search

AFLplusplus / Grammar-Mutator

A grammar-based custom mutator for AFL++
Apache License 2.0
215 stars 18 forks source link

core dump #2

Closed vanhauser-thc closed 4 years ago

vanhauser-thc commented 4 years ago

afl-fuzz coredumps in the grammar mutator with Program received signal SIGSEGV, Segmentation fault.

#0  0x00007ffff7fb6f56 in afl_custom_trim (data=0x555555647690, out_buf=0x7fffffffc638) at /prg/Grammar-Mutator/branches/dev/src/grammar_mutator.cpp:114
#1  0x0000555555562a20 in trim_case_custom (mutator=0x5555556459f0, in_buf=0x7ffff7ffb000 "30E-0", q=0x5555556d9f20, afl=0x5555555c0400) at src/afl-fuzz-mutators.c:277
#2  trim_case (afl=0x5555555c0400, q=0x5555556d9f20, in_buf=0x7ffff7ffb000 "30E-0") at src/afl-fuzz-run.c:629
#3  0x000055555558465d in fuzz_one_original (afl=0x5555555c0400) at src/afl-fuzz-one.c:526
#4  0x000055555555c82e in fuzz_one (afl=0x5555555c0400) at src/afl-fuzz-one.c:4731
#5  main (argc=<optimized out>, argv_orig=<optimized out>, envp=<optimized out>) at src/afl-fuzz.c:1278

command line was

# env|grep AFL
AFL_CUSTOM_MUTATOR_ONLY=1
AFL_CUSTOM_MUTATOR_LIBRARY=/prg/Grammar-Mutator/branches/dev/build/src/libgrammarmutator.so
# afl-fuzz -i in -o out -- ../../json-parser/test_json @@
h1994st commented 4 years ago

This is due to a wrong trimming step in the custom mutator. The latest commit solved this problem.