nlohman provides | 16:39:11 |
| John Ericson | after moving things around | 16:39:13 |
