honggfuzz
honggfuzz copied to clipboard
google
with d8
Hi I build d8 version 8.0.0 and and try an old poc that crash the d8 with Trace/breakpoint trap (core dumped) message, but when I use honggfuzz with the same d8 and same poc, it dose not gave me any crashes.
my build process for d8 is as follow
git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git && cd depot_tools && echo "export PATH=\$PATH:`pwd`" >> ~/.bashrc
source ~/.bashrc && cd ~ && mkdir V8 && cd V8 && fetch v8
./v8/build/install-build-deps.sh
git checkout a5376b7e8f647b69184c54462e48e2a4423aff44
gclient sync
tools/dev/gm.py x64.release d8
and this poc should crash the d8 with Trace/breakpoint trap (core dumped) output when we run it with this command ./d8 poc.js
function write(begin, end, step) {
for (var i = begin; i >= end; i += step) {
step = end - begin;
begin >>>= 805306382;
}
}
var buffer = new ArrayBuffer(16384);
var view = new Uint32Array(buffer);
for (let i = 0; i < 10000; i++) {
write(Infinity, 1, view[65536], 1);
}
and this is honggfuzz command to run it with d8 which is not works as expected
honggfuzz -r0 -V --input corpus/ -W crashes/ -- ./d8 ___FILE___
is what I did right? or I missed something?
