Comments (5)
https://github.com/nautilus-fuzz/nautilus/blob/master/grammartec/src/tree.rs#L349 <- this looks pretty worrying to me. It seems there is something missing in the regex implementation.
the fu**y bits part just means that bit 4299 in the bitmap was nondeterministic. If you fuzz complex targets that is to be expected. Could be caused by all kinds of things: random GC stuff, different keys for keyed hash functions in hashmaps leading to different collision patterns etc.
from nautilus.
I think the quickfix would be to not use the regex stuff in you grammar for now. I will look into this
from nautilus.
should be fixed by 50a806b. If you can confirm this, please close this issue.
from nautilus.
Here's the grammar I use
#ctx.rule(NONTERM: string, RHS: string|bytes) adds a rule NONTERM->RHS. We can use {NONTERM} in the RHS to request a recursion..
ctx.rule("START","{IAC}")
ctx.rule("IAC", u"{CMD}{BLA}{LETTER}{STRING}{IAC}")
ctx.rule("IAC", u"")
ctx.rule("CMD", "\xff")
ctx.rule("CMD", "{BLA}")
ctx.rule("BLA", "\xff")
ctx.rule("BLA", "\xfe")
ctx.rule("BLA", "\xfd")
ctx.rule("BLA", "\xfc")
ctx.rule("BLA", "\xfb")
ctx.rule("BLA", "\xfa")
ctx.rule("BLA", "\xf9")
ctx.rule("BLA", "\xf8")
ctx.rule("BLA", "\xf7")
ctx.rule("BLA", "\xf6")
ctx.rule("BLA", "\xf5")
ctx.rule("BLA", "\xf4")
ctx.rule("BLA", "\xf3")
ctx.rule("BLA", "\xf2")
ctx.rule("BLA", "\xf1")
ctx.rule("BLA", "\xf0")
ctx.rule("BLA", "\xff\xfa\x18\x00{STRING}")
#ctx.regex("LETTER", "[\x00-\x41]")
ctx.regex("LETTER", "[\x00-\x36]\x00*")
#ctx.rule("STRING", "")
ctx.regex("STRING", "[\x00-\x7f]\x00")
#ctx.regex("STRING", "[\x10-\x7f]+\x00*")
from nautilus.
looks fixed with that last commit.
from nautilus.
Related Issues (20)
- Large path gap in ChakraCore fuzz HOT 1
- Hangup in php fuzz HOT 4
- Cannot generate grammar caused by panic HOT 1
- shmem error when fuzzing solidity HOT 1
- Bug in regex_mutator unicode generation
- `#![feature]` may not be used on the stable release channel
- regex_mutator always outputting empty strings HOT 2
- thread 'fuzzer_1' panicked at 'couldn't read child hello HOT 2
- does not compile with latest rust toolchains. HOT 12
- Cannot Compile Generator HOT 1
- Error while running the generator
- share memory config error HOT 1
- `regex_mutator::generate()` panics
- No path while fuzzing ChakraCore HOT 12
- Panicked while fuzzing HOT 7
- Regex mutator panics when producing u32 values above char::MAX
- Disable generation during fuzzing
- Support for specifying binary protocols/formats
- Add weights to grammar
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nautilus.