AFL execution error AND Corpus Question
JustSomeQuestions opened this issue · 4 comments
pdftotextcc
`#include
#include
#include <stdint.h>
#include "PDFDoc.h"
#include "goo/gtypes.h"
#include "XRef.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
int lastPage = 0;
GString *user_pw = NULL;
GString *owner_pw = NULL;
GString *filename = NULL;
Object obj;
obj.initNull();
// stream is cleaned up when doc's destructor fires
MemStream *stream = new MemStream((char *)data, 0, size, &obj);
PDFDoc *doc = new PDFDoc(stream, owner_pw, user_pw);
if (doc->isOk() && doc->okToCopy()) {
lastPage = doc->getNumPages();
}
if (doc) { delete doc; }
return 0;
}`
Makefile Section:
Error Message
2024-03-01 12:38:42,356 - run_bot - ERROR - Afl exited with a non-zero exitcode: 1. Cannot recover.
NoneType: None
2024-03-01 12:38:42,358 - run_bot - ERROR - afl: engine encountered an error (target=pdftotext)
NoneType: None
I really don't know what is the reason for the error.
Would be nice if someone could have a look.
I had a Question:
Is it possible to give the fuzzing targets a custom corpus (Own corpus data)?
Is it possible to give the fuzzing targets a custom corpus (Own corpus data)?
looks like you can do this: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/#seed-corpus
I'm not sure about your afl error, can you confirm that running your fuzzer locally works as expected?
looks like you can do this: https://google.github.io/clusterfuzz/setting-up-fuzzing/libfuzzer-and-afl/#seed-corpus
Thanks. Totally overlooked
I'm not sure about your afl error, can you confirm that running your fuzzer locally works as expected?
I executed the file with afl-fuzz locally and it did run the fuzzer.
So I have tried it with 5 different harness.cc functions, but it didn't work.
Here are my details:
I run the server locally in my WSL (Ubuntu 20.04).
I run the bot locally in my WSL (Ubuntu 20.04).
DATA:
harness.cc:
`
#include <stddef.h>
#include <stdint.h>
int vuln(const uint8_t *data){
if(data[0]=='a'){
if(data[1]=='f'){
char *p=0;
*p=0x12;
}
if(data[1]=='l'){
int x=3;
x=x/0;
}
if(data[1]=='c'){
char d[10];
d[20]=0x34;
}
}
return 0;
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
vuln(data);
return 0;
}
`
-> Compile:
clang++ -fsanitize-coverage=trace-pc-guard -fsanitize=address -o demo demo_target.cc ~/AFLplusplus/libAFLDriver.a ~/AFLplusplus/afl-compiler-rt-64.o
OR (tried both)
clang++ -fsanitize=address -fsanitize-coverage=trace-pc-guard demo_target.cc FuzzingEngine.a -o demo
=> Works in the local fuzzer (afl-fuzz -i input -o ouput -m none ./demo):
UPLOAD:
- Put in zip with afl-fuzz and afl-showmap ( + Corpus zip) (tried it with and without corpus seed)
- Upload as described in documentation
ERROR:
2024-03-01 12:38:42,356 - run_bot - ERROR - Afl exited with a non-zero exitcode: 1. Cannot recover.
NoneType: None
2024-03-01 12:38:42,358 - run_bot - ERROR - afl: engine encountered an error (target=pdftotext)
NoneType: None
I don't see why this should throw any errors. Has anyone seen something similar or can reproduce this?
I started to debug the bot and the execution and found the error.
I was stupid, so my bad.
ERROR:
The Error was that i was running my bot in my WSL (Ubuntu 20.04) and it didn't have Permission to execute the fuzz-target / afl-fuzz / afl-showmap
It didn't have the right permissions for the bot folder so a solution is: (Might be overkill because they have all rights to read and wright and so on)
chmod -R 777 /directory/to/my/bot