Open sitoras opened 4 weeks ago
Hi, I'm not sure why fuzzers cannot find any crashes. Can you verify that any inputs from target_injections/${target}/inputs
can trigger a crash? Also another reference for chaff bug validations is at target_injections/${target}/logs/inject-${trail}.log
. At the bottom of the log should show which input triggers which chaff bug.
I am trying to fuzz the target with injected chaff bugs (file-5.30). However, the fuzzer is unable to detect any of them; instead, it only encounters hangs and timeouts. I generated a fuzzing dictionary from strings extracted from the target program and one input file. I'm using AFL in QEMU mode to fuzz the binary with 3 CPUs, and I have been running the fuzzer for 48 hours. What could be an issue? I am using the buggy binary from
/chaff/target_injections/${target}/bugs/${target}/lava-install/bin
. Maybe I am using the wrong binary?Thank you!