search

vusec / vuzzer64

This implements a 64-bit version of vusec/vuzzer fuzzing tool.
Apache License 2.0
175 stars 51 forks source link

some mutators exceptions like wrong randint #12

Open zjuchenyuan opened 5 years ago

zjuchenyuan commented 5 years ago 
[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/120.pdf /dev/null"', '120.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/138.pdf /dev/null"', '138.pdf', '0']
[*] Run complete..

Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 754, in run
    self.__target(*self.__args, **self.__kwargs)
  File "runfuzzer.py", line 753, in main
    gau.create_files(config.POPSIZE - filenum)
  File "/vuzzer64/fuzzer-code/gautils.py", line 230, in create_files
    ch1= ga.mutate(p1,fl)
  File "/vuzzer64/fuzzer-code/operators.py", line 296, in mutate
    result=self.r.choice(self.mutators)(self, original,fl)
  File "/vuzzer64/fuzzer-code/operators.py", line 258, in double_fuzz
    return self.r.choice(self.mutators)(self, result,fl)
  File "/vuzzer64/fuzzer-code/operators.py", line 170, in change_random_full
    cut_pos = self.r.randint(0, size - add_size)
  File "/usr/lib/python2.7/random.py", line 242, in randint
    return self.randrange(a, b+1)
  File "/usr/lib/python2.7/random.py", line 218, in randrange
    raise ValueError, "empty range for randrange() (%d,%d, %d)" % (istart, istop, width)
ValueError: empty range for randrange() (0,0, 0)

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/193.pdf /dev/null"', '193.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/192.pdf /dev/null"', '192.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/108.pdf /dev/null"', '108.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/125.pdf /dev/null"', '125.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/114.pdf /dev/null"', '114.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/184.pdf /dev/null"', '184.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/158.pdf /dev/null"', '158.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/104.pdf /dev/null"', '104.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/180.pdf /dev/null"', '180.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/119.pdf /dev/null"', '119.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/134.pdf /dev/null"', '134.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/148.pdf /dev/null"', '148.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/179.pdf /dev/null"', '179.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/127.pdf /dev/null"', '127.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/199.pdf /dev/null"', '199.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/128.pdf /dev/null"', '128.pdf', '0']
[*] Run complete..

[*] Just about to run  ['./run_2.sh', '"/d/p/normal/5.pdftotext /d/seed/pdf/183.pdf /dev/null"', '183.pdf', '0']
[*] Run complete..

computing MOSTCOM calculation...
[*] taintflow finished.
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
[*] 0 offset set
========================================
433099:17:48.174 - End Program
Elapsed time: 1:16:38.147
========================================
zjuchenyuan commented 5 years ago

I would suggest change mutate function, adding try-except:

    def mutate(self, original,fl):
        try:
            result=self.r.choice(self.mutators)(self, original,fl)
        except:
            print("[error] mutate1: self.r.choice(self.mutators)(self, original,fl)")
            traceback.print_exc()
            result = original
        while len(result)<3:
            try:
                result= self.r.choice(self.mutators)(self, original,fl)
            except:
                print("[error] mutate2: self.r.choice(self.mutators)(self, original,fl)")
                traceback.print_exc()
                result = original
        assert len(result)>2, "elimination failed to reduce size %d" % (len(result),)
        return result