fdu-sec / nestfuzz Goto Github PK
View Code? Open in Web Editor NEWA structure-aware grey box fuzzer based on modeling the input processing logic.
License: Apache License 2.0
A structure-aware grey box fuzzer based on modeling the input processing logic.
License: Apache License 2.0
after about 1 hour run, and find about 4000 path, afl aborted with :Segmentation fault
here is dmesg:
[ 5672.142580] afl-fuzz[290621]: segfault at 28 ip 0000574211ea117a sp 00007fff56d034d0 error 4 in afl-fuzz[574211e8a000+2f000] likely on CPU 1 (core 0, socket 0)
[ 5672.142591] Code: 54 24 30 48 8b 74 24 48 48 8b 3c 24 e8 cf 98 fe ff 31 f6 31 ff e8 76 2b ff ff 48 8b 4c 24 20 48 89 c3 48 89 c6 48 89 44 24 18 <48> 8b 79 28 e8 fd a3 ff ff 8b 1b 89 5c 24 10 c1 e3 03 0f 84 00 0d
is there some bug in afl?
Hello, I wrote a test program and executed a function that contains an fseek operation. The 0-1 bytes of the input file should have influenced subsequent buffer array values through the offset (fseek) operation. However, the resulting track file does not contain any items of type offset. What could be causing this issue, and how can I resolve it?
Here's the code for the test program:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "../dfsan_rt/dfsan_interface.h"
void posix_test()
{
FILE *fd;
fd = fopen("proto.isi", "rb");
fseek(fd, 0, SEEK_END);
int fsize = ftell(fd);
fseek(fd, 0, SEEK_SET);
printf("file size %d\n", fsize);
unsigned char buffer[128];
fread(buffer, sizeof(char), 2, fd);
int offset = (int)buffer[0];
int len = (int)buffer[1];
printf("\n offset is %d, len is %d\n", offset, len);
fread(buffer, sizeof(char), len, fd);
for(int i=0; i < len; i++)
{
printf("%x ", buffer[i]);
}
printf("\n");
fclose(fd);
}
int main()
{
posix_test();
return 0;
}
Here's the track file:
{
"0000000000000003": {
"start": 1,
"end": 2,
"type": "length",
"000000000000000E": {
"start": 8,
"end": 12
}
},
"0000000000000003": {
"start": 1,
"end": 2,
"type": "length",
"B1A623D7C164BA93": {
"start": 8,
"end": 12
}
}
}
I compiled ipl-modeling/test/loopTest.c
with test-clang loopTest.c -o loopTestNew
. However the executing result of loopTestNew
is not the same as loopTest
. Can someone help to explain it?
0123456789
fp_label: 0
[]
buffer_label: 0
[]
dst_label: 0
[]
34
buffer_label: 0
[]
dst_label: 0
[]
buffer_label: 0
[]
dst_label: 0
[]
buffer_label: 0
[]
dst_label: 0
[]
Hi,
Thanks for the nice project.
I tried to run the motivating example from the paper (MP4Box) but failed. The issue comes from the dependence on the zlib
package. I can successfully compile the following code suggested by the configure
file in the gpac
project with gcc -lz test.c
, so I think the zlib
library is well-installed on my local machine (ubuntu 20.04, gcc-9.4).
$cat test.c
#include <string.h>
#include <stdio.h>
#include <zlib.h>
int main( void ) { if (strcmp(zlibVersion(), ZLIB_VERSION)) { puts("zlib version differs !!!"); return 1; } return 0; }
Also, I checked the locations of libz
libraries:
$ locate libz.so
/usr/lib/x86_64-linux-gnu/libz.so
/usr/lib/x86_64-linux-gnu/libz.so.1
/usr/lib/x86_64-linux-gnu/libz.so.1.2.11
But when I run with CC=xx/NestFuzz/ipl-modeling/install/test-clang CXX=xx/NestFuzz/ipl-modeling/install/test-clang++ ./configure --disable-shared
, I got the error error: zlib not found on system or in local libs
.
Did you encounter the above issue?
I also tried to enforce to let the variable has_zlib=''sysmtem''
, the execution of ./configure
works well but I got the following errors when I executed make
in the following
clang -o ../../bin/gcc/gpac main.o -L../../bin/gcc -lgpac -Wl,-rpath,$ORIGIN -Wl,-rpath-link,../../bin/gcc -L/usr/lib/x86_64-linux-gnu -Wl,--warn-common -lz -Xclang -load -Xclang /home/haoxin/research/structured-fuzz/NestFuzz/ipl-modeling/install/pass/libLoopHandlingPass.so -mllvm -chunk-exploitation-list=/home/haoxin/research/structured-fuzz/NestFuzz/ipl-modeling/install/rules/exploitation_list.txt -Xclang -load -Xclang /home/haoxin/research/structured-fuzz/NestFuzz/ipl-modeling/install/pass/libDFSanPass.so -mllvm -chunk-dfsan-abilist=/home/haoxin/research/structured-fuzz/NestFuzz/ipl-modeling/install/rules/angora_abilist.txt -mllvm -chunk-dfsan-abilist=/home/haoxin/research/structured-fuzz/NestFuzz/ipl-modeling/install/rules/dfsan_abilist.txt -pie -fpic -Qunused-arguments -fno-discard-value-names -g -O0 -Wl,--whole-archive /home/haoxin/research/structured-fuzz/NestFuzz/ipl-modeling/install/lib/libdfsan_rt-x86_64.a -Wl,--no-whole-archive -Wl,--dynamic-list=/home/haoxin/research/structured-fuzz/NestFuzz/ipl-modeling/install/lib/libdfsan_rt-x86_64.a.syms /home/haoxin/research/structured-fuzz/NestFuzz/ipl-modeling/install/lib/libruntime.so /home/haoxin/research/structured-fuzz/NestFuzz/ipl-modeling/install/lib/libDFSanIO.a -lstdc++ -lrt -Wl,--no-as-needed -Wl,--gc-sections -ldl -lpthread -lm
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$uncompress'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$crc32'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$inflateReset'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$deflateInit_'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$inflateInit2_'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$inflate'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$inflateInit_'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$deflateSetDictionary'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$inflateEnd'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$deflateInit2_'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$deflate'
/usr/bin/ld: ../../bin/gcc/libgpac.so: undefined reference to `dfs$deflateEnd'
clang-10: error: linker command failed with exit code 1 (use -v to see invocation)
make[2]: *** [Makefile:57: gpac] Error 1
make[2]: Leaving directory '/home/haoxin/research/structured-fuzz/benchmarks/mp4-gpac/gpac-model/applications/gpac'
make[1]: *** [Makefile:41: apps] Error 2
make[1]: Leaving directory '/home/haoxin/research/structured-fuzz/benchmarks/mp4-gpac/gpac-model/applications'
make: *** [Makefile:14: all] Error 2
Could you please share a bit about how you run or what building commands you used to run GPAC? Thank you so much for your help!
Best regards,
Haoxin
I am experimenting with nestfuzz on tiff-4.0.4
the configure script hangs when it does ANSI include checks, I bypassed this by configuring normally and then swichting the compiler with sed -i 's|gcc|test-clang|g' Makefile */Makefile
during compilation the llvm plugin crashes for tif_close.c:
/bin/bash ../libtool --tag=CC --mode=compile /prg/NestFuzz/ipl-modeling/install/test-clang -DHAVE_CONFIG_H -I. -g -O2 -Wall -W -MT tif_close.lo -MD -MP -MF .deps/tif_close.Tpo -c -o tif_close.lo tif_close.c
libtool: compile: /prg/NestFuzz/ipl-modeling/install/test-clang -DHAVE_CONFIG_H -I. -g -O2 -Wall -W -MT tif_close.lo -MD -MP -MF .deps/tif_close.Tpo -c tif_close.c -o tif_close.o
use_zlib: (null)
clang -DHAVE_CONFIG_H -I. -g -Wall -W -MT tif_close.lo -MD -MP -MF .deps/tif_close.Tpo -c tif_close.c -o tif_close.o -Xclang -load -Xclang /prg/NestFuzz/ipl-modeling/install/pass/libLoopHandlingPass.so -mllvm -chunk-exploitation-list=/prg/NestFuzz/ipl-modeling/install/rules/exploitation_list.txt -Xclang -load -Xclang /prg/NestFuzz/ipl-modeling/install/pass/libDFSanPass.so -mllvm -chunk-dfsan-abilist=/prg/NestFuzz/ipl-modeling/install/rules/angora_abilist.txt -mllvm -chunk-dfsan-abilist=/prg/NestFuzz/ipl-modeling/install/rules/dfsan_abilist.txt -pie -fpic -Qunused-arguments -fno-discard-value-names -g -O0
clang: /prg/llvm-10/llvm/lib/IR/Instructions.cpp:400: void llvm::CallInst::init(llvm::FunctionType *, llvm::Value *, ArrayRef<llvm::Value *>, ArrayRef<llvm::OperandBundleDef>, const llvm::Twine &): Assertion `(i >= FTy->getNumParams() || FTy->getParamType(i) == Args[i]->getType()) && "Calling a function with a bad signature!"' failed.
Stack dump:
0. Program arguments: clang -DHAVE_CONFIG_H -I. -g -Wall -W -MT tif_close.lo -MD -MP -MF .deps/tif_close.Tpo -c tif_close.c -o tif_close.o -Xclang -load -Xclang /prg/NestFuzz/ipl-modeling/install/pass/libLoopHandlingPass.so -mllvm -chunk-exploitation-list=/prg/NestFuzz/ipl-modeling/install/rules/exploitation_list.txt -Xclang -load -Xclang /prg/NestFuzz/ipl-modeling/install/pass/libDFSanPass.so -mllvm -chunk-dfsan-abilist=/prg/NestFuzz/ipl-modeling/install/rules/angora_abilist.txt -mllvm -chunk-dfsan-abilist=/prg/NestFuzz/ipl-modeling/install/rules/dfsan_abilist.txt -pie -fpic -Qunused-arguments -fno-discard-value-names -g -O0
1. <eof> parser at end of file
2. Per-module optimization passes
3. Running pass 'LoopHandlingPass' on module 'tif_close.c'.
#0 0x0000000003e3a197 llvm::sys::PrintStackTrace(llvm::raw_ostream&) /prg/llvm-10/llvm/lib/Support/Unix/Signals.inc:564:11
#1 0x0000000003e3a329 PrintStackTraceSignalHandler(void*) /prg/llvm-10/llvm/lib/Support/Unix/Signals.inc:625:1
#2 0x0000000003e38be3 llvm::sys::RunSignalHandlers() /prg/llvm-10/llvm/lib/Support/Signals.cpp:68:5
#3 0x0000000003e39aae llvm::sys::CleanupOnSignal(unsigned long) /prg/llvm-10/llvm/lib/Support/Unix/Signals.inc:362:1
#4 0x0000000003d4642e (anonymous namespace)::CrashRecoveryContextImpl::HandleCrash(int, unsigned long) /prg/llvm-10/llvm/lib/Support/CrashRecoveryContext.cpp:0:7
#5 0x0000000003d466bf CrashRecoverySignalHandler(int) /prg/llvm-10/llvm/lib/Support/CrashRecoveryContext.cpp:383:1
#6 0x00007ffff665afd0 (/lib/x86_64-linux-gnu/libc.so.6+0x3bfd0)
#7 0x00007ffff66a9d3c (/lib/x86_64-linux-gnu/libc.so.6+0x8ad3c)
#8 0x00007ffff665af32 raise ../sysdeps/posix/raise.c:27:6
#9 0x00007ffff6645472 abort (/lib/x86_64-linux-gnu/libc.so.6+0x26472)
#10 0x00007ffff6645395 (/lib/x86_64-linux-gnu/libc.so.6+0x26395)
#11 0x00007ffff6653e32 (/lib/x86_64-linux-gnu/libc.so.6+0x34e32)
#12 0x00000000033f5c34 llvm::CallInst::init(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*> >, llvm::Twine const&) /prg/llvm-10/llvm/lib/IR/Instructions.cpp:398:5
#13 0x00007ffff7fbe644 llvm::CallInst::Create(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::ArrayRef<llvm::OperandBundleDefT<llvm::Value*> >, llvm::Twine const&, llvm::Instruction*) (/prg/NestFuzz/ipl-modeling/install/pass/libLoopHandlingPass.so+0xe644)
#14 0x00007ffff7fbe1b0 llvm::IRBuilder<llvm::ConstantFolder, llvm::IRBuilderDefaultInserter>::CreateCall(llvm::FunctionType*, llvm::Value*, llvm::ArrayRef<llvm::Value*>, llvm::Twine const&, llvm::MDNode*) (/prg/NestFuzz/ipl-modeling/install/pass/libLoopHandlingPass.so+0xe1b0)
#15 0x00007ffff7fbb68d (anonymous namespace)::LoopHandlingPass::visitExploitation(llvm::Instruction*) (/prg/NestFuzz/ipl-modeling/install/pass/libLoopHandlingPass.so+0xb68d)
#16 0x00007ffff7fb93be (anonymous namespace)::LoopHandlingPass::runOnModule(llvm::Module&) (/prg/NestFuzz/ipl-modeling/install/pass/libLoopHandlingPass.so+0x93be)
Hello
I met some errors when compiling libtiff-model
clang: error: unsupported option '-V -Xclang'
configure:4132: $? = 1
configure:4121: /home/hunter/protest/NestFuzz/ipl-modeling/install/test-clang -qversion >&5
clang: error: unknown argument '-qversion'; did you mean '--version'?
Is this related to the clang version? (I use clang 10) How to fix these errors?
I am a newbie in fuzz testing. I am trying to reproduce NestFuzz and follow the readme. There is no crash within 23 hours. Is this normal? It is shown in the paper that the average result of fuzz testing tiffsplit is 13. At the same time, I also want to use NestFuzz to test other programs. How to do this? Hope to get your help, thank you!
/usr/bin/ld: /tmp/ccr2blME.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of
top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here
/usr/bin/ld: /tmp/ccr2blME.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here /usr/bin/ld: /tmp/ccr2blME.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of
queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here
/usr/bin/ld: /tmp/ccr2blME.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here /usr/bin/ld: /tmp/ccr2blME.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of
queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here
/usr/bin/ld: /tmp/cc0m6ieh.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here /usr/bin/ld: /tmp/cc0m6ieh.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of
queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here
/usr/bin/ld: /tmp/cc0m6ieh.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here /usr/bin/ld: /tmp/cc0m6ieh.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of
queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here
/usr/bin/ld: /tmp/cc0m6ieh.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here /usr/bin/ld: /tmp/ccfU4uyb.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of
top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here
/usr/bin/ld: /tmp/ccfU4uyb.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here /usr/bin/ld: /tmp/ccfU4uyb.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of
queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here
/usr/bin/ld: /tmp/ccfU4uyb.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here /usr/bin/ld: /tmp/ccfU4uyb.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of
queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here
/usr/bin/ld: /tmp/ccjThZe1.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here /usr/bin/ld: /tmp/ccjThZe1.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of
queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here
/usr/bin/ld: /tmp/ccjThZe1.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here /usr/bin/ld: /tmp/ccjThZe1.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of
q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here
/usr/bin/ld: /tmp/ccjThZe1.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here /usr/bin/ld: /tmp/cct92SZa.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of
queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here
/usr/bin/ld: /tmp/cct92SZa.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here /usr/bin/ld: /tmp/cct92SZa.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of
top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here
/usr/bin/ld: /tmp/cct92SZa.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here /usr/bin/ld: /tmp/cct92SZa.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of
queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here
/usr/bin/ld: /tmp/ccY4NADw.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here /usr/bin/ld: /tmp/ccY4NADw.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of
top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here
/usr/bin/ld: /tmp/ccY4NADw.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here /usr/bin/ld: /tmp/ccY4NADw.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of
queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here
/usr/bin/ld: /tmp/ccY4NADw.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here /usr/bin/ld: /tmp/ccVXovAt.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of
queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here
/usr/bin/ld: /tmp/ccVXovAt.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here /usr/bin/ld: /tmp/ccVXovAt.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of
queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here
/usr/bin/ld: /tmp/ccVXovAt.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here /usr/bin/ld: /tmp/ccVXovAt.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of
queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here
/usr/bin/ld: /tmp/ccIUdc8x.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here /usr/bin/ld: /tmp/ccIUdc8x.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of
top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here
/usr/bin/ld: /tmp/ccIUdc8x.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here /usr/bin/ld: /tmp/ccIUdc8x.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of
queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here
/usr/bin/ld: /tmp/ccIUdc8x.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here /usr/bin/ld: /tmp/ccBh9Mit.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of
