Wireshark-dev: Re: [Wireshark-dev] [Wireshark-commits] master cf142c6: Get Wireshark to compile
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sat, 24 Jan 2015 15:07:55 -0800
On Jan 24, 2015, at 2:43 PM, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:

> These were fixes that had to be made prior to fuzzing. As far as I can
> tell they fall into the "squelch a compiler warning" category. afl-gcc
> generates an instrumented executable, which you can then run under
> afl-fuzz (the actual fuzzer). According to the documentation the
> instrumentation isn't strictly necessary but it does enable more
> intelligent and efficient fuzzing.

So on what version of GCC is the version of afl-gcc you're running based?  That might either be an incomplete data flow analysis in that version of GCC, or might be AFL extending the data flow analysis but not doing a complete job of it.

We've thrown in other unnecessary initializations to squelch warnings from incomplete data flow analysis, so I'm not bothered by that; my concern was that the data flow analysis had found a path through the code where it really *could* use an uninitialized variable.