-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fuzzing crashes on the first seed #7
Comments
@zhunki It simply means your target programs crashes on the first input. AFL defines that the first input MUST NOT crash. You can use another input that not crash the target program. |
I have already fuzzed the target for a long time and pretty sure this seed shouldn't trigger a crash. I think the most possible reason is that the instrumentation may cause the target to crash. To confirm, I removed the original first seed and the fuzzing now crashes on the another first seed. |
I also faced this problem, did you solved it? |
Was anyone able to find a fix? |
Has anyone found a solution ? I'm facing the same problem. |
Make sure the target_method you can run many times first. |
me too... |
I am also having that issue |
[Auto Reply]已收到您的邮件。——Kira
|
Dear authhors,
First, glad to see there is such a cool tool to use. However, when I try to use it to fuzz a regular project, i.e., jsc, it crashes on the preform_dry_run step without any hints on waht is happending.
Pls see following output:
=====================================================
python ./bin/ptfuzzer.py "-S f1 -m 1G -t 100+ -i /home/cs/webkit_fuzz/stress/ -o /home/cs/webkit_fuzz/ptout/" "/home/cs/webkit_fuzz/webkit/noinst/Release/bin/jsc "
binary type is executable
Program base by cle: 0x0
Program entry by cle: 0x40b840
.jsc.text exists, if you want to regenerate it, just delete this file.
sudo ./bin/afl-ptfuzz -r .jsc.text -l 4241472 -h 4399058 -e 4241472 -S f1 -m 1G -t 100+ -i /home/cs/webkit_fuzz/stress/ -o /home/cs/webkit_fuzz/ptout/ /home/cs/webkit_fuzz/webkit/noinst/Release/bin/jsc @@
afl-fuzz 2.52b by [email protected]
raw_bin: .jsc.text
min_addr: 4241472
max_addr: 4399058
entry_point: 4241472
init pt fuzzer.
start to disassmble binary...
build_cofi_map, total number of cofi instructions: 9726
cofi map complete percentage: 100%
[+] You have 12 CPU cores and 17 runnable tasks (utilization: 142%).
[] Checking CPU core loadout...
[+] Found a free CPU core, binding to #0.
[] Checking core_pattern...
[] Checking CPU scaling governor...
[] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[] Deleting old session data...
[+] Output dir cleanup successful.
[] Scanning '/home/cs/webkit_fuzz/stress/'...
[+] No auto-generated dictionary tokens to reuse.
[] Creating hard links for all input files...
[] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:IIFE-es6-default-parameters.js'...
BRANCH_MODE is null, using default TNT mode.
Run ptfuzzer with TNT_MODE
[-] Oops, the program crashed with one of the test cases provided. There are
several possible explanations:
[-] PROGRAM ABORT : Test case 'id:000000,orig:IIFE-es6-default-parameters.js' results in a crash
Location : perform_dry_run(), /home/cs/ptfuzzer/ptfuzzer/afl-pt/afl-ptfuzz.c:2935
The text was updated successfully, but these errors were encountered: