search

AFLplusplus / qemuafl

This fork of QEMU enables fuzzing userspace ELF binaries under AFL++.
https://aflplus.plus
Other
79 stars 43 forks source link

qasan aarch64 will hang when show ABORTING #31

Open candou1611 opened 2 years ago

candou1611 commented 2 years ago

There is simple code

int main(int argc, char **argv) {
  UNUSED_PARAMETER(argc);
  UNUSED_PARAMETER(argv);
  char buf[3];
  memset(buf, 0, 3);
  read(0, buf, 3);

  if (buf[0] == 'c') {
    printf("hit buf0\n");
    if (buf[1] == 'r') {
        printf("hit buf1\n");
        if (buf[2] == 'a') {
            printf("hit buf2\n");
            //test('D');
            //abort();
            char *buf = malloc(10);
            free(buf);
            free(buf);
        }
    }
  }
  return 0;
}

aarch64-linux-gnu-gcc test.c -o test

AFL_USE_QASAN=1 ./afl-qemu-trace ./test <<< "crash"

qasan may detect a UAF AddressSanitizer, but it will hang when show ABORTING.

mztesla commented 4 months ago

I've had this issue for a very long time and finally decided to debug it, it's super slow because of coredumps. Just disable them using ulimit and it will immediately exit:

ulimit -c 0