Re: [afl-users] Error in Fuzzing

[Brandon Perry]

On Jun 13, 2017, at 5:05 AM, Khalegh Salehi <khaleg...@gmail.com> wrote:

Hi All
I found below error during fuzzing. I compiled the target with CC=afl-gcc , and the binary work as well. whe I want to fuzzing ( with instrumentation mod) below error abort fuzzing.

What does afl-showmap say? Maybe pass -m none.

afl@afl-virtual-machine:~/Downloads/afl-2.42b$ afl-fuzz  -i yy -o t2  /usr/local/bin/mtpaint   @@
afl-fuzz 2.42b by <lca...@google.com>
[+] You have 1 CPU core and 5 runnable tasks (utilization: 500%).
[*] Checking core_pattern...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'yy'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:in.dia'...

[-] PROGRAM ABORT : No instrumentation detected
         Location : perform_dry_run(), afl-fuzz.c:2854
also I use -Q in order to make sure AFL detected I compiled the mtpaint via CC flag.

afl@afl-virtual-machine:~/Downloads/afl-2.42b$ afl-fuzz  -i yy -o t2  -Q /usr/local/bin/mtpaint   @@
afl-fuzz 2.42b by <lca...@google.com>
[+] You have 1 CPU core and 4 runnable tasks (utilization: 400%).
[*] Checking core_pattern...
[*] Setting up output directories...
[+] Output directory exists but deemed OK to reuse.
[*] Deleting old session data...
[+] Output dir cleanup successful.
[*] Scanning 'yy'...
[+] No auto-generated dictionary tokens to reuse.
[*] Creating hard links for all input files...
[*] Validating target binary...

[-] This program appears to be instrumented with afl-gcc, but is being run in
    QEMU mode (-Q). This is probably not what you want - this setup will be
    slow and offer no practical benefits.

[-] PROGRAM ABORT : Instrumentation found in -Q mode
         Location : check_binary(), afl-fuzz.c:6906
Unfortunately I can not understand what's wrong...

--
You received this message because you are subscribed to the Google Groups "afl-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to afl-users+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Brandon Perry]

On Jun 13, 2017, at 11:40 AM, Khalegh Salehi <khaleg...@gmail.com> wrote:

On Tuesday, June 13, 2017 at 6:05:34 AM UTC-4, Khalegh Salehi wrote:

Hi All
I found below error during fuzzing. I compiled the target with CC=afl-gcc , and the binary work as well. whe I want to fuzzing ( with instrumentation mod) below error abort fuzzing.

-m 500 is crash again… 

I said -m none, not -m 500. I also said to try it with afl-showmap and see what it says.

[Jakub Wilk]

* Khalegh Salehi <khaleg...@gmail.com>, 2017-06-13, 12:50:
>afl-showmap 2.42b by <lca...@google.com>
>[*] Executing '/usr/bin/gedit'...

So is it gedit or mtpaint? Either way, a graphical application is a very bad
choice for fuzzing if you have no prior experience with AFL. Choose something
simple first.

>-- Program output begins --
>/usr/bin/gedit: error while loading shared libraries: libc.so.6: failed to
>map segment from shared object: Cannot allocate memory

It means there wasn't enough virtual memory to load the program.

You can use the -m option to override the memory limit. (Or, better, fuzz
something that is not a memory hog...)

--
Jakub Wilk