search

google / AFL

american fuzzy lop - a security-oriented fuzzer
https://lcamtuf.coredump.cx/afl/
Apache License 2.0
3.67k stars 631 forks source link

Is it normal that ubsan + afl does not find the integer overflow for this case? #132

Closed zhoulaifu closed 3 years ago

zhoulaifu commented 3 years ago

I have the following program in C, which triggers an overflow whenever the input integer is large enough. But I can not use AFL+ UBSAN to trigger this overflow automatically. 

#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
int main(void)
{
  int x = 0;
  if (scanf("%d", &x )!=1) return -1;

  //e.g. x = INT_MAX can trigger integer overflow
  x += 10000;
  printf("x = %i\n", x);
  return 0;
}

My command line is

afl-clang -fsanitize=undefined -fsanitize-undefined-trap-on-error ubsan.c \ && afl-fuzz -i /in -o out -- ./a.out

zhoulaifu commented 3 years ago

It seems I just need to wait :-)