Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A bug in Pin mode #86

Open
seviezhou opened this issue Feb 22, 2020 · 0 comments
Open

A bug in Pin mode #86

seviezhou opened this issue Feb 22, 2020 · 0 comments

Comments

@seviezhou
Copy link

When testing pin mode with tests/strcmp, I got the following error:

ERROR angora::search::cmpfn        > magic length is less than input length.

I studied this error and found the problem is in pin_mode/logger.h:

...

  void save_mb(u32 i, u32 arg1_len, u32 arg2_len, char *arg1, char *arg2) {
    if (i > 0) {
      mb_buf.push_bytes((char *)&i, 4);
      mb_buf.push_bytes((char *)&arg1_len, 4);
      mb_buf.push_bytes((char *)&arg2_len, 4);
      mb_buf.push_bytes(arg1, arg1_len);
      mb_buf.push_bytes(arg2, arg2_len);
      num_mb++;
    }
  };

  u32 save_cond(CondStmt &cond) {
    u32 i = num_cond;
    num_cond++;
    save_tag(cond.lb1);
    save_tag(cond.lb2);
    cond_buf.push_bytes((char *)&cond, sizeof(CondStmt));
    return i;
  }
};

#endif

In function save_cond, the num_cond is first assigned to i and then increase by one. And function save_mb only saves data when i > 0, so this will cause function FnHandler misses the first strcmp conditional statement. So angora::search::cmpfn can not get the correct magic bytes.
seviezhou added a commit to seviezhou/Angora that referenced this issue Feb 22, 2020
@seviezhou
Try to fix issue AngoraFuzzer#86
4bfc4a4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@seviezhou