search for: fuzztarget

...ild the library with fuzzer-no-link,address flags. I *don't* compile the fuzz_target (the file containing the LLVMFuzzerTestOneInput function) with the library. Then I build the fuzz target and link it with the library. *clang++ -g -O1 -fsanitize=fuzzer,address -Iinclude -Ibuild/include ..... fuzztarget.c -Lbuild/lib -llib1 -llib2* and then finally *./a.out -detect_leaks=0 corpus/* I appreciate your help with this. On Tue, Nov 12, 2019 at 11:38 AM Mitch Phillips <mitchp at google.com> wrote: > Hi Shikhar, > > You don't need to build the library with `-fsanitize-coverage=...`,...

...cific function in the library. The fuzz target is then linked to the library and compiles clean and I do see some tests generated by the fuzzer. However, I have some questions regarding the "right" way to go about doing this. I have doubts that the fuzzer taking coverage feedback from the fuzztarget and not the library functions (not sure though). Suppose the function in the library being tested is called - *apifunc()*. The libfuzzer log has a line which says - *apifunc() resp=0x7ff38f83ac20 uninitialized, fixing it*. I am not sure what this means. Also, I can see that the apifunc is called an...