Fix using relative filename to find targets #116
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hello, I'm trying to reproduce CVE-2016-4487 using scripts/fuzz/cxxfilt-CVE-2016-4487.sh. However, I found that content in Ftargets.txt is incomplete. According to valgrind report, the CVE callstack should include following functions, but as I executed cxxfilt-CVE-2016-4487.sh, Ftargets.txt contains only several functions.
valgrind report
target locations in scripts/fuzz/cxxfilt-CVE-2016-4487.sh
actually Ftargets.txt
I dumped all values of
target_file
,target_line
,filename
,line
used to find theBBtarget
in llvm_mode/afl-llvm-pass.so.cc:344, and found that sometimes filename was relative filename. aflgo has already handled this problem when constructingbb_name
in llvm_mode/afl-llvm-pass.so.cc:331, but it seems that aflgo still tried to use relative filename to findBBtarget
in llvm_mode/afl-llvm-pass.so.cc:344, and may cause missing certain target locations. I removed the relative path for every filename, it seems to solve the problem.llvm_mode/afl-llvm-pass.so.cc
part of values of
target_file
,target_line
,filename
,line
using in llvm_mode/afl-llvm-pass.so.cc:344what I modified
fixed Ftargets.txt
By the way, I test on ubuntu 20.04. In my system scripts/fuzz/cxxfilt-CVE-2016-4487.sh:8 will write a
$
character to first line of BBtargets.txt and cause first target location can't be found. I'm not sure this problem exists in every system, but in my case I need to remove this$
character.