Floating point exception

[itemkelvin]

Since I didn't know how to use init-seeds, I used neuzz's instead. However, something happened.

$ ./fuzz -i in -o seeds -l 7403 ./size @@

num_index 4096 7402 small 2048 medium 4096 large 7402 mutation len: 7403 You have 4 CPU cores and 2 runnable tasks (utilization: 50%). Checking CPU core loadout... Found a free CPU core, binding to #0. Setting up output directories... Spinning up the fork server... All right - fork server is up.start of the fuzzing module avg 870 time out 20 cnt 522 sum 454459 .dry run 522 edge coverage 0. currect cnt: 0, gen_mutate start gradient fuzzing state: line_cnt 10 and edge num 2015 gradient fuzzing state: line_cnt 20 and edge num 2299 gradient fuzzing state: line_cnt 30 and edge num 2404 gradient fuzzing state: line_cnt 40 and edge num 2490 gradient fuzzing state: line_cnt 50 and edge num 2551 current cnt: 0, gen_mutate finished, starting havoc stage gen_mutate use time 324.000000s Floating point exception

I found that when function fuzz_lop function called function afl_grad_havoc_stage, UR() of which did not pay attention to the case of 0 parameter when taking the modular arithmetic.

Ubuntu 18.04 Linux 4.15.0-76-generic cmake 3.10.2 gcc 7.5.0 python 3.7 pytorch 1.3.1

[itemkelvin]

After I used AFL to generate some seeds for PreFuzz(It took about 10 mins. ), it didn't still work. The same exception occurred. The program being tested is readelf.

[itemkelvin]

I find that there is an overflow in variance frag_cur of function afl_grad_havoc_stage. Its value should range from 0 to 7. But there is a case where the value is 8, which results in the exception. It's so strange, becase there is another function named rand_frag_idx which constraints the value of frag_cur and makes it safe. I modified some code, which puts the value of frag_cur between 0 and 7. The program starts working normally.

[Tricker-z]

Hi

Thanks for raising the issue, now i fix the bug.