AFLplusplus: Compiler error with cmplog + ASAN + lto

Consider the following example for a shared library, that shall be used for fuzzing.

Shared library funcs.cpp:

#include <stdio.h>
#include <string.h>

void func(char *data) {
        char buffer[32];

        if (strlen(data) < 32)
                return;

        long magic = *((long*) data);
        if (magic == 0x4947464841424544) {
                strcpy(buffer, data);
                printf("%s\n", buffer);
        }
        return;
}

When using AFL_LLVM_CMPLOG=1 afl-clang-lto++ -o libfuncs.so -shared funcs.cpp to create the shared lib with afl-clang-lto++ and cmplog, everything works fine and the library can be linked against the fuzzing target afterwards. But when trying to compile with ASAN (AFL_USE_ASAN=1 AFL_LLVM_CMPLOG=1 afl-clang-lto++ -o libfuncs.so -shared funcs.cpp), the following compilation error occurs:

afl-clang-lto++2.65d by Marc "vanHauser" Heuse <mh@mh-sec.de> in mode LTO
CmpLog mode by <andreafioraldi@gmail.com>
Running cmplog-routines-pass by andreafioraldi@gmail.com
Hooking 1 calls with pointers as arguments
Running split-switches-pass by laf.intel@gmail.com
Running cmplog-instructions-pass by andreafioraldi@gmail.com
Hooking 2 cmp instructions
ld.lld: error: Invalid record (Producer: 'LLVM11.0.0' Reader: 'LLVM 11.0.0')
clang: error: linker command failed with exit code 1 (use -v to see invocation)

I tested several setups, the error only occurs in combination with lto + ASAN + cmplog (for both afl-clang-lto and afl-clang-lto++). When using afl-clang-fast, everythings works fine, even with ASAN. Creating a static library with lto + ASAN + cmplog works fine, but the same error occurs when linking the static library against the fuzzing target. Maybe the error is related to #370?

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 18 (10 by maintainers)

Commits related to this issue

Most upvoted comments

My main file looks like this:

#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <unistd.h>
#include "funcs.hpp"

__AFL_FUZZ_INIT();

int main(int argc, char **argv) {
        char *buffer = (char *) __AFL_FUZZ_TESTCASE_BUF;

        int size = __AFL_FUZZ_TESTCASE_LEN;
        buffer[size] = '\0';
        func(buffer);
}

But actually, using a shared library was not the problem. As you can see, I used the macros to prepare the target for Persistent Mode, but I did not include while (__AFL_LOOP(1000)) Adding the missing Persistent Mode loop fixed the sharedmem error, even when using a shared library. So that was simply my mistake, but I guess everything is figured out now. Thanks a lot for your help!

+1
Minilulatsch on Jun 17, 2020
Read more comments on GitHub
← AFLplusplus: COMPCOV float bug?
AFLplusplus: “Fork server handshake failed” Error when fuzzing an arm binary without source code →