Comments (14)
Hi @peach-byte,
You probably need to run the following command to install makeinfo:
sudo apt-get install texinfo
Best.
from aflgo.
The simplest way is to compile binutils with ASAN, then run cxxfilt + ASAN with all generated crashing inputs. You can compare ASAN's outputs with the expected type of bugs and bug traces.
mkdir obj-asan; cd obj-asan
CFLAGS="-fsanitize=address -DFORTIFY_SOURCE=2 -fstack-protector-all -fno-omit-frame-pointer -g -Wno-error" LDFLAGS="-ldl -lutil" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim --disable-ld
make clean; make
binutils/cxxfilt < id:000074,2607049,sig:11,src:001932,op:havoc,rep:2
from aflgo.
I have fuzzed this for 1 hours and aflgo generate 88 crashes.
I try to reproduce crashes in gdb but they exited normally!
I used these commands :gdb /home/ubuntu16/Documents/github-repos/binutils-gdb/obj-dist/binutils/cxxfilt r id:000074,2607049,sig:11,src:001932,op:havoc,rep:2
Starting program: /home/ubuntu16/Documents/github-repos/binutils-gdb/obj-dist/binutils/cxxfilt id:000074,2607049,sig:11,src:001932,op:havoc,rep:2 id:000074,2607049,sig:11,src:001932,op:havoc,rep:2 [Inferior 1 (process 2351) exited normally]
Am I right in reproducing?
I found out my mistake in running with gdb and this the correct command :
r **<** id:000074,2607049,sig:11,src:001932,op:havoc,rep:2
it will crash if I run it without gdb too.
./cxxfilt < id:000074,2607049,sig:11,src:001932,op:havoc,rep:2
Segmentation fault
from aflgo.
Hi,
Please provide your setup information e.g., your OS version and Clang/LLVM version.
from aflgo.
I'm using Arch Linux.
Clang : 6.0.0
My build steps are:
export CC =$AFLGO/afl-clang-fast
export CFLAGS = "-targets=$TMP_DIR/BBtargets.txt -outdir=$TMP_DIR -Wno-null-pointer-arithmetic -g -flto -fuse-ld=gold -Wno-error -Wl,-plugin-opt=save-temps"
cd binutils-2.26
./configure --disable-shared
make
it fails showing the error message:
/usr/bin/ld.gold: error: arlex.o: multiple definition of 'yylex'
/usr/bin/ld.gold: ar.o: previous definition here
/usr/bin/ld.gold: error: arlex.o: multiple definition of 'yywrap'
/usr/bin/ld.gold: ar.o: previous definition here
Using clang4.0 also, I'm not able to build it using the same build process. The error I get is:
clang (LLVM option parsing): for the -targets option: may only occur zero or one times!
clang (LLVM option parsing): for the -outdir option: may only occur zero or one times!
from aflgo.
Can you try Ubuntu 14.04 or Ubuntu 16.04 with Clang 3.8/4.0. We have not tested our tool on Arch Linux.
from aflgo.
On ubuntu 16.04:
clang -v : clang version 4.0.0-1ubuntu1~16.04.2 (tags/RELEASE_400/rc1)
llvm-config --version : 4.0.0
Error:
: CommandLine Error: Option 'asm-instrumentation' registered more than once!
LLVM ERROR: inconsistency in registered CommandLine options
Makefile:249: recipe for target 'libiberty.a' failed
EDIT:
Can you share the build commands used by you?
from aflgo.
Hi,
I face the same problem when clang detects the duplication of parameters. By adding "--disable-ld", I can fix this problem and fuzz cxxfilt to reproduce CVE-2016-4487.
Fuzzing script: https://github.com/strongcourage/aflgo/blob/master/scripts/fuzz/cxxfilt-CVE-2016-4487.sh
from aflgo.
Please re-open if you still face this issue.
from aflgo.
hello
I'm using your fuzzing script for binutils :cxxfilt-CVE-2016-4487.sh
but after the first make, I don't have binutils folder in obj-aflgo folder to run this command:
cd binutils; $AFLGO/scripts/genDistance.sh $SUBJECT $TMP_DIR cxxfilt
these are the last line for make command:
...
./chew -f ../../../bfd/doc/doc.str < ../../../bfd/doc/../linker.c >linker.tmp
test -e linker.texi || test ! -f ../../../bfd/doc/linker.texi || cp -p ../../../bfd/doc/linker.texi .
/bin/bash ../../../bfd/doc/../../move-if-change linker.tmp linker.texi
touch linker.stamp
./chew -f ../../../bfd/doc/doc.str < ../../../bfd/doc/../mmo.c >mmo.tmp
test -e mmo.texi || test ! -f ../../../bfd/doc/mmo.texi || cp -p ../../../bfd/doc/mmo.texi .
