hello，I am trying to fuzz Android cmdline elf with qasan and afl++ <div class="sni

thanks for the patch, and there are some error in my test: <div class="snippet-cli

fail to compiling libqasan with NDK about qasan HOT 5 CLOSED

andreafioraldi commented on May 17, 2024

fail to compiling libqasan with NDK

from qasan.

Comments (5)

andreafioraldi commented on May 17, 2024

The errors seems quite clear. You have to hook __bionic_bzero instead of bzero (just change the function name) and replace void with const void in malloc_usable_size.
I didn't build libqasan with android in mind, but if this solves your usecase I can push a simple patch.

from qasan.

andreafioraldi commented on May 17, 2024

Pull again and test if now works.

from qasan.

wuk0n9 commented on May 17, 2024

thanks for the patch, and there are some error in my test:

/home/zero/Documents/android-ndk-r21b/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android29-clang  -fPIC -shared -I ../include libqasan.c hooks.c malloc.c string.c uninstrument.c patch.c -o libqasan.so -ldl -pthread
hooks.c:177:22: error: invalid application of 'sizeof' to an incomplete type 'FILE' (aka 'struct __sFILE')
  QASAN_LOAD(stream, sizeof(FILE));
                     ^     ~~~~~~
../include/qasan.h:243:45: note: expanded from macro 'QASAN_LOAD'
  QASAN_CALL2(QASAN_ACTION_CHECK_LOAD, ptr, len)
                                            ^~~
../include/qasan.h:236:43: note: expanded from macro 'QASAN_CALL2'
  syscall(QASAN_FAKESYS_NR, action, arg1, arg2, NULL)
                                          ^~~~
/home/zero/Documents/android-ndk-r21b/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include/stdio.h:58:8: note: forward declaration of 'struct __sFILE'
struct __sFILE;
       ^
hooks.c:300:6: error: redefinition of '__bionic_bzero'
void __bionic_bzero(void *s, size_t n) {
     ^
/home/zero/Documents/android-ndk-r21b/toolchains/llvm/prebuilt/linux-x86_64/bin/../sysroot/usr/include/strings.h:62:40: note: previous definition is here
static __inline__ __always_inline void __bionic_bzero(void* b, size_t len) {
                                       ^
2 errors generated.

it seem that __bionic_bzero is inline func in NDK, I don't know if it still work by hook __bionic_bzero .

from qasan.

wuk0n9 commented on May 17, 2024

checked that symbol "bzero" is not in NDK's lib, I think maybe there is no need to hook bzero func in NDK .
I removed bzero part on hook.c ， the code pass compile and seem stable at fuzzing by now.

And I removed 'sizeof(FILE)' line in fgets func to pass compile .

char *fgets(char *s, int size, FILE *stream) {

  void *rtv = __builtin_return_address(0);

  QASAN_DEBUG("%14p: fgets(%p, %d, %p)\n", rtv, s, size, stream);
  QASAN_STORE(s, size);
  //QASAN_LOAD(stream, sizeof(FILE));
  char *r = __lq_libc_fgets(s, size, stream);
  QASAN_DEBUG("\t\t = %p\n", r);
  return r;
}

qasan will lost memory read record about the FILE struct when deal with fgets func,and I wonder if we can replace sizeof(FILE) with some const int when using NDK?

from qasan.

andreafioraldi commented on May 17, 2024

Problably you should find the header that defines FILE and include it when __BIONIC is defined. If you get it working, please do a PR.

from qasan.

fail to compiling libqasan with NDK about qasan HOT 5 CLOSED

Comments (5)

Related Issues (14)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent