commit b4a6c4fcf120da4153fb2b76ecf2e6cb3ad34a44
author Maksim Ivanov <emaxx@google.com> Fri Dec 09 02:32:39 2022 +0000
committer Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon Dec 12 17:39:18 2022 +0000
tree 154aea0b07e5af8c85a62c89a37550a9a67a6659
parent d5bc792b5f0d71a0c18e8a17003541b7da835e8b

scripts: cros_fuzz sets handle_sigtrap

Set handle_sigtrap=1 in sanitizer environment parameters in the
cros_fuzz shell.

This makes fuzzing more developer-friendly as by default the
sigtrap (int3) isn't intercepted by sanitizers, but that's how
Chromium's CHECK and LOG(FATAL) macros report errors.

BUG=b:254864841
TEST=create fuzzer which hits CHECK failure, run it under cros_fuzz shell, verify it prints stack trace and saves testcase on failure

Change-Id: I19318f4681f3f13081d64063473ec9066794d43c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/chromite/+/4091623
Reviewed-by: Manoj Gupta <manojgupta@chromium.org>
Commit-Queue: Maksim Ivanov <emaxx@chromium.org>
Tested-by: Maksim Ivanov <emaxx@chromium.org>
Reviewed-by: Jack Rosenthal <jrosenth@chromium.org>

scripts/cros_fuzz.py

diff --git a/scripts/cros_fuzz.py b/scripts/cros_fuzz.py
index 9933b05..0febaaa 100644
--- a/scripts/cros_fuzz.py
+++ b/scripts/cros_fuzz.py
@@ -415,7 +415,13 @@
     # log_path must be set because Chrome OS's patched compiler changes it.
     # disable odr violation since many fuzzers hit it and it is also disabled on
     # clusterfuzz.
-    options_dict = {"log_path": "stderr", "detect_odr_violation": "0"}
+    # handle_sigtrap is useful for catching int3 in assertion checks in ChromeOS
+    # code.
+    options_dict = {
+        "log_path": "stderr",
+        "detect_odr_violation": "0",
+        "handle_sigtrap": "1",
+    }
     options_dict.update(extra_options)
     sanitizer_options = ":".join("%s=%s" % x for x in options_dict.items())
     sanitizers = ("ASAN", "MSAN", "UBSAN")