search

google / honggfuzz

Security oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW based)
https://honggfuzz.dev
Apache License 2.0
3.04k stars 511 forks source link

external mutator breaking on osx #394

Open ploppelop opened 3 years ago

ploppelop commented 3 years ago

working: honggfuzz -t 3 -n 1 -e pdf -i pdf/ -Q -x -- /Applications/Adobe\ Acrobat\ Reader\ DC.app/Contents/MacOS/AdobeReader ___FILE___

breaking, adobe reader unable to process the input: honggfuzz -c ./donothing.sh -t 3 -n 1 -e pdf -i pdf/ -Q -x -- /Applications/Adobe\ Acrobat\ Reader\ DC.app/Contents/MacOS/AdobeReader ___FILE___

donothing.sh does what it says, nothing, just simulating external modification:

!/bin/sh

cat $1 > /tmp/bla cat /tmp/bla > $1 rm /tmp/bla

An equally useless external mutator in c causes similar problems: int main(){return 0;}

ploppelop commented 3 years ago

scratch the adobereader and osx part, same issue on linux with evince as test, input to the mutator is empty before it gets to process it:

#!/bin/sh
echo external mutator invoked with $1
file $1
dst=`file $1 | awk '{ print $5}'`
file $dst
cat $1 > bla
echo nullmodification
cat bla > $1

invoked with honggfuzz -c ./external.sh -s -t 2 -n 1 -e pdf -i pdf -Q -x -- /usr/bin/evince ___FILE___

-> external mutator invoked with /dev/fd/10 /dev/fd/10: symbolic link to /dev/shm/hfuzz.cpBN95 (deleted) /dev/shm/hfuzz.cpBN95: cannot open `/dev/shm/hfuzz.cpBN95' (No such file or directory) nullmodification