AFLplusplus: afl-cmin crashes and pollutes terminal

afl-cmin fails to minimize huge amount of samples and pollutes terminal with afl-showmap output (raw coverage maps?).

steps to reproduce:

  1. fuzz python3 with input scripts (afl-fuzz ... -- ./python3 -s @@) for a few days to get bunch of samples. in my case i had 8 afl-fuzz instances.
  2. put all the samples in a single directory. e.g. find out -type f -path "*/queue/id*" cp -t samples {} + in my case i had 26136 samples (sizes vary from 1 byte to 30 Kb)
  3. run afl-cmin:
    export AFL_MAP_SIZE=100585 # value reported by calling fuzz target
    afl-cmin -i samples -o samples_cmin -m none -- ./python3 -s @@
    

here is what happens in my terminal in a few minutes: image another example: image (note awk error in lower right corner)

exit code of afl-cmin is 2

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 23 (23 by maintainers)

Most upvoted comments

@vanhauser-thc, your fix with https://github.com/AFLplusplus/AFLplusplus/commit/338f1ae2f85dffe7daa88fa78cd1d078a986d0d5 works! Thanks.

When using version prior to that commit one may use gawk instead of mawk to mitigate the issue.

OK I checked this out after I finally had some time … the afl-cmin awk script triggers a bug in mawk where a print "" will dump stack or heap memory, and because of control characters printed its all gibberish. I removed that print "" and then for me it works without that weird output being printed now. the bug seems to come together with too much output it collects for a file descriptor to write into … because if I remove files from the input directory the issue does not exist either. or when using gawk.

I added redirection detection to the afl-cmin script, but since i am on vacation from tomorrow on, i cannot do more investigation now.