On problem fuzzing the example programs in docker

[HiragiChi]

Hi Changhua, Thanks for the great work! I want to use the Selectfuzz to reach the indirect callers inside the target program but I encountered some problems when trying to fuzz using the sample script 9048.sh and objdump-CVE-2017-8392.sh. Both scripts will halt after Hamed: Finished PAG initialization... during compile time. When I stop this procedure manually (press ctrl+C), 9048.sh will proceed to run and generate a runnable executable xmllint but bjdump-CVE-2017-8392.sh will stop. However, when I started to fuzz xmllint, no new paths were found after 10 hours. I can successfully run libming-CVE-2018-8807.sh but I cannot figure out why 9048.sh and objdump-CVE-2017-8392.sh are not working... Can you give me some hints on how to solve this problem? Any help and suggestions are appreciated! Thanks in advance

[chluo1997]

Hi Yanting,

How long does it pause after Hamed: Finished PAG initialization... during compile time? In certain software, like Objdump, there's a delay (can be several dozen minutes, if I recall correctly) required for static analysis. I suggest waiting for some time to see if it can continue.

[chluo1997]

Hi, there are indeed some issues on Objdump. You can check https://github.com/cuhk-seclab/SelectFuzz/issues/19

[HiragiChi]

Hi Changhua, just checked. After #19 It works! Thanks for the message. Sorry, I did not work on this project for some time and thanks for the timely reply!