-
Notifications
You must be signed in to change notification settings - Fork 105
-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is there any proper way to combine address sanitizer(ASAN) with afl.rs? #178
Comments
same question |
I think this may be an optimization issue. I tried the following modification of the above code (note the uses of use afl::fuzz;
fn main() {
fuzz!(|_data: &[u8]| {
let new_data = [1, 2, 3];
foobar(new_data.as_ptr() as usize);
let y = unsafe { *new_data.as_ptr().offset(4) };
foobar(y);
});
}
#[inline(never)]
fn foobar(y: usize) {
dbg!(y);
} I compiled with the following command: RUSTFLAGS=-Zsanitizer=address cargo +nightly afl build -Zbuild-std --target x86_64-unknown-linux-gnu I then ran the resulting executable directly, and typed
However, if you comment out either use of |
I've noticed that when I compile two files using RUSTFLAGS=-Zsanitizer=address cargo afl build -Zbuild-std --target x86_64-unknown-linux-gnu --bin=demo and RUSTFLAGS=-Zsanitizer=address cargo build -Zbuild-std --target x86_64-unknown-linux-gnu --bin=demo, there seems to be something missing related to ASan in the version built with cargo afl build. This might be due to optimization settings. How can I disable optimizations during the build process? |
Try
Line 249 in 4b1bb77
But user flags are added at the end: Line 311 in 4b1bb77
And based on my experiments, rustc is smart enough to ignore the former and use the latter. |
thanks a lot, I've resolved the issue,this is an optimization issue. i rebuild cargo-afl with afl.rs/cargo-afl/src/main.rs Line 249 in 4b1bb77
then it worked。 |
I'm glad to hear that it worked. But I should have been more precise in my answer. If you try:
I think it should work without having to rebuild cargo-afl. |
no,if just run RUSTFLAGS='-C opt-level=0' cargo afl build ... , it did not work. emm maybe because of user flags are added at the end |
@StevenJiang1110 Since you opened this issue, would you consider it resolved? |
I've found that ASan can affect the stability and execution efficiency of fuzzing, and it seems that ASan still has some strange issues. |
@smoelius. By learning from the above discussion, I thought the original problem is solved. Glad to see this crate is actively maintained again. Thanks a lot. |
@0xfocu5 I am happy to look into "strange issues" :), but I would need specifics, and steps to reproduce the issues. |
I want to use afl.rs to test some unsafe rust code, however, combining ASAN with afl.rs seems to have some problem.
For example, I have fuzz target as follows, which contains stack buffer overflow bug that can be detected by ASAN
I build the project by
and I run the target by
RUSTFLAGS=-Zsanitizer=address cargo afl fuzz -i in -o out -m none target/x86_64-unknown-linux-gnu/debug/afl_with_sanitizer
The build target seems to contain ASAN code, for I use recidivm to estimates the target program's peak virtual memory and is about 20TB.
But when I fuzz it, it seems the error can not be detected, and the stability is very low(about 25%). I wonder if there is any proper way to combine afl.rs with ASAN. Thanks a lot.
The text was updated successfully, but these errors were encountered: