Project

General

Profile

Actions

Bug #1937

closed

rules: crashes and hangs reported by AFL+ASAN

Added by Xiangyu Bu about 8 years ago. Updated over 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Affected Versions:
Effort:
low
Difficulty:
medium
Label:

Description

The attached tarball contains about 1000 crashes and 380 hangs found by AFL+ASAN when fuzzing --afl-rules argument.

For each crash / hang the associated output is also attached.

The --build-info of the Suricata binary is included in the text file.

Compiler: clang-3.9.

Suricata: 3.2dev, last commit is

commit c6134e007e0785bc9a3ef5b524fd03adf7fa2c09
Author: Victor Julien <victor@inliniac.net>
Date:   Wed Oct 12 12:30:19 2016 +0200
    doc: app-layer tls including no-reassemble

Please contact me if more info is needed.


Files

suricata_build_info.txt (2.88 KB) suricata_build_info.txt Xiangyu Bu, 10/26/2016 02:52 PM
checked_rules.tar.gz (413 KB) checked_rules.tar.gz Xiangyu Bu, 10/26/2016 02:52 PM

Related issues 1 (0 open1 closed)

Related to Suricata - Feature #2859: Oss-fuzz integrationClosedPhilippe AntoineActions
Actions #1

Updated by Victor Julien about 8 years ago

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Andreas Herz
  • Target version set to 70
Actions #2

Updated by Andreas Herz almost 8 years ago

Actions #3

Updated by Andreas Herz about 6 years ago

  • Assignee changed from Andreas Herz to OISF Dev
Actions #4

Updated by Andreas Herz about 6 years ago

  • Effort set to low
  • Difficulty set to medium
Actions #5

Updated by Philippe Antoine over 5 years ago

Actions #6

Updated by Andreas Herz about 5 years ago

  • Assignee changed from OISF Dev to Andreas Herz

I will recheck this list so we can strip it down to the remaining ones.

Actions #7

Updated by Andreas Herz about 5 years ago

I can't reproduce any of the crashes anymore when I run it like this:

./autogen.sh
CFLAGS="-ggdb3 -Werror -Wchar-subscripts -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function"  ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes ./configure --enable-afl --disable-shared
make -j5
LSAN_OPTIONS=suppressions=qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer sudo src/suricata -l /tmp/ -S rules/crashes/id:000... -r ~/Downloads/empty.pcap -c suricata.yaml
Actions #8

Updated by Victor Julien over 4 years ago

  • Status changed from Assigned to Closed
  • Assignee deleted (Andreas Herz)
  • Target version deleted (70)

Closing this. We now have better rule fuzzing through oss-fuzz support, so we'll fix anything that comes in through that.

Actions

Also available in: Atom PDF