You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Screen output/Screenshots
If applicable, add copy-paste of the screen output or screenshot that shows the issue. Please ensure the output is in English and not in Chinese, Russian, German, etc.
Additional context
I debugged it a bit and found why the program crashes
This is the very instruction where the instrumented program crashes
Unfortunately, calling AFLPrevLoc->setAlignment(Align(32)) does not work in this case. It does align the AFLPrevLoc for the ELF executable, however, when it is mapped to the TLS (the memory region where RAX 0x7ffff7e9c750 is mapped), then the alignment is broken.
The text was updated successfully, but these errors were encountered:
tokatoka
changed the title
Programs instrumented with ngram crashes
Programs instrumented with ngram crash
Sep 7, 2023
IMPORTANT
dev
branch.e.g., a copy-paste of the contents of
out/default/fuzzer_setup
.Yes
Thank you for making AFL++ better!
Describe the bug
The program instrumented with ngram-16 crashes
To Reproduce
we can use libaom to reproduce
https://github.com/google/fuzzbench/tree/SBFT'23/benchmarks/libaom_av1_dec_fuzzer
Expected behavior
The program should not crash
Screen output/Screenshots
If applicable, add copy-paste of the screen output or screenshot that shows the issue. Please ensure the output is in English and not in Chinese, Russian, German, etc.
Additional context
I debugged it a bit and found why the program crashes
This is the very instruction where the instrumented program crashes
The problem is rax = 0x7ffff7e9c750 is not a 32 bytes aligned value. However, vmovdqa moves ymm0 (256 bits = 32bytes) register into memory and it expects the destination memory location to be 32bytes = aligned.
This rax is
AFLPrevLoc
, and it is setup here https://github.com/AFLplusplus/AFLplusplus/blob/stable/instrumentation/afl-llvm-pass.so.cc#L432Unfortunately, calling
AFLPrevLoc->setAlignment(Align(32))
does not work in this case. It does align the AFLPrevLoc for the ELF executable, however, when it is mapped to the TLS (the memory region whereRAX 0x7ffff7e9c750
is mapped), then the alignment is broken.The text was updated successfully, but these errors were encountered: