total paths found for a c program with a lot of if-else is only one.
35 views
Skip to first unread message
Divyanshu Nauni
Sep 8, 2022, 11:16:26 PM9/8/22
to afl-users
hi all,
when i am running a c program with a lot of if-else in the program using afl-gcc for instrumentation and afl-fuzz for fuzzing with a initial correct seed. But the total paths is only one showing on the fuzzer output. can anyone explain why this is the case?
Nikolay Shaplov
Sep 9, 2022, 1:48:25 PM9/9/22
to afl-users, Divyanshu Nauni
В письме от пятница, 9 сентября 2022 г. 06:16:25 MSK пользователь Divyanshu
Nauni написал:
First thing I would suggest you, it try to reproduce you case with really
simple program, like
void function_to_fuzz(char *str)
{
if (str[0] == 'C')
if (str[1] == 'R')
if (str[2] == 'A')
if (str[3] == 'S')
if (str[4] == 'H')
*(int*)0 = 0; /* This will casue segfault*/
}
If you still have 1 path, you have problems with your building environment.
If this simple program gives 4 pathes and one crash, then something wrong with
your program, or it's build scripts.
--
Nikolay Shaplov aka Nataraj
Fuzzing Engineer at Postgres Professional
Matrix IM: @dhyan:nataraj.su
Nauni написал:
simple program, like
void function_to_fuzz(char *str)
{
if (str[0] == 'C')
if (str[1] == 'R')
if (str[2] == 'A')
if (str[3] == 'S')
if (str[4] == 'H')
*(int*)0 = 0; /* This will casue segfault*/
}
If you still have 1 path, you have problems with your building environment.
If this simple program gives 4 pathes and one crash, then something wrong with
your program, or it's build scripts.
--
Nikolay Shaplov aka Nataraj
Fuzzing Engineer at Postgres Professional
Matrix IM: @dhyan:nataraj.su
Reply all
Reply to author
Forward
0 new messages