Fuzzing with --mutate_cmd example failing
ryantxu1 opened this issue · 2 comments
After building honggfuzz and the contents of ./examples/badcode/targets, running the run-hongfuzz-on-badcode1-with-externalfuzzer.sh script returns an error.
./run-honggfuzz-on-badcode1-with-externalfuzzer.sh
Start time:'2022-03-23.13.14.18' bin:'targets/badcode1', input:'inputfiles', output:'inputfiles', persistent:false, stdin:false, mutation_rate:5, timeout:1, max_runs:0, threads:1, minimize:false, git_commit:380cf14962c64e3fa902d9442b6c6513869116ed
------------------------[ 0 days 00 hrs 00 mins 00 secs ]----------------------
Iterations : 0
Mode [1/3] : Feedback Driven Dry Run [0/2]
Target : targets/badcode1 ___FILE___
Threads : 1, CPUs: 12, CPU%: 14% [1%/CPU]
Speed : 0/sec [avg: 0]
Crashes : 0 [unique: 0, blocklist: 0, verified: 0]
Timeouts : 0 [1 sec]
Corpus Size : 0, max: 8,192 bytes, init: 2 files
Cov Update : 0 days 00 hrs 00 mins 00 secs ago
Coverage : edge: 0/0 [0%] pc: 0 cmp: 0
---------------------------------- [ LOGS ] ------------------/ honggfuzz 2.5 /-
Entering phase 1/3: Dry Run
Launched new fuzzing thread, no. #0
Entering phase 2/3: Switching to the Feedback Driven Mode
Entering phase 3/3: Dynamic Main (Feedback Driven Mode)
Traceback (most recent call last):
File "../externalfuzzers/lowBytesIncrease.py", line 10, in <module>
map = mmap.mmap(f.fileno(), 0)
ValueError: cannot mmap an empty file
[2022-03-23T13:14:19-0400][E][8704] subproc_System():506 Command '../externalfuzzers/lowBytesIncrease.py' returned with exit code 1
[2022-03-23T13:14:19-0400][E][8704] input_prepareExternalFile():700 Subprocess '../externalfuzzers/lowBytesIncrease.py' returned abnormally
[2022-03-23T13:14:19-0400][E][8704] fuzz_fetchInput():336 input_prepareExternalFile() failed
[2022-03-23T13:14:19-0400][F][8704] fuzz_fuzzLoop():404 Cound't prepare input for fuzzing
I'd like to see more specific examples on how to use python scripts to provide fuzzing input to honggfuzz with the --mutate_cmd option.
The script fails with file-size 0 (it cannot mmap a file). One option is to maybe check for it inside the python script, and if it's zero, to maybe increase the file size to 1, or to some other random value?
Yeah I created a small test script according to the two examples in the repo:
# test.py
import mmap
import os
import sys
import random
with open(sys.argv[1], "wb") as f:
f.write(b"Hello!\n")
with open(sys.argv[1], "r+b") as f:
mapped = mmap.mmap(f.fileno(), 0)
if (random.randint(1, 2) % 2):
mapped.write(b"Testing123")
else:
mapped.write(b"Foobar")
mapped.close()
This creates a file at the start so that bypasses the original mmap issue. Now running it with badcode, it still returns errors.
~/test/examples/badcode$ ../../honggfuzz -i inputfiles -c ../externalfuzzers/test.py -- targets/badcode1 ___FILE___
[2022-03-24T11:21:04-0500][F][9965] subproc_System():475 Couldn't execute '../externalfuzzers/test.py': Exec format error
[2022-03-24T11:21:04-0500][F][9966] subproc_System():475 Couldn't execute '../externalfuzzers/test.py': Exec format error
[2022-03-24T11:21:04-0500][F][9967] subproc_System():475 Couldn't execute '../externalfuzzers/test.py': Exec format error
[2022-03-24T11:21:04-0500][F][9968] subproc_System():475 Couldn't execute '../externalfuzzers/test.py': Exec format error
[2022-03-24T11:21:04-0500][E][9954] [2022-03-24T11:21:04-0500][F][9969] subproc_System():475 Couldn't execute '../externalfuzzers/test.py': Exec format error
subproc_System():506 Command '../externalfuzzers/test.py' returned with exit code 1
[2022-03-24T11:21:04-0500][E][9954] input_prepareExternalFile():700 Subprocess '../externalfuzzers/test.py' returned abnormally
[2022-03-24T11:21:04-0500][F][9970] [2022-03-24T11:21:04-0500][E][9954] subproc_System():475 fuzz_fetchInput():336 Couldn't execute '../externalfuzzers/test.py'input_prepareExternalFile() failed: Exec format error
[2022-03-24T11:21:04-0500][F][9954] fuzz_fuzzLoop():404 Cound't prepare input for fuzzing
[2022-03-24T11:21:04-0500][E][9955] subproc_System():506 Command '../externalfuzzers/test.py' returned with exit code 1
Are there any examples of an python external fuzzer working with honggfuzz??