winafl icon indicating copy to clipboard operation
winafl copied to clipboard

Published 20 hours ago verified publisher icon googleprojectzero

Fuzzing FreeCAD

Open sasobadovinac opened this issue 6 years ago • 3 comments

I would like to make some first steps in to fuzzing for the FreeCAD project. I am able to start the fuzzer for the test.exe but for the program the following command is however always giving me timeouts (I have also tried some variations of the timers -t and -I). Any help would be great :)

afl-fuzz.exe -i in -o out -D C:\Users\user\Desktop\DynamoRIO-Windows-7.0.0-RC1\bin64 -t 20000 -- -coverage_module FreeCADCmd.exe -fuzz_iterations 5000 -target_module FreeCADCmd.exe -target_offset 0x34F0 -nargs 2 -- FreeCADCmd.exe @@

https://github.com/FreeCAD/FreeCAD/releases

sasobadovinac avatar Sep 09 '18 11:09 sasobadovinac

Hey, please use the debug mode first and check the log to see if the instrumentation is working correctly before attempting to run afl-fuzz. See the readme for more details.

ivanfratric avatar Sep 10 '18 08:09 ivanfratric

Thanks, got it working with the target_offset 0x1000 :) Next step is to get the first crash... Any tips? :)

sasobadovinac avatar Sep 13 '18 19:09 sasobadovinac

Depends on the target (with which I am fully unfamiliar). In general, a good input file corpus can help. And if the target uses a text format or contains some magic values, then using a dictionary might be a good idea.

ifratric avatar Sep 14 '18 08:09 ifratric