| Index: testing/libfuzzer/getting_started.md
|
| diff --git a/testing/libfuzzer/getting_started.md b/testing/libfuzzer/getting_started.md
|
| index 4ddbb2c5ac7d1de49b4258a1f3f29841e95f96af..0dc5b5221828785c7f1175e205cca23b9b7f3444 100644
|
| --- a/testing/libfuzzer/getting_started.md
|
| +++ b/testing/libfuzzer/getting_started.md
|
| @@ -25,7 +25,7 @@ Supported sanitizer configurations are:
|
| |--------------|----|
|
| | is_asan=true | enables [Address Sanitizer] to catch problems like buffer overruns. |
|
| | is_msan=true | enables [Memory Sanitizer] to catch problems like uninitialed reads. |
|
| -| is_ubsan_security=true | enables [Undefined Behavior Sanitizer] to catch undefined behavior like integer overflow. |
|
| +| is_ubsan_security=true | enables [Undefined Behavior Sanitizer] to catch<sup>\[[1](#Notes)\]</sup> undefined behavior like integer overflow. |
|
|
|
|
|
| ## Write Fuzzer Function
|
| @@ -101,6 +101,20 @@ a day or two.
|
| performance and for optimization hints.
|
|
|
|
|
| +## Notes
|
| +[1] By default UBSan doesn't crash once undefined behavior has been detected.
|
| +To make it crash the following additional option should be provided:
|
| +
|
| +```bash
|
| +UBSAN_OPTIONS=halt_on_error=1 ./fuzzer <corpus_directory_or_single_testcase_path>
|
| +```
|
| +
|
| +Other useful options (used by ClusterFuzz) are:
|
| +```bash
|
| +UBSAN_OPTIONS=symbolize=1:halt_on_error=1:print_stacktrace=1 ./fuzzer <corpus_directory_or_single_testcase_path>
|
| +```
|
| +
|
| +
|
| [Address Sanitizer]: http://clang.llvm.org/docs/AddressSanitizer.html
|
| [Memory Sanitizer]: http://clang.llvm.org/docs/MemorySanitizer.html
|
| [Undefined Behavior Sanitizer]: http://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
|
|
|
Chromium Code Reviews
Issue 1896123002:
[libfuzzer] Update documentation on UBSan options and Upload Corpus section. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master