Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIGSEGV compiling afl-coverage for examples/hello.rs #18

Closed
tbg opened this issue Oct 26, 2015 · 5 comments
Closed

SIGSEGV compiling afl-coverage for examples/hello.rs #18

tbg opened this issue Oct 26, 2015 · 5 comments

Comments

@tbg
Copy link
Contributor

tbg commented Oct 26, 2015

@bb80fc56f5ba096406c61f1790886d8edce878c9, $(which rustc) == /Users/tschottdorf/rust/rust/x86_64-apple-darwin/stage2/bin/rustc @ 1.0.0-beta-6833-g079f384:

$ cargo build --example hello --verbose
       Fresh gcc v0.3.19
       Fresh byteorder v0.3.13
   Compiling afl-coverage v0.0.1 (file:///Users/tschottdorf/rust/afl.rs)
     Running `/Users/tschottdorf/rust/afl.rs/target/debug/build/afl-coverage-f64ebee15259fa44/build-script-build`
       Fresh afl-coverage-plugin v0.0.1 (file:///Users/tschottdorf/rust/afl.rs)
     Running `rustc src/lib.rs --crate-name afl_coverage --crate-type lib -g --out-dir /Users/tschottdorf/rust/afl.rs/target/debug --emit=dep-info,link -L dependency=/Users/tschottdorf/rust/afl.rs/target/debug -L dependency=/Users/tschottdorf/rust/afl.rs/target/debug/deps -L native=/Users/tschottdorf/rust/afl.rs/target/debug/build/afl-coverage-f64ebee15259fa44/out -L native=/Users/tschottdorf/rust/afl.rs/target/debug/build/afl-coverage-f64ebee15259fa44/out -l static=afl-llvm-rt`
     Running `rustc examples/hello.rs --crate-name hello --crate-type bin -g --out-dir /Users/tschottdorf/rust/afl.rs/target/debug/examples --emit=dep-info,link -L dependency=/Users/tschottdorf/rust/afl.rs/target/debug -L dependency=/Users/tschottdorf/rust/afl.rs/target/debug/deps --extern byteorder=/Users/tschottdorf/rust/afl.rs/target/debug/deps/libbyteorder-3e27c88aa235985f.rlib --extern afl_coverage_plugin=/Users/tschottdorf/rust/afl.rs/target/debug/deps/libafl_coverage_plugin-a9b7f43301ffb1fc.dylib --extern afl_coverage=/Users/tschottdorf/rust/afl.rs/target/debug/libafl_coverage.rlib -L native=/Users/tschottdorf/rust/afl.rs/target/debug/build/afl-coverage-f64ebee15259fa44/out -L native=/Users/tschottdorf/rust/afl.rs/target/debug/build/afl-coverage-f64ebee15259fa44/out`
afl-llvm-pass 1.77b by <lszekeres@google.com>
Could not compile `afl-coverage`.

Caused by:
  Process didn't exit successfully: `rustc examples/hello.rs --crate-name hello --crate-type bin -g --out-dir /Users/tschottdorf/rust/afl.rs/target/debug/examples --emit=dep-info,link -L dependency=/Users/tschottdorf/rust/afl.rs/target/debug -L dependency=/Users/tschottdorf/rust/afl.rs/target/debug/deps --extern byteorder=/Users/tschottdorf/rust/afl.rs/target/debug/deps/libbyteorder-3e27c88aa235985f.rlib --extern afl_coverage_plugin=/Users/tschottdorf/rust/afl.rs/target/debug/deps/libafl_coverage_plugin-a9b7f43301ffb1fc.dylib --extern afl_coverage=/Users/tschottdorf/rust/afl.rs/target/debug/libafl_coverage.rlib -L native=/Users/tschottdorf/rust/afl.rs/target/debug/build/afl-coverage-f64ebee15259fa44/out -L native=/Users/tschottdorf/rust/afl.rs/target/debug/build/afl-coverage-f64ebee15259fa44/out` (signal: 11)

I've tried lldb to get more info about the segfault as in #11 but I can't just re-run the failing command (it needs the right env, I think) and wasn't versed enough to get lldb to attach to the forked child in cargo build. Pointers appreciated.
@tbg
Copy link
Contributor Author

tbg commented Oct 26, 2015

ok, complete lie about lldb. Here's something:

Process 70430 launched: '/Users/tschottdorf/rust/rust/x86_64-apple-darwin/stage2/bin/rustc' (x86_64)
afl-llvm-pass 1.77b by <lszekeres@google.com>
Process 70430 stopped
* thread #2: tid = 0x4c764, 0x0000000102f14efe librustc_llvm-bb943c5a.dylib`llvm::PointerType::get(llvm::Type*, unsigned int) + 30, name = 'rustc', stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
    frame #0: 0x0000000102f14efe librustc_llvm-bb943c5a.dylib`llvm::PointerType::get(llvm::Type*, unsigned int) + 30
librustc_llvm-bb943c5a.dylib`llvm::PointerType::get:
->  0x102f14efe <+30>: movq   (%rax), %r14
    0x102f14f01 <+33>: testl  %r13d, %r13d
    0x102f14f04 <+36>: je     0x102f14f5a               ; <+122>
    0x102f14f06 <+38>: leaq   0x770(%r14), %rbx

@tbg tbg changed the title SIGSEGV compiling afl-coverage SIGSEGV compiling afl-coverage for examples/hello.rs Oct 26, 2015
@frewsxcv
Copy link
Member

A couple suggestions:

  1. Could you try using this revision with rustc? It's the revision I use and it seems to work alright for the time being
  2. Alternatively, use my Vagrantfile (with Vagrant) in this PR. It should set up all the dependencies to be in a working state.

I'm working on the documentation and a small tutorial to make this process easier since I know it is not at easy at the moment (mostly thanks to the issue in #11 which I will need to look into eventually). Please report back!

@frewsxcv
Copy link
Member

There's no reason to have the Vagrantfile sitting in a PR, so I merged it in. You can find it in the etc folder

https://github.com/frewsxcv/afl.rs/blob/master/etc/Vagrantfile

@tbg
Copy link
Contributor Author

tbg commented Oct 26, 2015

Thanks @frewsxcv, running it at rust-lang/rust@717e8831b did the trick.
If this is a duplicate of #11, feel free to close this.

@frewsxcv
Copy link
Member

Glad to hear it worked out! Hopefully I'll get some better documentation done soon...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@frewsxcv @tbg