On 16/07/2025 19:11, Frank Plowman wrote: > > > On 16/07/2025 18:58, Kacper Michajlow wrote: >> On Tue, 15 Jul 2025 at 00:24, Michael Niedermayer >> wrote: >>> >>> --- >>> configure | 4 ++-- >>> 1 file changed, 2 insertions(+), 2 deletions(-) >>> >>> diff --git a/configure b/configure >>> index fc082d5467e..e568eed55d3 100755 >>> --- a/configure >>> +++ b/configure >>> @@ -4606,8 +4606,8 @@ set >> $logfile >>> test -n "$valgrind" && toolchain="valgrind-memcheck" >>> >>> enabled ossfuzz && ! echo $CFLAGS | grep -q -- "-fsanitize=" && ! echo $CFLAGS | grep -q -- "-fcoverage-mapping" &&{ >>> - add_cflags -fsanitize=address,undefined -fsanitize-coverage=trace-pc-guard,trace-cmp -fno-omit-frame-pointer >>> - add_ldflags -fsanitize=address,undefined -fsanitize-coverage=trace-pc-guard,trace-cmp >>> + add_cflags -fsanitize=fuzzer,address,undefined -fsanitize-memory-track-origins -fno-omit-frame-pointer >>> + add_ldflags -fsanitize=address,undefined >>> } >> >> How about we remove this block of code? Or move it to >> --toolchain=clang-fuzz for local build? In oss-fuzz build environment >> (docker) this flags shouldn't be injected (and are not because of grep >> checks) and instead CFLAGS are used for compile flags and >> --libfuzzer for linking. >> >> - Kacper > > +1 > > I have a patch locally which does something similar. We could add these > flags only to those targets which need to be compiled with libfuzzer, > rather than to all CFLAGS. It saves you having to re-configure if you > want to compile some fftool, then some fuzzer binary or vice-versa. > It occurred to me that my suggestion might only work in my situation because I am not actually using the fuzzer binaries to fuzz anything, but only to run individual fuzzed bitstreams which I have produced using a different fuzzer. In this situation, it is okay to only link the final executables with the libfuzzer flags and not the libs. Maybe if you want to actually do fuzzing with libfuzzer, though, you also need the libfuzzer flags when linking the libs in order to get the relevant coverage instrumentation? -- Frank