/bin/bash ../../../bfd/doc/../../move-if-change mmo.tmp mmo.texi
touch mmo.stamp
restore=: && backupdir=".am$$" && \
rm -rf $backupdir && mkdir $backupdir && \
if (/home/ubuntu16/Documents/github-repos/binutils-gdb/missing makeinfo --split-size=5000000 --split-size=5000000 --version) >/dev/null 2>&1; then \
for f in bfd.info bfd.info-[0-9] bfd.info-[0-9][0-9] bfd.i[0-9] bfd.i[0-9][0-9]; do \
if test -f $f; then mv $f $backupdir; restore=mv; else :; fi; \
done; \
else :; fi && \
if /home/ubuntu16/Documents/github-repos/binutils-gdb/missing makeinfo --split-size=5000000 --split-size=5000000 -I ../../../bfd/doc \
-o bfd.info `test -f 'bfd.texinfo' || echo '../../../bfd/doc/'`bfd.texinfo; \
then \
rc=0; \
else \
rc=$?; \
$restore $backupdir/* `echo "./bfd.info" | sed 's|[^/]*$||'`; \
fi; \
rm -rf $backupdir; exit $rc
/home/ubuntu16/Documents/github-repos/binutils-gdb/missing: 81: /home/ubuntu16/Documents/github-repos/binutils-gdb/missing: makeinfo: Permission denied
WARNING: 'makeinfo' is missing on your system.
You should only need it if you modified a '.texi' file, or
any other file indirectly affecting the aspect of the manual.
You might want to install the Texinfo package:
<http://www.gnu.org/software/texinfo/>
The spurious makeinfo call might also be the consequence of
using a buggy 'make' (AIX, DU, IRIX), in which case you might
want to install GNU make:
<http://www.gnu.org/software/make/>
Makefile:443: recipe for target 'bfd.info' failed
make[3]: *** [bfd.info] Error 127
make[3]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-aflgo/bfd/doc'
Making info in po
make[3]: Entering directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-aflgo/bfd/po'
make[3]: Nothing to be done for 'info'.
make[3]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-aflgo/bfd/po'
make[3]: Entering directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-aflgo/bfd'
make[3]: Nothing to be done for 'info-am'.
make[3]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-aflgo/bfd'
Makefile:1673: recipe for target 'info-recursive' failed
make[2]: *** [info-recursive] Error 1
make[2]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-aflgo/bfd'
Makefile:2710: recipe for target 'all-bfd' failed
make[1]: *** [all-bfd] Error 2
make[1]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-aflgo'
Makefile:845: recipe for target 'all' failed
make: *** [all] Error 2
I can not understand what is the problem?
Thank you
from aflgo.
Hi @peach-byte,
You probably need to run the following command to install makeinfo:
sudo apt-get install texinfo
Best.
Yes, it solved my problem.
Thank you
from aflgo.
I have fuzzed this for 1 hours and aflgo generate 88 crashes.
I try to reproduce crashes in gdb but they exited normally!
I used these commands :
gdb /home/ubuntu16/Documents/github-repos/binutils-gdb/obj-dist/binutils/cxxfilt
r id:000074,2607049,sig:11,src:001932,op:havoc,rep:2
Starting program: /home/ubuntu16/Documents/github-repos/binutils-gdb/obj-dist/binutils/cxxfilt id:000074,2607049,sig:11,src:001932,op:havoc,rep:2
id:000074,2607049,sig:11,src:001932,op:havoc,rep:2
[Inferior 1 (process 2351) exited normally]
Am I right in reproducing?
from aflgo.
The simplest way is to compile binutils with ASAN, then run cxxfilt + ASAN with all generated crashing inputs. You can compare ASAN's outputs with the expected type of bugs and bug traces.
mkdir obj-asan; cd obj-asan CFLAGS="-fsanitize=address -DFORTIFY_SOURCE=2 -fstack-protector-all -fno-omit-frame-pointer -g -Wno-error" LDFLAGS="-ldl -lutil" ../configure --disable-shared --disable-gdb --disable-libdecnumber --disable-readline --disable-sim --disable-ld make clean; make binutils/cxxfilt < id:000074,2607049,sig:11,src:001932,op:havoc,rep:2
Thank you to reply.
