search

CERTCC / certfuzz

This project contains the source code for the CERT Basic Fuzzing Framework (BFF) and the CERT Failure Observation Engine (FOE).
https://vuls.cert.org/confluence/display/tools/CERT+BFF+-+Basic+Fuzzing+Framework
Other
265 stars 57 forks source link

struct.error: unpack requires a string argument of length 8 at drillresults\testcasebundle_base.py #26

Closed antnks closed 6 months ago

antnks commented 5 years ago

Fuzzing process randomly dies with the following Python exception:

2019-02-02 00:41:13,835 INFO certfuzz.minimizer.minimizer_base - Bytemap: ['0x23ab5a', '0x28c7ca']
2019-02-02 00:41:14,915 INFO certfuzz.testcase.testcase_base - crasher=0xd47e2db0.0xef1fa811 bitwise_hd=8
2019-02-02 00:41:14,917 INFO certfuzz.testcase.testcase_base - crasher=0xd47e2db0.0xef1fa811 bytewise_hd=2
2019-02-02 00:41:16,368 WARNING certfuzz.iteration.iteration_windows - WindowsIteration terminating abnormally due to error:
unpack requires a string argument of length 8
Traceback (most recent call last):
  File "bff.py", line 51, in <module>
    main()
  File "C:\BFF\certfuzz\bff\windows.py", line 22, in main
    bff()
  File "C:\BFF\certfuzz\bff\common.py", line 131, in go
    campaign.go()
  File "C:\BFF\certfuzz\campaign\campaign_base.py", line 537, in go
    self._do_interval()
  File "C:\BFF\certfuzz\campaign\campaign_base.py", line 512, in _do_interval
    self._do_iteration(sf, r, seednum)
  File "C:\BFF\certfuzz\campaign\campaign_windows.py", line 186, in _do_iteration
    iteration()
  File "C:\BFF\certfuzz\iteration\iteration_base.py", line 269, in go
    self.process_testcases()
  File "C:\BFF\certfuzz\iteration\iteration_base.py", line 260, in process_testcases
    pipeline.go()
  File "C:\BFF\certfuzz\tc_pipeline\tc_pipeline_base.py", line 299, in go
    self.analysis_pipeline.send(testcase)
  File "C:\BFF\certfuzz\tc_pipeline\tc_pipeline_base.py", line 121, in verify
    target.send(testcase)
  File "C:\BFF\certfuzz\tc_pipeline\tc_pipeline_base.py", line 135, in minimize
    target.send(testcase)
  File "C:\BFF\certfuzz\tc_pipeline\tc_pipeline_base.py", line 259, in recycle
    target.send(testcase)
  File "C:\BFF\certfuzz\tc_pipeline\tc_pipeline_base.py", line 149, in analyze
    self._analyze(testcase)
  File "C:\BFF\certfuzz\tc_pipeline\tc_pipeline_base.py", line 275, in _analyze
    analyzer_instance.go()
  File "C:\BFF\certfuzz\analyzers\drillresults\drillresults.py", line 83, in go
    tcb.go()
  File "C:\BFF\certfuzz\analyzers\drillresults\testcasebundle_base.py", line 69, in go
    self._parse_testcase()
  File "C:\BFF\certfuzz\analyzers\drillresults\testcasebundle_base.py", line 183, in _parse_testcase
    efaptr = struct.unpack('<Q', binascii.a2b_hex(faultaddr))
struct.error: unpack requires a string argument of length 8

I will try to add try/catch there to see if that helps

antnks commented 5 years ago

Few more details:

self.details['exceptions'][exceptionnum] = 

{
   'shortdesc':'GuardPage',
   'instructionline':'000007fe e6eacdc7 0f10441110      mov
ups  xmm0,xmmword ptr [rcx+rdx+10h] ds:00000000 27a6bff5=00000000000000000000000000000000',
   'pcmodule':'C:\\Windows\\system32\\VCRUNTIME140.dll',
   'classification':'EXPLOITABLE',
   'efa':'00000000000000000000000000000000'
}

So pretty much this is what heppening:

import struct
import binascii

struct.unpack('<Q', binascii.a2b_hex('00000000000000000000000000000000'))