New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fuzzing lrzip CVE 2017-8846 with ASAN #77
Comments
Hi Sadullah, I think we build the tested program with ASAN only for the bug triage step to check whether the fuzzer found the expected bug (including the type of bug and the stack trace). In the instrumentation phase, you don't need to compile the tested program with ASAN (as it could modify the distances). To build 32-bit lrzip on a 64-bit machine, you can add "-m32" to CFLAGS/CXXFLAGS. Best. MD |
Hi, I had added -m32 option but it fails when configuring. "[-] PROGRAM ABORT: m32 is not supported by your compiler I guess some libraries may be missing but not quite sure which ones based on config.log since it is not explanatory :) Is it possible to run with -m32 option on your side if it won't take so much time for you? Thank you for the help. |
I can run the following script on my 64-bit machine. Also make sure you install some libaries
|
I noticed that I was missing afl-llvm-rt-32.o (due to missing dependiencies, make did not generate it). After installing a bunch of other 32-bit libraries, I could make 32-bit version work using your script and fuzz lrzip with AFLGo without ASAN. When I wanna compile with ASAN, I get this error: /usr/bin/ld: cannot find /usr/local/bin/../lib/clang/4.0.0/lib/linux/libclang_rt.asan-i386.a: No such file or directory I had followed this link to build llvm but I guess it did not compile 32-bit libraries for asan given that there is only 64 bit version of libclang_rt.asan-x86_64.a in that path. |
Yes, you need to have this library. On my computer, I found it here |
After recompiling llvm 4.0 for 32 bit, I got an error. Apparently, it was an old bug, and applying the patch in the folowing link fixed the issue. The link explains the issue as well. https://reviews.llvm.org/D44623?vs=on&id=145949#toc Now, I can fuzz 32-bit lrzip instrumented with ASAN. You can close the issue and thanks for the help. |
Cool! Glad to hear that. |
Hi,
I recently run the following script to fuzz lrzip:
https://github.com/aflgo/aflgo/blob/master/scripts/fuzz/lrzip-CVE-2017-8846.sh
I could successfully generate distance files, and fuzz the program with AFLGo on Ubuntu 18.04. I generated the binary both with and without ASAN support (when generating distance files, I did not set AFL_USE_ASAN as specified here). As expected, lrzip becomes extremely slow with ASAN (<1 exec/sec). I guess the only option here is to compile the binary with m32 which is not recognized by clang wrapper of AFLGo (afl-clang-fast) and ended up with a FATAL.
I see that you build all projects with ASAN support in the paper. Did you generate 32 binaries? If so, how can I compile lrzip as 32-bit on a 64 bit machine? Or, did you use any other tricks to fuzz with ASAN?
Thanks,
Sadullah
The text was updated successfully, but these errors were encountered: