Some LibreOffice Fuzzers Can't Use AFL's Deferred Forkserver #1449
Description
If you look at the logs on Google Cloud Storage for the AFL runs of the following fuzz targets:
cgmfuzzer
docxfuzzer
fodpfuzzer
fodsfuzzer
metfuzzer
qpwfuzzer
rtffuzzer
slkfuzzer
ww2fuzzer
xlsxfuzzer
pptxfuzzer
diffuzzer
fodtfuzzer
mmlfuzzer
scrtffuzzer
xlsfuzzer
You will see that they all timeout on every test case in the corpus.
This can be fixed, allowing AFL to look for crashes in these targets, by adding:
[env]
AFL_DRIVER_DONT_DEFER=1
To the .options files of each of these fuzzers.
Could you please do this @caolanm? (CCing @stbergmann and @DamjanJovanovic)
This change will not affect the libFuzzer targets.
I don't know why this happens in LibreOffice but I've seen it happen elsewhere when targets create threads before LLVMFuzzerTestOneInput is called.
AFL_DRIVER_DONT_DEFER causes the process to fork before the problem code is executed (as opposed to normally when forking is "deferred" until afterwards).
Please let me know if you have any questions (the env var is new and isn't documented)