fails on symlink exe

[dwks]

I am not certain why, but when you pass a symlinked executable to afl-fuzz it errors out:

$ mkdir -p in out ; cp /bin/cat in
$ ./afl-fuzz -m none -i in -o out -- /usr/bin/readelf -Wa @@
[...]
[*] Validating target binary...
[*] Attempting dry run with 'id:000000,orig:seed'...

[-] PROGRAM ABORT : No instrumentation detected
         Location : perform_dry_run(), afl-fuzz.c:2860

On my system, /usr/bin/readelf is a symlink for /usr/bin/x86_64-linux-gnu-readelf. If I use one of these commands instead, it works:

$ ./afl-fuzz -m none -i in -o out -- /usr/bin/x86_64-linux-gnu-readelf -Wa @@
$ ./afl-fuzz -m none -i in -o out -- $(realpath /usr/bin/readelf) -Wa @@

I verified that the following patch also works.

diff --git a/afl/afl-fuzz.c b/afl/afl-fuzz.c
index 022caa4..bb40be5 100644
--- a/afl/afl-fuzz.c
+++ b/afl/afl-fuzz.c
@@ -7972,6 +7972,7 @@ int main(int argc, char** argv) {
   if (!out_file) setup_stdio_file();
 
   check_binary(argv[optind]);
+  argv[optind] = realpath(argv[optind], NULL);
 
   start_time = get_cur_time();

There seems to be only one syscall that refers to the executable:

strace ./afl-fuzz -m none -i in -o out -- /usr/bin/readelf -Wa @@ 2>&1 | grep readelf
execve("./afl-fuzz", ["./afl-fuzz", "-m", "none", "-i", "in", "-o", "out", "--", "/usr/bin/readelf", "-Wa", "@@"], 0x7ffdcdc5f910 /* 48 vars */) = 0
stat("/usr/bin/readelf", {st_mode=S_IFREG|0755, st_size=597056, ...}) = 0

However that corresponds to check_binary's first stat call, and that's not the problem. I tried fixing it there. Probably something is reading /proc/self/exe or something similar, I haven't found the true root cause. Hopefully you can find it, or maybe just adopt my small realpath patch.