SEGV on unknown address 0x000000000000 when fuzzing on android
1,044 views
Skip to first unread message
yog...@gmail.com
Mar 23, 2017, 4:07:55 AM3/23/17
to libfuzzer
I write a simple c file as blow in android,then build it include $(BUILD_FUZZ_TEST) to a EXECUTABLE binary file
#include <stdint.h>#include <stddef.h>
bool FuzzMe(const uint8_t *Data, size_t DataSize) { return DataSize >= 3 && Data[0] == 'F' && Data[1] == 'U' && Data[2] == 'Z' && Data[3] == 'Z'; // :‑<}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { FuzzMe(Data, Size); return 0;}
then I get the error as blow:
WARNING: Failed to find function "__sanitizer_get_coverage_pc_buffer".
INFO: Seed: 3778622487
INFO: A corpus is not provided, starting from an empty corpus
#0 READ units: 1 exec/s: 0
ASAN:DEADLYSIGNAL
=================================================================
[1m [31m==12311==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000000000 bp 0x007ff3c100c0 sp 0x007ff3c10090 T0)
[1m [0m==12311==Hint: pc points to the zero page.
==12311==The signal is caused by a READ memory access.
==12311==Hint: address points to the zero page.
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (<unknown module>)
==12311==ABORTING
artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Base64:
==12311== ERROR: libFuzzer: deadly signal
#0 0x7764e091c7 (/data/lib64/libclang_rt.asan-aarch64-android.so+0x7d1c7)
#1 0x590a8018eb (/data/local/tmp/fuzz_me+0xa8eb)
#2 0x590a8018af (/data/local/tmp/fuzz_me+0xa8af)
#3 0x7765ced4df ([vdso]+0x4df)
#4 0x7765b96187 (/system/lib64/libc.so+0x69187)
#5 0x7765b4a9cb (/system/lib64/libc.so+0x1d9cb)
#6 0x7764e16a6f (/data/lib64/libclang_rt.asan-aarch64-android.so+0x8aa6f)
#7 0x7764e1c4af (/data/lib64/libclang_rt.asan-aarch64-android.so+0x904af)
#8 0x7764e046e7 (/data/lib64/libclang_rt.asan-aarch64-android.so+0x786e7)
#9 0x7764e0478b (/data/lib64/libclang_rt.asan-aarch64-android.so+0x7878b)
#10 0x7764e03cef (/data/lib64/libclang_rt.asan-aarch64-android.so+0x77cef)
#11 0x7765ced4df ([vdso]+0x4df)
NOTE: libFuzzer has rudimentary signal handlers.
Combine libFuzzer with AddressSanitizer or similar for better crash reports.
SUMMARY: libFuzzer: deadly signal
artifact_prefix='./'; Test unit written to ./crash-da39a3ee5e6b4b0d3255bfef95601890afd80709
Konstantin Serebryany
Mar 23, 2017, 11:51:37 AM3/23/17
to yog...@gmail.com, libfuzzer
I don't have experience running libFuzzer on Android, so maybe others can help here.
>> WARNING: Failed to find function "__sanitizer_get_coverage_pc_buffer".
Note that you are most likely using an old version of libFuzzer:
Any mentions of __sanitizer_get_coverage_pc_buffer are gone from libFuzzer now.
--kcc
--
You received this message because you are subscribed to the Google Groups "libfuzzer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libfuzzer+unsubscribe@googlegroups.com.
To post to this group, send email to libf...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/libfuzzer/973d60ee-c8b0-46a5-b6fd-6cc23dba3b5f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Evgenii Stepanov
Mar 23, 2017, 2:56:30 PM3/23/17
to Konstantin Serebryany, yog...@gmail.com, libfuzzer
This is broken since the last llvm update. Eventually, BUILD_FUZZ_TEST
will use libFuzzer.a from toolchain prebuilts (which is not there
yet). For now, the workaround is replace the source under
external/llvm/lib/Fuzzer with the code from upstream at the revision
that matches the compiler (or simply tip of tree).
>> email to libfuzzer+...@googlegroups.com.
will use libFuzzer.a from toolchain prebuilts (which is not there
yet). For now, the workaround is replace the source under
external/llvm/lib/Fuzzer with the code from upstream at the revision
that matches the compiler (or simply tip of tree).
>> To post to this group, send email to libf...@googlegroups.com.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/libfuzzer/973d60ee-c8b0-46a5-b6fd-6cc23dba3b5f%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/libfuzzer/973d60ee-c8b0-46a5-b6fd-6cc23dba3b5f%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "libfuzzer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to libfuzzer+...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups
> "libfuzzer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> To post to this group, send email to libf...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/libfuzzer/CAGQ9bdzBFgbU3_xv%2ByGkjPU0qfQcQZ0i%3D9fQJRDTsfCzG1cp0w%40mail.gmail.com.
> To view this discussion on the web visit
yog...@gmail.com
Mar 24, 2017, 12:44:18 AM3/24/17
to libfuzzer
YES it's an old version of libFuzzer from Android source (AOSP)
Android build a static lib ,whose name is libLLVMFuzzer.a ,as libFuzzer on an old version of clang
To unsubscribe from this group and stop receiving emails from it, send an email to libfuzzer+...@googlegroups.com.
yog...@gmail.com
Mar 24, 2017, 12:47:57 AM3/24/17
to libfuzzer
thx for your reply~
I run the fuzzer on Android O.
the target will be added the libLLVMFuzzer.a when include BUILD_FUZZ_TEST ,and other CFLAGS.
I found that libLLVMFuzzer is denifed in external/llvm/lib/Fuzzer as you said.
cdsr...@gmail.com
Sep 20, 2017, 5:25:16 AM9/20/17
to libfuzzer
Hi,
I have the same error, have you fix this issue?
Dan Austin
Sep 20, 2017, 10:43:10 AM9/20/17
to cdsr...@gmail.com, libfuzzer
WARNING: Failed to find function "__sanitizer_get_coverage_pc_buffer".
Something isn't building/linking properly. Can you attach the Android.mk file for the fuzzer? Also, how did you build your fuzzer & what version of AOSP are you using?
--
You received this message because you are subscribed to the Google Groups "libfuzzer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libfuzzer+...@googlegroups.com.
To post to this group, send email to libf...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/libfuzzer/c30cc145-d330-43cb-b52f-8a862ded8304%40googlegroups.com.
Konstantin Serebryany
Sep 20, 2017, 10:10:39 PM9/20/17
to Dan Austin, cdsr...@gmail.com, libfuzzer
BTW, this is using a very old version of libFuzzer -- you are on your own there.
And in general, we don't really support libFuzzer on android yet :(
To unsubscribe from this group and stop receiving emails from it, send an email to libfuzzer+unsubscribe@googlegroups.com.
To post to this group, send email to libf...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/libfuzzer/c30cc145-d330-43cb-b52f-8a862ded8304%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "libfuzzer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libfuzzer+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/libfuzzer/CAMz%3DTJ%3DUSjEXXqiJzjsdHmbo2ORpGpaYGcChb%3DmEPTAXK5etmA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages