2019
2019
atomic_t usage应该是一个类似于引用计数的东西,置0了可能会导致kernel panic,虽然system没问题但是execve的话会kernel panic,应该不改变它的值,虽然不怎么影响exploit但是不是很好...
Fixes https://github.com/WebAssembly/wabt/issues/1922 Fixes https://github.com/WebAssembly/wabt/issues/1924 Fixes https://github.com/WebAssembly/wabt/issues/1929
Commit: `d8517aa922ddd3ffd6d7f28f00d2bb0f9853cf88` ## Reproduce Fuzzed Sample: [decomp_size_ge_nargs.zip](https://github.com/WebAssembly/wabt/files/8748269/decomp_size_ge_nargs.zip) Simplified Sample: ```bash $ cat simplified.wat (module (type (;0;) (func (param i32 i32) (result i32))) (func (;0;) (type 0) (param i32 i32) (result...
Commit: `83a226bcd1816c86fb1fcb0963c6a11e2c373aaf` ## Reproduce Sample: [interp_sig_index_oob.zip](https://github.com/WebAssembly/wabt/files/8789638/interp_sig_index_oob.zip) ```bash ./wasm-objdump -d interp_sig_index_oob.wasm ./wasm-interp --enable-tail-call interp_sig_index_oob.wasm ``` Output: ``` interp_sig_index_oob.wasm: file format wasm 0x1 Code Disassembly: 000063 func[0] : 000064: 01 7c |...
Commit: `d8517aa922ddd3ffd6d7f28f00d2bb0f9853cf88` ## Reproduce Fuzzed Sample: [wabt_decomp_is_name_assert.zip](https://github.com/WebAssembly/wabt/files/8750089/wabt_decomp_is_name_assert.zip) Simplified Sample: ``` $ cat simplified.wat (module (type (;0;) (func (result i64))) (func (;0;) (type 0) (result i64) global.get 0) (global (;0;) i64...
知乎观光团
**Describe the bug** In persistent mode, there are 2 ways to execute a test case: 1. When child process is not created, fork server will call `fork` to create a...
Hello, we are trying to use FirmWire for fuzzing. Based on the docker image provided, we also compile AFL++ with unicorn mode enabled as shown below. ``` RUN apt-get -y...
`ShannonEMU` also requires breakpoint here. https://github.com/FirmWire/FirmWire/blob/490163e6263edeebde11961d7b4a4f3690d5f4d0/firmwire/vendor/shannon/machine.py#L827 If `qemu.protocols.execution` is stopped, the execution will hang at breakpoint forever. This solves issue https://github.com/FirmWire/FirmWire/issues/26.
This bug can cause `"callsite_dominators"` to generate a key with wrong number, which will cause following error when running fuzzer. > thread 'main' panicked at 'Could not read cfg targets...