Hello, I was using American Fuzzy Lop (afl-fuzz) to fuzz input to the huo program on Linux. Is fixing the crash from this input file something you're interested in? The input file can be found here: https://github.com/rwhitworth/huo-fuzz/tree/master/2017-06-11
Its content is:
[9.;
The files can be executed as ./huo < id_filename to cause the assertion to fail.
Let me know if I can provide any more information to help narrow down this issue.
# ~/huo/huo < id\:000018\,sig\:06\,src\:000191\,op\:havoc\,rep\:2 ; gdb --batch --eval-command=bt ~/huo/huo core | less; rm core
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
56 ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
Core was generated by `/root/huo/huo'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007f419bae2067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#0 0x00007f419bae2067 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007f419bae3448 in __GI_abort () at abort.c:89
#2 0x00007f419badb266 in __assert_fail_base (fmt=0x7f419bc13f18 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x426df7 "get_token(pos, tokens).type != TOK_DOT", file=file@entry=0x426db8 "src/parser.c", line=line@entry=239, function=function@entry=0x426e1e "huo_ast *parse_int(size_t *, struct Tokens *)") at assert.c:92
#3 0x00007f419badb312 in __GI___assert_fail (assertion=0x426df7 "get_token(pos, tokens).type != TOK_DOT", file=0x426db8 "src/parser.c", line=239, function=0x426e1e "huo_ast *parse_int(size_t *, struct Tokens *)") at assert.c:101
#4 0x0000000000422995 in parse_int (pos=<optimized out>, tokens=<optimized out>) at src/parser.c:239
#5 0x00000000004220a9 in accept (pos=0x7ffcc00be318, tokens=0x7ffcc00be390, ret=<optimized out>, to_accept=<optimized out>) at src/parser.c:60
#6 parse_number (pos=0x7ffcc00be318, tokens=0x7ffcc00be390) at src/parser.c:269
#7 0x0000000000422d89 in accept (pos=0x7ffcc00be318, tokens=0x7ffcc00be390, ret=<optimized out>, to_accept=<optimized out>) at src/parser.c:60
#8 accept_any (ret=<optimized out>, pos=<optimized out>, tokens=<optimized out>, num_to_accept=<optimized out>, to_accept=<optimized out>) at src/parser.c:109
#9 parse_statement (pos=<optimized out>, tokens=<optimized out>) at src/parser.c:195
#10 accept (ret=<optimized out>, pos=<optimized out>, tokens=<optimized out>, to_accept=<optimized out>) at src/parser.c:60
#11 parse_array (pos=0x7ffcc00be318, tokens=0x7ffcc00be390) at src/parser.c:340
#12 0x00000000004216f5 in accept (pos=0x7ffcc00be318, tokens=0x7ffcc00be390, ret=<optimized out>, to_accept=<optimized out>) at src/parser.c:60
#13 parse_open_square (pos=0x7ffcc00be318, tokens=0x7ffcc00be390) at src/parser.c:365
#14 0x0000000000421029 in accept (pos=0x7ffcc00be318, tokens=0x7ffcc00be390, ret=<optimized out>, to_accept=<optimized out>) at src/parser.c:60
#15 accept_any (ret=<optimized out>, pos=<optimized out>, tokens=<optimized out>, num_to_accept=<optimized out>, to_accept=<optimized out>) at src/parser.c:109
#16 parse_statement (pos=<optimized out>, tokens=<optimized out>) at src/parser.c:195
#17 accept (ret=<optimized out>, pos=<optimized out>, tokens=<optimized out>, to_accept=<optimized out>) at src/parser.c:60
#18 parse_main (pos=0x7ffcc00be318, tokens=0x7ffcc00be390) at src/parser.c:157
#19 0x0000000000420a0f in accept (pos=<error reading variable: Cannot access memory at address 0x1a9b9>, tokens=0x7ffcc00be390, ret=<optimized out>, to_accept=<optimized out>) at src/parser.c:60
#20 parse (tokens=0x7ffcc00be390) at src/parser.c:133
#21 0x000000000041c99a in eval (string=<optimized out>, exec_bundle=0x1e4bc20) at src/execution_functions/evaluate.c:18
#22 0x000000000041e29c in apply_single_value_func (kwd_val=<optimized out>, exec_bundle=0x1e4bc20, value=0x7ffcc00be590) at src/apply_single_value_func.c:27
#23 0x00000000004234b7 in execute (exec_bundle=0x1e4bc20) at src/execute.c:73
#24 0x00000000004234a0 in execute (exec_bundle=0x1e4bc20) at src/execute.c:68
#25 0x000000000041ba7d in if_block (exec_bundle=0x1e4bc20) at src/execution_functions/if_block.c:18
#26 0x000000000041d2ad in apply_execution_function (kwd_val=<optimized out>, result=0x7ffcc00bed10, exec_bundle=0x1e4bc20) at src/apply_execution_function.c:33
#27 0x0000000000423230 in execute (exec_bundle=0x1e4bc20) at src/execute.c:47
#28 0x000000000041d773 in apply_execution_function (kwd_val=<optimized out>, result=0x7ffcc00bf180, exec_bundle=0x1e4bc20) at src/apply_execution_function.c:84
#29 0x0000000000423230 in execute (exec_bundle=0x1e4bc20) at src/execute.c:47
#30 0x000000000041c669 in while_loop (exec_bundle=0x1e4bc20) at src/execution_functions/while_loop.c:24
#31 0x000000000041d3fd in apply_execution_function (kwd_val=<optimized out>, result=0x7ffcc00bf690, exec_bundle=0x1e4bc20) at src/apply_execution_function.c:46
#32 0x0000000000423230 in execute (exec_bundle=0x1e4bc20) at src/execute.c:47
#33 0x000000000042481b in main (argc=<optimized out>, argv=<optimized out>) at src/huo.c:131
Hello, I was using American Fuzzy Lop (afl-fuzz) to fuzz input to the
huoprogram on Linux. Is fixing the crash from this input file something you're interested in? The input file can be found here: https://github.com/rwhitworth/huo-fuzz/tree/master/2017-06-11Its content is:
The files can be executed as
./huo < id_filenameto cause the assertion to fail.Let me know if I can provide any more information to help narrow down this issue.