You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have some question about to run the afl.rs fuzzer(internally, use AFLplusplus) to RUST program with asan.
I run the commend like below :
RUSTFLAGS="-Zsanitizer=address" cargo afl fuzz -i in -o out target/x86_64-unknown-linux-gnu/debug/dtool b2h @@
However, there are some issue to handshake to fork server. The error message with AFL_DEBUG=1 flag is like below :
dy3199@s2lab05:~/fuzz-test/application/dtool$ AFL_DEBUG=1 RUSTFLAGS="-Zsanitizer=address" cargo afl fuzz -i in -o out target/x86_64-unknown-linux-gnu/debug/dtool b2h @@
MJU AFL
[+] Loaded environment variable AFL_DEBUG with value 1
[+] Loaded environment variable AFL_DEBUG with value 1
[+] Loaded environment variable AFL_PATH with value /home/dy3199/s2fuzz/scripts/afl.rs/AFLplusplus
[+] Loaded environment variable AFL_SKIP_BIN_CHECK with value 1
[+] Loaded environment variable AFL_SKIP_CPUFREQ with value 1
afl-fuzz++4.00c based on afl by Michal Zalewski and a large online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] NOTE: This is v3.x which changes defaults and behaviours - see README.md
[+] No -M/-S set, autoconfiguring for "-S default"
[*] Getting to work...
[+] Using exponential power schedule (FAST)
[+] Enabled testcache with 50 MB
[*] Checking core_pattern...
[+] You have 128 CPU cores and 38 runnable tasks (utilization: 30%).
[+] Try parallel jobs - see docs/parallel_fuzzing.md.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #1.
[*] Scanning 'in'...
[+] Loaded a total of 1 seeds.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] No auto-generated dictionary tokens to reuse.
[*] Attempting dry run with 'id:000000,time:0,execs:0,orig:input.txt'...
[*] Spinning up the fork server...
0x2f686f6d652f6479333139392f66757a7a2d746573742f6170706c69636174696f6e2f64746f6f6c2f6f75742f64656661756c742f2e6375725f696e707574
[-] Hmm, looks like the target binary terminated before we could complete a
handshake with the injected code. You can try the following:
- The target binary crashes because necessary runtime conditions it needs
are not met. Try to:
1. Run again with AFL_DEBUG=1 set and check the output of the target
binary for clues.
2. Run again with AFL_DEBUG=1 and 'ulimit -c unlimited' and analyze the
generated core dump.
- Possibly the target requires a huge coverage map and has CTORS.
Retry with setting AFL_MAP_SIZE=10000000.
Otherwise there is a horrible bug in the fuzzer.
Poke <afl-users@googlegroups.com> for troubleshooting tips.
[-] PROGRAM ABORT : Fork server handshake failed
Location : afl_fsrv_start(), src/afl-forkserver.c:1229
I'm not sure but i guess the problem occur the limitation of the virtual memory to run the fuzzer. If the fuzzer run without the asan, then it works! However, if I add the address sanitizer to build and run commend, then it generate the error like above.
I have no insight to solve the problem. How to solve this problem???
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hello everyone!
I have some question about to run the afl.rs fuzzer(internally, use AFLplusplus) to RUST program with asan.
I run the commend like below :
RUSTFLAGS="-Zsanitizer=address" cargo afl fuzz -i in -o out target/x86_64-unknown-linux-gnu/debug/dtool b2h @@
However, there are some issue to handshake to fork server. The error message with AFL_DEBUG=1 flag is like below :
I'm not sure but i guess the problem occur the limitation of the virtual memory to run the fuzzer. If the fuzzer run without the asan, then it works! However, if I add the address sanitizer to build and run commend, then it generate the error like above.
I have no insight to solve the problem. How to solve this problem???
Thank you very much! Have a nice day!
Cheers
Beta Was this translation helpful? Give feedback.
All reactions