oss-sec mailing list archives
Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531)
From: Alexander Cherepanov <cherepan () mccme ru>
Date: Mon, 17 Nov 2014 04:29:27 +0300
On 2014-11-07 18:58, Robert Święcki wrote:
2014-11-07 11:08 GMT+01:00 Yury Gribov <y.gribov () samsung com>:On 11/07/2014 07:43 AM, Alexander Cherepanov wrote:Longer version: I started with the most simple approach I could get results with and improved it only a little bit so far. There was just no need for improvements -- until recently I was getting more crashes than I can analyze (i.e. run through valgrind:-).This looks rather impressive. Have you considered automatically detecting duplicates by e.g. analyzing stacktraces?Feel free to take a look at honggfuzz - https://code.google.com/p/honggfuzz/ It provides a crude version of unification on the basis of offending program counter (as well as simple disassembly of the offending instruction).
Is it really interesting? For objdump many crashes are in quite generic functions like bfd_getl16 and PC will not differentiate between them. Using full stacktrace is probably too much but using only PC seems to be too coarse.
It also disables address randomization to get repeatable crashes. Example output (from testing strings-multiarch):
BTW is there a publicly available corpus of binaries from various architectures?
http://alt.swiecki.net/.t/strings-multiarch.txt Usage: honggfuzz -f in/ -r 0.1 -q -- /usr/bin/strings ___FILE___
-- Alexander Cherepanov
Current thread:
- Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 06)
- Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Yury Gribov (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Hanno Böck (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Yury Gribov (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Nicholas Clifton (Nov 11)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Hanno Böck (Nov 07)
- Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Yury Gribov (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Michal Zalewski (Nov 07)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Alexander Cherepanov (Nov 16)
- Re: Re: Fuzzing objdump (PR 17512) and readelf (PR 17531) Robert Święcki (Nov 16)