Coder Social home page Coder Social logo

Support Honggfuzz about casr HOT 3 CLOSED

ispras avatar ispras commented on August 25, 2024
Support Honggfuzz

from casr.

Comments (3)

mimicria avatar mimicria commented on August 25, 2024 2

При таком использовании: honggfuzz -i ./in --output ./out -W ./crash -e 'pl' -- ./perl5-5.39.2/perl ___FILE___ в каталоге out будут только новые входы, добавляющие покрытие, в crash сохранятся текущие файлы и аварийные завершения (вместо текущего каталога), можно отдельно добавить --crashdir для хранения отдельно крашей.
Вижу сложность в том, что конфигов/логов, аналогичных afl, не ведётся, может плохо искал. Есть вариант задать лог файл через --logfile, тогда в консоль вывода не будет, а в логфайле примерно так:

Start time:'2023-09-03.12.24.43' bin:'./perl5-5.39.2/perl', input:'./in', output:'./out', persistent:false, stdin:false, mutation_rate:5, timeout:1, max_runs:0>
^[[2J^[[500BEntering phase 1/3: Dry Run
Launched new fuzzing thread, no. #0
Launched new fuzzing thread, no. #1
Launched new fuzzing thread, no. #2
...

from casr.

mimicria avatar mimicria commented on August 25, 2024 2

Пример содержимого каталога crash при наличии аварийных завершений:

HONGGFUZZ.REPORT.TXT
'SIGABRT.PC.7ffff7c4275b.STACK.144056597.CODE.0.ADDR.0.INSTR.cmp____$0xfffffffffffff001,%rax.fuzz'
'SIGABRT.PC.7ffff7c4275b.STACK.c22371b97.CODE.0.ADDR.0.INSTR.cmp____$0xfffffffffffff001,%rax.fuzz'
'SIGBUS.PC.7ffff7c4275b.STACK.c22371b97.CODE.0.ADDR.0.INSTR.cmp____$0xfffffffffffff001,%rax.fuzz'
'SIGFPE.PC.7ffff7c4275b.STACK.c22371b97.CODE.0.ADDR.0.INSTR.cmp____$0xfffffffffffff001,%rax.fuzz'
'SIGILL.PC.7ffff7c4275b.STACK.c22371b97.CODE.0.ADDR.0.INSTR.cmp____$0xfffffffffffff001,%rax.fuzz'
'SIGSEGV.PC.5555557b5407.STACK.1830a73d1a.CODE.128.ADDR.0.INSTR.mov____(%rbx),%r13.fuzz'
'SIGSEGV.PC.5555557d35f3.STACK.fd96546b1.CODE.1.ADDR.0.INSTR.movb___$0x0,(%rcx,%rax,1).fuzz'
'SIGSEGV.PC.5555558dad14.STACK.1b943779d1.CODE.1.ADDR.8.INSTR.movzbl_(%r15),%r12d.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.128.ADDR.0.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.28.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.37.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.38.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.5000.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.58.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.5e.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.5f4ef628.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.60.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.68.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.78.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.1.ADDR.f8.INSTR.movdqu_(%rax),%xmm4.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.128.ADDR.0.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.1.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.28.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.38.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.4000.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.48.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.5009.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.5013.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.8.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.c1.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.c8.INSTR.mov____(%rsi),%cl.fuzz'
'SIGSEGV.PC.7ffff7cc4a3f.STACK.ce1fea97b.CODE.1.ADDR.f8.INSTR.mov____(%rsi),%cl.fuzz'

Пример содержимого HONGGFUZZ.REPORT.TXT:

=====================================================================
TIME: 2023-04-15.03:50:23
=====================================================================
FUZZER ARGS:
 mutationsPerRun : 5
 externalCmd     : NULL
 fuzzStdin       : FALSE
 timeout         : 1 (sec)
 ignoreAddr      : (nil)
 ASLimit         : 0 (MiB)
 RSSLimit        : 0 (MiB)
 DATALimit       : 0 (MiB)
 wordlistFile    : /home/user/fuzz/perl-hrom/dict/perl.dict
 dynFileMethod   :
 fuzzTarget      : /home/user/Projects/perl-hr/perl-5.30.3_hf/perl ___FILE___
CRASH:
DESCRIPTION:
ORIG_FNAME: 092c948505c79f7176b61b867f70692f.00000319.honggfuzz.cov
FUZZ_FNAME: /home/user/fuzz/perl-hrom/hongcrash/SIGSEGV.PC.7ffff7cba9fa.STACK.1937e6edcc.CODE.128.ADDR.0.INSTR.movdqu_(%rax),%xmm4.fuzz
PID: 3144931
SIGNAL: SIGSEGV (11)
PC: 0x7ffff7cba9fa
FAULT ADDRESS: 0x0
INSTRUCTION: movdqu_(%rax),%xmm4
STACK HASH: 0000001937e6edcc
STACK:
 <0x00005555557eb09e> [func:UNKNOWN file: line:0 module:/home/user/Projects/perl-hr/perl-5.30.3_hf/perl]
 <0x0000555555927b64> [func:UNKNOWN file: line:0 module:/home/user/Projects/perl-hr/perl-5.30.3_hf/perl]
 <0x0000555555935c8b> [func:UNKNOWN file: line:0 module:/home/user/Projects/perl-hr/perl-5.30.3_hf/perl]
 <0x000055555579b49e> [func:UNKNOWN file: line:0 module:/home/user/Projects/perl-hr/perl-5.30.3_hf/perl]
 <0x000055555564e489> [func:UNKNOWN file: line:0 module:/home/user/Projects/perl-hr/perl-5.30.3_hf/perl]
 <0x000055555564e28b> [func:UNKNOWN file: line:0 module:/home/user/Projects/perl-hr/perl-5.30.3_hf/perl]
 <0x00005555555cdfe6> [func:UNKNOWN file: line:0 module:/home/user/Projects/perl-hr/perl-5.30.3_hf/perl]
 <0x00007ffff7c29d90> [func:UNKNOWN file: line:0 module:/usr/lib/x86_64-linux-gnu/libc.so.6]
 <0x00007ffff7c29e40> [func:UNKNOWN file: line:0 module:/usr/lib/x86_64-linux-gnu/libc.so.6]
 <0x00005555555a5515> [func:UNKNOWN file: line:0 module:/home/user/Projects/perl-hr/perl-5.30.3_hf/perl]
=====================================================================

from casr.

hkctkuy avatar hkctkuy commented on August 25, 2024

Hi, @mimicria!
It seems like we can just use casr-libfuzzer for honggfuzz crashes. I checked it with some ASAN crashes not received from honggfuzz and fuzz-target built with honggfuzz compilers and it seems good.

casr-libfuzzer usage example for freeimage:

casr-libfuzzer -o out -i crashes -- /load_from_memory_tiff_fuzzer @@

from casr.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.