When `libFuzzer` is used as a fuzzing engine it conveniently puts
everything it finds into its working directory, which happens to
be $OUT. When any other engine is used, the output is sent to /tmp,
which disappears as soon as the container stops. That makes it
unnecessarily hard to extract reproducers found by afl for further analysis
without joining the mount namespace of a running container and
almost impossible with `honggfuzz`, that exits immediately after a crash.
Currently, dictionaries are taken into account only when `libfuzzer` is
used as a fuzzing engine (and also apparently `none` but I'm not sure what it is).
This patch makes it possible to make use of dictionaries with other fuzzing
engines too. I didn't touch the code handling options passed to libFuzzer
so as not to break anything :-)
* Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
* Quote the parameter to -name so the shell won't interpret it.
* Add AFL bad build checks (instrumentation, startup crash).
* Fix incorrect seed corpus unpack for afl bad instrumentation, startup crash test
* Match AFL startup crash check with ClusterFuzz
Separate test_report script runs tests and generates junit-style
reports. The script doesn't fail when fuzzer fails, but marks it as
failed instead.
Fixes#168
Evgeny Vereshchagin