aoh/radamsa

Inconsistent output with the --seek option

jeffball55 opened this issue · 2 comments

jeffball55 commented

It appears that radamsa gives incorrect output when used with the seek option as compared to without that option. I generated the below output with the latest version of radamsa on Github with on up-to-date Ubuntu 16.04.3:

$ printf "\x00\x00\x00\x00\x00\x00\x00\x00" | ./radamsa -s 3333 -n inf -o :8888 -v
Random seed: 3333
 - :8888/1 <- 127.0.0.1: 25b
 - :8888/2 <- 127.0.0.1: 11b
 - :8888/3 <- 127.0.0.1: 12b
 - :8888/4 <- 127.0.0.1: 9b
 - :8888/5 <- 127.0.0.1: 12b
 - :8888/6 <- 127.0.0.1: 36b
 - :8888/7 <- 127.0.0.1: 12b
 - :8888/8 <- 127.0.0.1: 15b
 - :8888/9 <- 127.0.0.1: 11b
 - :8888/10 <- 127.0.0.1: 23b
 - :8888/11 <- 127.0.0.1: 13b
 - :8888/12 <- 127.0.0.1: 7b
 - :8888/13 <- 127.0.0.1: 8b
 - :8888/14 <- 127.0.0.1: 10b
 - :8888/15 <- 127.0.0.1: 16b
 - :8888/16 <- 127.0.0.1: 8b
 - :8888/17 <- 127.0.0.1: 11b
 - :8888/18 <- 127.0.0.1: 13b
 - :8888/19 <- 127.0.0.1: 8b
 - :8888/20 <- 127.0.0.1: 5b
 - :8888/21 <- 127.0.0.1: 10b
 - :8888/22 <- 127.0.0.1: 9b
 - :8888/23 <- 127.0.0.1: 7b
 - :8888/24 <- 127.0.0.1: 6b
 - :8888/25 <- 127.0.0.1: 14b
 - :8888/26 <- 127.0.0.1: 8b
 - :8888/27 <- 127.0.0.1: 8b
 - :8888/28 <- 127.0.0.1: 5b
 - :8888/29 <- 127.0.0.1: 8b
 - :8888/30 <- 127.0.0.1: 7b
 - :8888/31 <- 127.0.0.1: 8b
 - :8888/32 <- 127.0.0.1: 9b
 - :8888/33 <- 127.0.0.1: 4b
 - :8888/34 <- 127.0.0.1: 45b

From another terminal:

$ for i in $(seq 1 34); do echo $i; nc 127.0.0.1 8888 | xxd; done 
1
00000000: 0000 f3a0 80ad f3a0 80f7 644c f3a0 8180  ..........dL....
00000010: b7f3 a081 b700 0000 00                   .........
2
00000000: 0000 e19a 8000 0000 0000 00              ...........
3
00000000: 0000 f3a0 81a6 0000 0000 0000            ............
4
00000000: 00f3 a081 0000 00c0 80                   .........
5
00000000: 0000 00f3 a081 a500 0000 0000            ............
6
00000000: 0000 0000 0081 8800 0000 0000 0000 0000  ................
00000010: 0000 00e4 0000 0031 9533 0084 3195 db95  .......1.3..1...
00000020: e2f4 a0db                                ....
7
00000000: 0000 0000 0000 00f3 a081 ae00            ............
8
00000000: 0000 00ed baad 005b 0000 f3a0 81a0 00    .......[.......
9
00000000: 0000 0000 00e3 85a4 0000 00              ...........
10
00000000: 816b f3a0 e1a0 8e81 93ac acac acf4 acf4  .k..............
00000010: e200 f400 0000 00                        .......
11
00000000: 0000 f3a0 8193 e280 ac00 0000 00         .............
12
00000000: 0000 0000 0000 00                        .......
13
00000000: 0000 0000 0000 0000                      ........
14
00000000: 0000 0000 0000 c300 0000                 ..........
15
00000000: 0000 0000 0000 00c0 8000 0000 8181 8181  ................
16
00000000: 0000 0000 0000 0010                      ........
17
00000000: 0000 0000 0400 0000 0400 00              ...........
18
00000000: 008a 0000 0000 0000 0000 0000 00         .............
19
00000000: 0000 0000 0000 0001                      ........
20
00000000: 0000 0000 00                             .....
21
00000000: 0000 0000 00c5 00c5 0000                 ..........
22
00000000: 0000 007e 0000 0000 00                   ...~.....
23
00000000: 0400 0000 0000 00                        .......
24
00000000: 0000 0000 0000                           ......
25
00000000: 0000 0000 0000 0000 0000 0000 0000       ..............
26
00000000: 00c0 8000 0000 8000                      ........
27
00000000: 0000 0000 0000 8000                      ........
28
00000000: 0100 0100 00                             .....
29
00000000: 0000 0000 0000 2000                      ...... .
30
00000000: 0020 0000 0000 00                        . .....
31
00000000: 0000 0000 0004 0000                      ........
32
00000000: 1400 0000 0000 0004 00                   .........
33
00000000: 38f6 2000                                8. .
34
00000000: 0073 0700 0000 00a0 f3a0 81e3 a0f3 80ba  .s..............
00000010: 0000 0010 a0f3 a080 f3a4 25f2 80ba 0002  ..........%.....
00000020: 0000 a0f3 a080 f3a0 f380 ba00 00         .............

Then trying to duplicate the last output, I do the following:

$ printf "\x00\x00\x00\x00\x00\x00\x00\x00" | ./radamsa -s 3333 -n inf -o :8888 -v -S 34
Random seed: 3333
 - :8888/34 <- 127.0.0.1: 8b

and from another terminal:

$ nc 127.0.0.1 8888 | xxd
00000000: 0000 0000 0004 0000                      ........

As can be seen, radamsa returns the 31st output rather than the 34th as expected. Further, comparing the output of

$ printf "\x00\x00\x00\x00\x00\x00\x00\x00" | ./radamsa -s 3333 -n inf -o :8888 -v
# Then from another terminal
$ for i in $(seq 1 34); do echo $i; nc 127.0.0.1 8888 | xxd; done

and

$ for i in $(seq 1 34); do printf "\x00\x00\x00\x00\x00\x00\x00\x00" | ./radamsa -s 3333 -n 1 -o :8888 -v -S $i; done
# Then from another terminal
$ for i in $(seq 1 34); do echo $i; nc 127.0.0.1 8888 | xxd; sleep 1; done # sleep needed to make sure radamsa is up

It appears that test case 16 is the first one to differ.

aoh commented

Great report, thanks! I'll have a look. Possibly the seek option doesn't play too well with the checksum filter, which is on by default in git...

aoh commented

Fixed in trunk. Seek was not applying the uniqueness filter. Feel free to reopen if you can still reproduce this somehow.

Thanks for the report.