Check sigint when a worker catches an error (!12) · Merge requests · GitLab.org / security-products / analyzers / fuzzers / Jsfuzz

The source project of this merge request has been removed.

Eric Cornelissen requested to merge (removed):check-sigint-before-crash into master Sep 04, 2021

Add a check for the sigint flag when a fuzz worker detects a crash. This fixes a bug where killing Jsfuzz during the execution of the fuzz function can cause an error as well, generating an invalid crash. This bug is particularly likely to happen if you're fuzzing a slow & blocking function.

With this change, if the sigint flag is set the worker will close gracefully. If the sigint flag is not set the worker will behave the same as before.

It should be noted that this may be considered as adding another bug. Namely, the following is now a theoretical possibility:

Alice is fuzzing with Jsfuzz.
A (legitimate) crash happens.
Alice kills the fuzzer (using Ctrl+C).
Jsfuzz reports no crash.

This scenario is strictly less likely than the existing bug. Still, I wanted to point it out as some may consider it a trade-off that's not worth it. If there are any suggestions to prevent or further reduce the chances of this new bug, I'd be more than happy to add it here.

Check sigint when a worker catches an error

Merge request reports