Race condition when target is very fast

Question

Race condition when target is very fast

Opened this issue 2 years ago · 0 comments

AFlnwe crashed while fuzzing:

[-] PROGRAM ABORT : Short read from input file
         Location : get_test_case(), afl-fuzz.c:468

When using -f .file the race condition is still present, it just crashes differently, because lseek returns -f because the .file was unlinked and not found.

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7dec859 in __GI_abort () at abort.c:79
#2  0x0000555555568196 in DFL_ck_alloc_nozero (size=4294967295) at alloc-inl.h:114
#3  DFL_ck_alloc (size=4294967295) at alloc-inl.h:136
#4  get_test_case (fsize=<optimized out>) at afl-fuzz.c:468
#5  0x000055555556856f in send_over_network () at afl-fuzz.c:578
#6  0x00005555555694cf in run_target (argv=0x7fffffffe980, timeout=40) at afl-fuzz.c:2687
#7  0x000055555556d10f in common_fuzz_stuff (argv=0x7fffffffe980, out_buf=0x5555556b7258 "\026\003\001", len=<optimized out>) at afl-fuzz.c:4906
#8  0x000055555556e902 in fuzz_one (argv=<optimized out>) at afl-fuzz.c:6774
#9  0x0000555555559bb8 in main (argc=29, argv=<optimized out>) at afl-fuzz.c:8396

The latter crash is not fixed by this one: tlspuffin@feaf31c

I fixed it using these two commits: