vuzzer icon indicating copy to clipboard operation
vuzzer copied to clipboard

Published 20 hours ago verified publisher icon vusec

bug in eliminate_double_null leads to early exit

Open zjuchenyuan opened this issue 5 years ago • 1 comments 

computing MORECOM calculation...
[*] taintflow finished.
[*] Going for new generation creation.

in get_cut

offset 677
in get_cut

offset 51
[*] 0 offset set
in get_cut

offset 402
in get_cut

random offset 0
[*] 0 offset set
in get_cut

random offset 279
in get_cut

Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 810, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 763, in run
    self.__target(*self.__args, **self.__kwargs)
  File "runfuzzer.py", line 818, in main
    gau.createNextGeneration3(fitnes,genran)
  File "/vuzzer/gautils.py", line 455, in createNextGeneration3
    mch1= ga.mutate(ch1,sin1)
  File "/vuzzer/operators.py", line 294, in mutate
    result=self.r.choice(self.mutators)(self, original,fl)
  File "/vuzzer/operators.py", line 256, in double_fuzz
    return self.r.choice(self.mutators)(self, result,fl)
  File "/vuzzer/operators.py", line 256, in double_fuzz
    return self.r.choice(self.mutators)(self, result,fl)
  File "/vuzzer/operators.py", line 228, in eliminate_double_null
    cut_pos = original.find('\0\0', self.r.randint(0, size))
  File "/usr/lib/python2.7/random.py", line 240, in randint
    return self.randrange(a, b+1)
  File "/usr/lib/python2.7/random.py", line 216, in randrange
    raise ValueError, "empty range for randrange() (%d,%d, %d)" % (istart, istop, width)
ValueError: empty range for randrange() (0,0, 0)

the function eliminate_double_null is:

    def eliminate_double_null(self, original, fl,replacement = 'AA'):
        size = len(original) - 1
        cut_pos = original.find('\0\0', self.r.randint(0, size))
        if (cut_pos != -1):
            result = ''.join([original[:cut_pos], replacement, original[cut_pos + 2:]])
        else:
            return original
        #assert len(original) == len(result), "size changed on a null elmination change %d %d" % (len(original), len(result))
        return result

maybe, we should add a line:

if size <=0:
    return original

zjuchenyuan avatar Mar 23 '19 08:03 zjuchenyuan

thank you. I will check this out soon. currently busy in relocating to another country :)

tosanjay avatar Mar 31 '19 11:03 tosanjay