untracer-afl segfault Ubuntu 18.04

Question

untracer-afl segfault Ubuntu 18.04

Closed this issue 5 years ago · 9 comments

ickyphuz commented 5 years ago

Hi, untracer-afl segfault's on Ubuntu 18.04.
it reports:

[] setting up tracer binary..
bad_alloc()
[] setting up basic block array..
segfault

target binary is compiled without PIE and installation went fine
which platform did you run it on?

Answer 1 · 2019-09-25T21:00:53.000Z

It should run on 18.04. What binary are you trying to run it on? I'd be happy to help troubleshoot.

Answer 2 · 2019-09-26T17:05:16.000Z

I tried a second time with a fresh Lubuntu 18.04 minimal image
the test target is imagemagick 'convert' tool. configure options are --disable-shared --disable-pthreads CFLAGS CXXFLAGS are -no-pie compiled with the untracer-clang untracer-clang++ binarys.
did i miss someting in my setup? tried a single input with an "a" as corpus but segfaults when setting ub the basic block array...

Answer 3 · 2019-09-26T19:16:42.000Z

What version of ImageMagick are you using?

Answer 4 · 2019-09-26T19:45:57.000Z

I'm playing around with version 7.0.8-66 and am getting segfaults too. In my out/ folder attempting to directly run the .tracer binary crashes with the following:

Inconsistency detected by ld.so: ../sysdeps/x86_64/dl-machine.h: 540: elf_machine_rela_relative: Assertion `ELFW(R_TYPE) (reloc->r_info) == R_X86_64_RELATIVE' failed!

Do you get the same issue? My guess is that this is a Dyninst bug unfortunately. :(

Answer 5 · 2019-09-27T21:58:11.000Z

i tried version 7 from github ( @ commit adf669269af5c16818a001c5a902e96e6bd0ebb9 from master)
i get the following:
----[ running untracer-afl ] -------------------------------------------
[] Setting up tracer binary...
UnTracerDyninst: /AFL/dyninst-9.3.2/dyninstAPI/src/codegen.C:508: void codeGen::realloc(unsigned int): Assertion `buffer_' failed.
[] Setting up basic block array...
Segmentation fault

----[ execute the tracer in the /out folder ] -------------------------------------------
$ ./convert.tracer
./convert.tracer: error while loading shared libraries: unexpected PLT reloc type 0x90909090

and the fuzz binary compile settings are:
Arch: amd64-64-little
RELRO: Partial RELRO
Stack: Canary found
NX: NX enabled
PIE: No PIE (0x400000)
FORTIFY: Enabled

Answer 6 · 2019-09-28T17:43:45.000Z

Yeah that looks to me like a Dyninst issue, I have no idea how to remedy it. Dyninst version 9.3.0 was stable for us but you might have better luck with the most recent one.

Answer 7 · 2019-09-28T18:53:01.000Z

i see, thanks for your help!

Answer 8 · 2019-09-30T05:58:20.000Z

Moving to dyninst 10.0.1.x (github master) might help.
the current dyninst state finally is better than the 9.3 one. (in my opinon)

Answer 9 · 2021-04-20T05:13:11.000Z

This original segfault issue should now be fixed in d695ca0.