wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows and Linux user-mode (experimental!).
MIT License
1.46k
stars
131
forks
source link
Port I/O assertion in bochscpu causing client to crash #213
Hello! Just documenting this here because I ran into it while fuzzing a driver: port IO (in/out instructions) under bochs cause the fuzz client to crash due to a debug assertion in yrp604/bochscpu.
Assertion failed: false, file cabi/devices-cabi.cc, line 7
I don't really expect you to do anything about it, since it's not in your code, but I wanted to put it here just so others know it's something they might run into. Port I/O emulation is probably outside the scope of this project, but it would be nice to have a way to at least gracefully recover if port I/O is encountered in the target code, instead of crashing the client completely.
I'll noodle on a fix, but might submit a PR over at bochscpu to allow port I/O hooks or something. Open to suggestions.
Hello! Just documenting this here because I ran into it while fuzzing a driver: port IO (in/out instructions) under bochs cause the fuzz client to crash due to a debug assertion in yrp604/bochscpu.
Which points to this file that just hardcodes an
assert(false)
: https://github.com/yrp604/bochscpu/blob/5182099c74816c06d7ad4240b5ccf1fe60ca975a/cabi/devices-cabi.cc#L7I don't really expect you to do anything about it, since it's not in your code, but I wanted to put it here just so others know it's something they might run into. Port I/O emulation is probably outside the scope of this project, but it would be nice to have a way to at least gracefully recover if port I/O is encountered in the target code, instead of crashing the client completely.
I'll noodle on a fix, but might submit a PR over at bochscpu to allow port I/O hooks or something. Open to suggestions.