top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here
/usr/bin/ld: /tmp/ccBh9Mit.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here /usr/bin/ld: /tmp/ccBh9Mit.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of
queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here
/usr/bin/ld: /tmp/ccBh9Mit.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here /usr/bin/ld: /tmp/ccBh9Mit.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of
queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here
/usr/bin/ld: /tmp/ccM4ih4X.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here /usr/bin/ld: /tmp/ccM4ih4X.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of
queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here
/usr/bin/ld: /tmp/ccM4ih4X.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here /usr/bin/ld: /tmp/ccM4ih4X.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of
q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here
/usr/bin/ld: /tmp/ccM4ih4X.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here /usr/bin/ld: /tmp/ccWTbKt6.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of
top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here
/usr/bin/ld: /tmp/ccWTbKt6.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here /usr/bin/ld: /tmp/ccWTbKt6.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of
queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here
/usr/bin/ld: /tmp/ccWTbKt6.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here /usr/bin/ld: /tmp/ccWTbKt6.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of
queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here
/usr/bin/ld: /tmp/ccUwxjth.o:/home/senku/NestFuzz/afl-fuzz.h:274: multiple definition of top_rated'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:274: first defined here /usr/bin/ld: /tmp/ccUwxjth.o:/home/senku/NestFuzz/afl-fuzz.h:271: multiple definition of
q_prev100'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:271: first defined here
/usr/bin/ld: /tmp/ccUwxjth.o:/home/senku/NestFuzz/afl-fuzz.h:270: multiple definition of queue_top'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:270: first defined here /usr/bin/ld: /tmp/ccUwxjth.o:/home/senku/NestFuzz/afl-fuzz.h:269: multiple definition of
queue_cur'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:269: first defined here
/usr/bin/ld: /tmp/ccUwxjth.o:/home/senku/NestFuzz/afl-fuzz.h:268: multiple definition of queue'; /tmp/ccU42CHR.o:/home/senku/NestFuzz/afl-fuzz.h:268: first defined here collect2: error: ld returned 1 exit status make: *** [Makefile:73: afl-fuzz] Error 1
I tried compiling it, but it fails.
Is there anything I miss?
Hi! I wrote a simple multithreading test program that compiles correctly with NestFuzz, but when running the binary, it encounters an error in loop_handlers. After debugging, I found that the issue arises from creating new threads within the loop, leading to a problem with loop_handler's stack unwinding. How can I fix these errors?
Here's the code for the test program:
#include <stdio.h>
#include <pthread.h>
void* threadFunction(void* arg) {
int threadId = *((int*)arg);
for (int i = 0; i < 5; i++) {
printf("Thread %d: %d\n", threadId, i);
}
pthread_exit(NULL);
}
int main() {
pthread_t threads[5];
int threadIds[5] = {1, 2, 3, 4, 5};
for(int i = 0; i < 5; i ++)
pthread_create(&threads[i], NULL, threadFunction, &threadIds[i]);
for (int i = 0; i < 5; i++)
pthread_join(threads[i], NULL);
return 0;
}
Here's the error message:
Thread 1: 0
Thread 2: 0
Thread 2: 1
Thread 1: 1
Thread 2: 2
Thread 4: 0
Thread 1: 2
Thread 3: 0
Thread 4: 1
Thread 1: 3
Thread 2: 3
Thread 4: 2
Thread 5: 0
Thread 3: 1
Thread 5: 1
Thread 3: 2
Thread 2: 4
Thread 3: 3
Thread 4: 3
thread '<unnamed>' panicked at runtime/src/loop_handlers.rs:599:21:
[ERR] :pop error! incorrect Hash 2781282620 #[ERR]
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
fatal runtime error: failed to initiate panic, error 5
The execution speed of multithreading can be random, so I suggest running it multiple times to observe the errors.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.