-
Notifications
You must be signed in to change notification settings - Fork 105
-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot combine afl.rs with asan when testing real world programs #470
Comments
Does that mean the program doesn't import the The Lines 49 to 52 in 462eff5
If those strings are not present, then AFLpluplus produces an error like you observed. Otherwise, afl.rs should work with ASAN (at least it did a few months ago). |
Yes, program doesn't import afl package. Because using afl.rs/afl/src/lib.rs fuzz api always uses persistent mode and needs some fuzzing driver. But I want to fuzz real applications without fuzz driver as traditional afl does. For example I want to fuzz such example without using fuzz!(|data:&[u8]|)
To do this, I build the program by using RUSTFLAGS="-Zsanitizer=address" cargo afl build. If I don't add RUSTFLAGS="-Zsanitizer=address" flag, there is no problem for fuzzing. But when I add such address sanitizer flag, there is problem. As you mentioned, if I use fuzz! api with ASAN by importing afl package, there is no problem because it uses persistent mode. I'm not sure but the reason for it is fuzz! api manually initialize fork server. So, when building the program using RUSTFLAGS="-Zsanitizer=address" cargo afl build, I think there is some incompatible problem between ASAN and some sancov-module pass. |
If you add this at the top of the file, is the outcome the same? #[allow(unused_imports)]
use afl::fuzz; |
Oh, now it works. Thank you very much! But I wonder why adding |
I'm not sure, to be honest. I would have said, "because it gets the strings into the binary." But I was able to observe the same behavior as you. It surprises me that Furthermore, I understand why you say this:
Let's please leave this issue open for now. |
Thank you for your help! |
Hi,
I'v stuck with a problem that I cannot combine afl.rs with asan when it deals with real world programs without any use of 'fuzz' macro that afl.rs serves.
This is the flags which are afl.rs is using. And if I build the program using "RUSTFLAGS="-Zsanitizer=address" cargo afl build" and run the afl fuzzing by "cargo afl fuzz -i in -o out target/debug/exectuable" it shows a problem like below
I think the pass (sancov-module) that afl.rs use is not compatible with asan with those flag options
I've tried changing opt-level to 0, but it still does not solve the problem. Is there any way to use afl.rs with asan ?
The text was updated successfully, but these errors were encountered: