Bug #1937
closed
rules: crashes and hangs reported by AFL+ASAN
Added by Xiangyu Bu about 8 years ago.
Updated over 4 years ago.
Description
The attached tarball contains about 1000 crashes and 380 hangs found by AFL+ASAN when fuzzing --afl-rules argument.
For each crash / hang the associated output is also attached.
The --build-info of the Suricata binary is included in the text file.
Compiler: clang-3.9.
Suricata: 3.2dev, last commit is
commit c6134e007e0785bc9a3ef5b524fd03adf7fa2c09
Author: Victor Julien <victor@inliniac.net>
Date: Wed Oct 12 12:30:19 2016 +0200
doc: app-layer tls including no-reassemble
Please contact me if more info is needed.
Files
- Status changed from New to Assigned
- Assignee changed from OISF Dev to Andreas Herz
- Target version set to 70
- Assignee changed from Andreas Herz to OISF Dev
- Effort set to low
- Difficulty set to medium
- Assignee changed from OISF Dev to Andreas Herz
I will recheck this list so we can strip it down to the remaining ones.
I can't reproduce any of the crashes anymore when I run it like this:
./autogen.sh
CFLAGS="-ggdb3 -Werror -Wchar-subscripts -fno-strict-aliasing -fstack-protector-all -fsanitize=address -fno-omit-frame-pointer -Wno-unused-parameter -Wno-unused-function" ac_cv_func_malloc_0_nonnull=yes ac_cv_func_realloc_0_nonnull=yes ./configure --enable-afl --disable-shared
make -j5
LSAN_OPTIONS=suppressions=qa/lsan.suppress ASAN_SYMBOLIZER_PATH=/usr/bin/llvm-symbolizer sudo src/suricata -l /tmp/ -S rules/crashes/id:000... -r ~/Downloads/empty.pcap -c suricata.yaml
- Status changed from Assigned to Closed
- Assignee deleted (
Andreas Herz)
- Target version deleted (
70)
Closing this. We now have better rule fuzzing through oss-fuzz support, so we'll fix anything that comes in through that.
Also available in: Atom
PDF