Vuzzer does not consider programs reading stdin

[zjuchenyuan]

when command does not contain %s, vuzzer cannot run

We need write code to introduce is_stdin, and use subprocess pipe to send to the program.

Ideally, it would be better when in is_stdin mode, not each file need to be written to disk, reducing IO overhead.

[zjuchenyuan]

It seems not that easy to adapt to use stdin, as libdft require fd to be seekable

I have tried to add code for using stdin=open(tfl, 'rb') for subprocess.Popen call, and it can make execute work, but not execute2.

After try to force adding fd 0 to pin code libdft64/tools/libdft-dta.cpp: extern std::set<int> fdset; fdset.insert(0);

It turns to an infinite loop cosuming more and more memory, pintool.log:

Pin: pin-3.7-97619-0d0c92f4f
Copyright (c) 2003-2018, Intel Corporation. All rights reserved.
 In open
 in_dtracker_whitelist /etc/ld.so.cache
 Info ignoring fd 3
 In mmap 3 0
 close 3
 In open
 in_dtracker_whitelist /lib/x86_64-linux-gnu/libc-2.23.so
 Info ignoring fd 3
 In mmap -1 0
 In mmap 3 0
 In mmap 3 1835008
 In mmap -1 0
 close 3
 In mmap -1 0
 In mmap -1 0
 Setting taint 0 6bytes
 Error on lseeking 0

My current modification, https://github.com/zjuchenyuan/vuzzer64/commit/68a2ebba6899c21c824349e69265dfc03c78896a (Not working, do not use this code!!!)

Hope someone find out how to solve it.

[bjchan9an]

If source code is available, I added additional command line parameters and calling of freopen(), and successfully got the tainted information. But considering vuzzer is a binary-oriented fuzz tool, I’m not sure if it can help you