I tried to make it with ASAN but this is the result for make
command:
=================================================================
==31734==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 320000 byte(s) in 1 object(s) allocated from:
#0 0x7f1a1da2f961 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98961)
#1 0x401b4e in catbuf ../../../bfd/doc/chew.c:229
#2 0x4064a0 in read_in ../../../bfd/doc/chew.c:1464
#3 0x4068b7 in main ../../../bfd/doc/chew.c:1541
#4 0x7f1a1d5ed82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Direct leak of 20000 byte(s) in 1 object(s) allocated from:
#0 0x7f1a1da2f961 in realloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98961)
#1 0x401794 in catchar ../../../bfd/doc/chew.c:202
#2 0x40267a in remove_noncomments ../../../bfd/doc/chew.c:477
#3 0x4068d0 in main ../../../bfd/doc/chew.c:1542
#4 0x7f1a1d5ed82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Direct leak of 5000 byte(s) in 1 object(s) allocated from:
#0 0x7f1a1da2f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x40122f in init_string_with_size ../../../bfd/doc/chew.c:131
#2 0x40129d in init_string ../../../bfd/doc/chew.c:138
#3 0x4069e3 in main ../../../bfd/doc/chew.c:1551
#4 0x7f1a1d5ed82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Direct leak of 972 byte(s) in 111 object(s) allocated from:
#0 0x7f1a1da2f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x404ffe in nextword ../../../bfd/doc/chew.c:1194
#2 0x405d4f in compile ../../../bfd/doc/chew.c:1385
#3 0x406aec in main ../../../bfd/doc/chew.c:1562
#4 0x7f1a1d5ed82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Direct leak of 287 byte(s) in 19 object(s) allocated from:
#0 0x7f1a1da2f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x404ffe in nextword ../../../bfd/doc/chew.c:1194
#2 0x405c3f in compile ../../../bfd/doc/chew.c:1354
#3 0x406aec in main ../../../bfd/doc/chew.c:1562
#4 0x7f1a1d5ed82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Direct leak of 52 byte(s) in 26 object(s) allocated from:
#0 0x7f1a1da2f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x404ffe in nextword ../../../bfd/doc/chew.c:1194
#2 0x405dc3 in compile ../../../bfd/doc/chew.c:1388
#3 0x406aec in main ../../../bfd/doc/chew.c:1562
#4 0x7f1a1d5ed82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
Direct leak of 2 byte(s) in 1 object(s) allocated from:
#0 0x7f1a1da2f602 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x98602)
#1 0x404ffe in nextword ../../../bfd/doc/chew.c:1194
#2 0x405b4a in compile ../../../bfd/doc/chew.c:1337
#3 0x406aec in main ../../../bfd/doc/chew.c:1562
#4 0x7f1a1d5ed82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
SUMMARY: AddressSanitizer: 346313 byte(s) leaked in 160 allocation(s).
Makefile:801: recipe for target 'aoutx.stamp' failed
make[3]: *** [aoutx.stamp] Error 23
make[3]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-asan/bfd/doc'
Making info in po
make[3]: Entering directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-asan/bfd/po'
make[3]: Nothing to be done for 'info'.
make[3]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-asan/bfd/po'
make[3]: Entering directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-asan/bfd'
make[3]: Nothing to be done for 'info-am'.
make[3]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-asan/bfd'
Makefile:1673: recipe for target 'info-recursive' failed
make[2]: *** [info-recursive] Error 1
make[2]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-asan/bfd'
Makefile:2710: recipe for target 'all-bfd' failed
make[1]: *** [all-bfd] Error 2
make[1]: Leaving directory '/home/ubuntu16/Documents/github-repos/binutils-gdb/obj-asan'
Makefile:845: recipe for target 'all' failed
make: *** [all] Error 2
from aflgo.
Try this one: export ASAN_OPTIONS=detect_leaks=0
. You need to disable LeakSanitizer.
from aflgo.
Related Issues (20)
- cd: /aflgo: No such file or directory when sudo ./aflgo-build.sh HOT 1
- `cp $SUBJECT/test/dtd* in` happend the error HOT 1
- Building libav with aflgo HOT 3
- How do I debug AFLgo if I want to make improvements based on it? HOT 3
- Fail to build lua [lua.o: File format not recognized] HOT 1
- Can't test on aflgo on libxml2 HOT 4
- invalid syntax when execute gen_distance_fast.py HOT 1
- typo of AFLGO_PROFILER_FILE HOT 1
- Incorrect method of merge call graph HOT 2
- Some incorrect lines caused the script gen_distance_fast.py to abort.
- Can't build libxml2 HOT 1
- Function distance calculation differs from paper HOT 3
- Can afl-llvm-pass.so.cc:366 solve the same name issue of basic block? HOT 2
- Build sqlite by afl-clang-fast HOT 1
- Cannot observe the crash in simple C program HOT 1
- Build libxml2: C compiler cannot create executables
- cannot access 'TMP_DIR/dot-files': No such file or directory HOT 4
- How to direct to code in a shared library HOT 1
- Erros when generating distance file HOT 5
- Distance calculation optimization in distance.py
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aflgo.