Currently libdiffuzz switches to non-deterministic mode after reading an environment variable from a function called from link-time "constructors" section:
|
#[cfg_attr(any(target_os = "macos", target_os = "ios"), link_section = "__DATA,__mod_init_func")] |
|
#[cfg_attr(not(any(target_os = "macos", target_os = "ios")), link_section = ".ctors")] |
|
pub static CONSTRUCTOR: extern fn() = libdiffuzz_init_config; |
This is not a great idea for two reasons:
- This is not portable. This is already taking different codepaths depending on whether it's on Linux/BSD or macOS. Windows is currently not supported. What's worse, there is no way to tell if this actually works on your platform or not!
- This may kick in too late and miss initializing some heap-allocated memory in other libraries with similar hooks, so libdiffuzz will fail to expose some errors.
Currently libdiffuzz switches to non-deterministic mode after reading an environment variable from a function called from link-time "constructors" section:
libdiffuzz/src/lib.rs
Lines 31 to 33 in f0c7a8f
This is not a great idea for two reasons: