AngoraFuzzer
Angora can't detect the crash, ANGORA_USE_ASAN=1 did not work either
I followed the steps showed on README.md and installed Angora on Ubuntu 18.04, LLVM 7.0. When I run "test.sh mini", all things go well, the result showed one crash found. But when I fuzz a test program, Angora showed that no crash had detected. In fact, some of the seeds in "output/queue" were able to trigger the crash of "Segmentation fault".
Then I found that, given the same input file, the binary compiled by "angora_clang" did not crash but the binary compiled by "gcc" or "clang" crashed.
Then I tried using "ANGORA_USE_ASAN=1 USE_FAST=1" to compile the fast version, however the sanitizer didn't work and no crash happened. Yet when I use clang's sanitizer, it worked normally.
Here is part of the code of the test program
// stack overflow is triggered as long as this function is executed
void bug1() {
printf("bug1\n");
char dst[64];
char* src = (char*)malloc(65535*sizeof(char));
memset(src, 'A', 65535);
memcpy(dst, src, 65535); // potential flaw
free(src);
}
Compiled with
ANGORA_USE_ASAN=1 USE_FAST=1 /path/to/angora_clang example.c -g -o exam_fast
USE_TRACK=1 /path/to/angora_clang example.c -g -o exam_track
Run with
echo core | sudo tee /proc/sys/kernel/core_pattern
/path/to/angora_fuzzer -i in -o output -t ./exam_track -- ./exam_fast @@
Hi zeqii, Thanks for the report,
Angora can't report this crash since it uses "-O3" optimization by default.
If you using clang -O3 options with clang to compile the program, it also can't trigger asan reports.
You can use
ANGORA_DONT_OPTIMIZE=1 ANGORA_USE_ASAN=1 ~/Angora/bin/angora-clang issue81.c -o issue81.fast
to disable optimization.
Thanks.
Hi zeqii, Thanks for the report,
Angora can't report this crash since it uses "-O3" optimization by default.
If you using clang
-O3options with clang to compile the program, it also can't trigger asan reports.You can use
ANGORA_DONT_OPTIMIZE=1 ANGORA_USE_ASAN=1 ~/Angora/bin/angora-clang issue81.c -o issue81.fastto disable optimization.
Thanks.
Thanks! It works!