Custom ASAN_OPTIONS set without abort_on_error=1

1,509 views
Skip to first unread message

Brandon Perry

unread,
Dec 27, 2016, 8:48:00 PM12/27/16
to afl-...@googlegroups.com
I have compiled a binary with ASAN and AFL instrumentation.

I have a crash, but attempting to minimize it results in a 0-length input because when the original crash isn’t present, LeakSanitizer throws it’s error causing AFL to still think the input is crashing the binary. Attempting to set ASAN_OPTIONS=detect_leaks=0 with afl-tmin results in the following error:

# ASAN_OPTIONS=detect_leaks=0 afl-tmin -i id:000066,sig:11,src:005645+005958,op:splice,rep:16 -o fdsa.min -- ~/asan/fuzz
afl-tmin 2.35b by <lca...@google.com>

[-] PROGRAM ABORT : Custom ASAN_OPTIONS set without abort_on_error=1 - please fix!
Location : set_up_environment(), afl-tmin.c:670

#

Any thoughts on disabling LeakSanitizer?

Michal Zalewski

unread,
Dec 27, 2016, 9:18:30 PM12/27/16
to afl-users
> [-] PROGRAM ABORT : Custom ASAN_OPTIONS set without abort_on_error=1 - please fix!
> Location : set_up_environment(), afl-tmin.c:670
>
> Any thoughts on disabling LeakSanitizer?

Hmm, the default ASAN_OPTIONS set by AFL include detect_leaks=0. Sure
you're not seeing something else?

In any case, you can customize ASAN_OPTIONS, you just need to include
several "mandatory" settings for AFL to work. Basically:

ASAN_OPTIONS='abort_on_error=1:symbolize=0:<your settings here>'

/mz

Brandon Perry

unread,
Dec 27, 2016, 9:19:34 PM12/27/16
to afl-...@googlegroups.com
> ASAN_OPTIONS='abort_on_error=1:symbolize=0:<your settings here>’

Ah, I see. I tried setting those as env vars, not ASAN options. Thanks a bunch.

>
> /mz
>
> --
> You received this message because you are subscribed to the Google Groups "afl-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to afl-users+...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

Reply all
Reply to author
Forward
0 new messages