On Jan 24, 2015, at 2:43 PM, Gerald Combs <gerald@xxxxxxxxxxxxx> wrote:
> These were fixes that had to be made prior to fuzzing. As far as I can
> tell they fall into the "squelch a compiler warning" category. afl-gcc
> generates an instrumented executable, which you can then run under
> afl-fuzz (the actual fuzzer). According to the documentation the
> instrumentation isn't strictly necessary but it does enable more
> intelligent and efficient fuzzing.
So on what version of GCC is the version of afl-gcc you're running based? That might either be an incomplete data flow analysis in that version of GCC, or might be AFL extending the data flow analysis but not doing a complete job of it.
We've thrown in other unnecessary initializations to squelch warnings from incomplete data flow analysis, so I'm not bothered by that; my concern was that the data flow analysis had found a path through the code where it really *could* use an uninitialized variable.