qemuafl icon indicating copy to clipboard operation
qemuafl copied to clipboard

Published 20 hours ago verified publisher icon AFLplusplus

qasan aarch64 will hang when show ABORTING

Open candou1611 opened this issue 2 years ago • 1 comments

There is simple code

int main(int argc, char **argv) {
  UNUSED_PARAMETER(argc);
  UNUSED_PARAMETER(argv);
  char buf[3];
  memset(buf, 0, 3);
  read(0, buf, 3);

  if (buf[0] == 'c') {
    printf("hit buf0\n");
    if (buf[1] == 'r') {
        printf("hit buf1\n");
        if (buf[2] == 'a') {
            printf("hit buf2\n");
            //test('D');
            //abort();
            char *buf = malloc(10);
            free(buf);
            free(buf);
        }
    }
  }
  return 0;
}

aarch64-linux-gnu-gcc test.c -o test

AFL_USE_QASAN=1 ./afl-qemu-trace ./test <<< "crash"

qasan may detect a UAF AddressSanitizer, but it will hang when show ABORTING.

candou1611 avatar Apr 24 '22 07:04 candou1611

I've had this issue for a very long time and finally decided to debug it, it's super slow because of coredumps. Just disable them using ulimit and it will immediately exit:

ulimit -c 0

mztesla avatar Jun 11 '24 21:06 mztesla