Traditional CapSan is developed by leveraging the convenience of __asan_*
public interface provided by AddressSanitizer.
It links a piece of code called bug-severity-rt.o to target binary with the help of afl-cc.
So that a file which contains capability data can be saved when the target program crashes because of ASan-catchable errors. Later CapFuzz reads and utilizes this file.
However this workaround isn't easily scalable for other sanitizers - not everyone has similar interfaces and headers available in compiler suite (either LLVM or GNU GCC), and the interfaces may be various across different versions.
Therefore CapSanX is proposed as the next generation, inspired by Custom Mutators in AFL++. It wrappers some Python modules to parse capability info from sanitizer reports, with rich and flexible text processing features available. CapSanX is going to be provided as a C-style library so that CapFuzz can benefit from it.
CapSanX is still under development (may be slow but hopeful 😉).
CapSanX is under the Apache License v2.0 with LLVM Exceptions (same as llvm/llvm-project).
See LICENSE
for more details.