Comments (12)
Can you confirm that AFL++ finds paths on the same target binary?
from nautilus.
Can you confirm that AFL++ finds paths on the same target binary?
Yes, AFL++ works well with enlarging memory settings by using -m none
.
american fuzzy lop ++2.64d (ch) [explore] {0}
┌─ process timing ────────────────────────────────────┬─ overall results ────┐
│ run time : 0 days, 0 hrs, 0 min, 8 sec │ cycles done : 0 │
│ last new path : 0 days, 0 hrs, 0 min, 0 sec │ total paths : 31 │
│ last uniq crash : none seen yet │ uniq crashes : 0 │
│ last uniq hang : none seen yet │ uniq hangs : 0 │
├─ cycle progress ───────────────────┬─ map coverage ─┴──────────────────────┤
│ now processing : 0.0 (0.0%) │ map density : 3.26% / 7.39% │
│ paths timed out : 0 (0.00%) │ count coverage : 1.69 bits/tuple │
├─ stage progress ───────────────────┼─ findings in depth ───────────────────┤
│ now trying : calibration │ favored paths : 20 (64.52%) │
│ stage execs : 17/40 (42.50%) │ new edges on : 30 (96.77%) │
│ total execs : 1097 │ total crashes : 0 (0 unique) │
│ exec speed : 55.31/sec (slow!) │ total tmouts : 0 (0 unique) │
├─ fuzzing strategy yields ──────────┴───────────────┬─ path geometry ───────┤
│ bit flips : 0/0, 0/0, 0/0 │ levels : 2 │
│ byte flips : 0/0, 0/0, 0/0 │ pending : 31 │
│ arithmetics : 0/0, 0/0, 0/0 │ pend fav : 20 │
│ known ints : 0/0, 0/0, 0/0 │ own finds : 10 │
│ dictionary : 0/0, 0/0, 0/0 │ imported : n/a │
│ havoc/rad : 0/0, 0/0, 0/0 │ stability : 99.63% │
│ py/custom : 0/0, 0/0 ├───────────────────────┘
│ trim : 28.69%/88, n/a │ [cpu000: 6%]
└────────────────────────────────────────────────────┘
from nautilus.
I'll look into this later. Can you check if it works without the bitmap size changes?
from nautilus.
I'll look into this later. Can you check if it works without the bitmap size changes?
Still no path without bitmap size changes.
from nautilus.
I tried to compile chakracore with afl-clang-fast, but ran into some problems regarding the fact that it is split into the "ch" binary, and libChakraCore.so. Could you post your build steps in a reproducible way?
from nautilus.
I tried to compile chakracore with afl-clang-fast, but ran into some problems regarding the fact that it is split into the "ch" binary, and libChakraCore.so. Could you post your build steps in a reproducible way?
I build ChakraCore with ./build.sh --cc=/path/to/afl-clang-fast --cxx=/path/to/afl-clang-fast++ --static -j=30
.
Then fuzz "ch" with nautilus.
from nautilus.
Cool, looking into it. Didn't see the --static flag.
from nautilus.
Ok I can reproduce this. Looking into it.
from nautilus.
Should be fixed by a132369, when porting the Forkserver we forgot to add the program path to the argument list, resulting in ch not receiving the input file path. Please verify and close this issue.
from nautilus.
Thanks for fixing! It works well now.
from nautilus.
Just a notification lol.
https://github.com/nautilus-fuzz/nautilus/blob/master/fuzzer/src/fuzzer.rs#L339
from nautilus.
Yeah, that's the "stability score" of AFL expressed... well... less optimally^^ If you see lots of these (with ch you will), that means the bitmap target is pretty nondeterministic.
from nautilus.
Related Issues (20)
- Large path gap in ChakraCore fuzz HOT 1
- Hangup in php fuzz HOT 4
- Cannot generate grammar caused by panic HOT 1
- shmem error when fuzzing solidity HOT 1
- Bug in regex_mutator unicode generation
- Error while compile and run test demo HOT 1
- `#![feature]` may not be used on the stable release channel
- regex_mutator always outputting empty strings HOT 2
- thread 'fuzzer_1' panicked at 'couldn't read child hello HOT 2
- does not compile with latest rust toolchains. HOT 12
- Cannot Compile Generator HOT 1
- Error while running the generator
- some errors while fuzzing HOT 5
- share memory config error HOT 1
- `regex_mutator::generate()` panics
- Panicked while fuzzing HOT 7
- Regex mutator panics when producing u32 values above char::MAX
- Support for specifying binary protocols/formats
- Add weights to grammar
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nautilus.