bitsecurerlab / aflplusplus-hier Goto Github PK

afl/afl++ with a hierarchical seed scheduler

License: Apache License 2.0

Dockerfile 0.23% Makefile 2.27% Shell 3.67% Python 2.52% C 82.91% C++ 7.93% Objective-C 0.47% JavaScript 0.01% Rich Text Format 0.01%

aflplusplus-hier's People

Contributors

Stargazers

Watchers

Forkers

bolonglin ufwt wliuxingxiangyu sucof musemamba puppet-meteor zfusheng anlowee sjmluo midzishi gtt1995

aflplusplus-hier's Issues

Cannot find new seed in some binaries

The fuzzer cannot find any new seed when fuzzing some binaries.
The environment is successfully set and it works on most binaries except the following three. I also test these binaries on the AFLplusplus and everything works well.

Command

mp4info

./afl-fuzz -Q -m none -d -d -i fuzz_in -o fuzz_out-- ./fuzz_bin/mp4info --show-layout --show-samples --show-sample-data @@

tiffcrop

./afl-fuzz -Q -m none -d -i fuzz_in -o fuzz_out -- ./fuzz_bin/tiffcrop -i @@ output.tiff

nm

./afl-fuzz -Q -m none -d -d -i fuzz_in -o fuzz_out -- ./fuzz_bin/nm-new -C -a -l --synthetic @@

Evaluation Target and Initial Seed

mp4info.zip
tiffcrop.zip
nm.zip

malformed data in fuzzer_stats

Hi, there

The project aborted with the following information：

./afl-fuzz -Q -i fuzz_in_elf/ -o fuzz_out_elf -- readelf -a @@
... 
[+] All set and ready to roll!
[1]    12756 segmentation fault  ./afl-fuzz -Q -i fuzz_in_elf/ -o fuzz_out_elf -- ./readelf -a @@

Asan

[+] All test cases processed.
...
[+] All set and ready to roll!
Warning: not running

System info

Ubuntu 16.04 xenial

A typo in your paper.

"Greybox fuzzing was introduced as early as in 2016 by Sidewinder[16]."
I think it should be 2006, right?

Timeout while initializing fork server when Fuzzing jq with asan

I fuzz jq program using the aflplusplus-hier and get the fault as below. My jq propgram is compiled with address sanitizer(ASAN).
The running command is:
afl-fuzz -m none -t 1000+ -i in/ -o in_hier/ ./build/bin/jq ".[]" @@

[+] Loaded environment variable AFL_SKIP_CPUFREQ with value 1
[+] Loaded environment variable AFL_USE_MULTI_LEVEL_COV with value 1
[+] Loaded environment variable AFL_USE_HIER_SCHEDULE with value 1
[+] Loaded environment variable AFL_PATH with value /opt/dataset/huanggh/fuzz/afl-hier
afl-fuzz++2.68c based on afl by Michal Zalewski and a big online community
[+] afl++ is maintained by Marc "van Hauser" Heuse, Heiko "hexcoder" Eißfeldt, Andrea Fioraldi and Dominik Maier
[+] afl++ is open source, get it at https://github.com/AFLplusplus/AFLplusplus
[+] Power schedules from github.com/mboehme/aflfast
[+] Python Mutator and llvm_mode instrument file list from github.com/choller/afl
[+] MOpt Mutator from github.com/puppet-meteor/MOpt-AFL
[+] use multi-level coverage
[+] use hierarchical seed scheduler
[*] Getting to work...
[+] Using exploration-based constant power schedule (EXPLORE, default)
[*] Checking core_pattern...
[+] You have 56 CPU cores and 5 runnable tasks (utilization: 9%).
[+] Try parallel jobs - see /usr/local/share/doc/afl/parallel_fuzzing.md.
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Checking CPU core loadout...
[+] Found a free CPU core, try binding to #4.
[*] Scanning 'in'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:00000000,time:0,orig:Adyen_adyen-magento2.json'...
[*] Spinning up the fork server...

[-] PROGRAM ABORT : Timeout while initializing fork server (adjusting -t may help)
         Location : afl_fsrv_start(), src/afl-forkserver.c:769

error when `make distrib` afl_hier

what should I solve the error? I guess it probably cpp file is suitable c file.

/usr/bin/ld: /tmp/ccFPfyeZ.o: in function `fuzz_one':
/home/k/Desktop/aflplusplus-hier/afl-fuzz.c:6443: undefined reference to `UR'
/usr/bin/ld: /home/k/Desktop/aflplusplus-hier/afl-fuzz.c:6286: undefined reference to `UR'
/usr/bin/ld: /home/k/Desktop/aflplusplus-hier/afl-fuzz.c:6288: undefined reference to `UR'
/usr/bin/ld: /home/k/Desktop/aflplusplus-hier/afl-fuzz.c:6262: undefined reference to `UR'
/usr/bin/ld: /home/k/Desktop/aflplusplus-hier/afl-fuzz.c:6264: undefined reference to `UR'
/usr/bin/ld: /tmp/ccFPfyeZ.o:/home/k/Desktop/aflplusplus-hier/afl-fuzz.c:6238: more undefined references to `UR' follow
collect2: error: ld returned 1 exit status
make: *** [Makefile:81: afl-fuzz] Error 1

Memory Leak

I have been running AFL-Hier for some longer fuzzing campaigns (about 72 hours). It appears that AFL-Hier has a memory leak consumes a considerable amount of memory (over 2TB).

Did you have the same issue when running for longer fuzzing campaigns? I can see in the paper that you have published along side of the code has a maximum fuzz time of 6 hours and majority of the benchmarks do crash around this point.

One example on the FuzzBench benchmark that crashes quite earlgy on is php_php-fuzz-parser (which appears to have been omitted from the paper). After trying to recreate the experiments, I have noticed that this has crashed about the 6 hour mark because it took excessive amount of memory (over 2TB).

Did you experience a similar issue? Or is this a problem with my set up? It would be appreciated it you could provide some assistance here.