AFLplusplus: unknown regression in v2.61c
I’m experiencing a significant (?) regression when using v2.61c versus v2.60c and I can’t isolate what might have changed to cause this result.
I’m running tests on the LAVA / Rode0day corpora.
Both experiments were identical except for rebuilding my docker container with either
git clone -b 2.60corgit clone -b 2.61c
The coverage exposed is roughly the same, but v2.61c doesn’t find any crashes/bugs where v2.60c finds bugs within the first minute and over 200 crashes total??
I’m running in slave/havoc only mode with a dictionary generated from objdump as described here https://moyix.blogspot.com/2016/07/fuzzing-with-afl-is-an-art.html. So, shallow bugs in LAVA targets should be easily found by AFL fuzzing with the dictionary. I’m also running the generated testcases under a second process which logs coverage and checks for bugs. So, I don’t believe the problem is that AFL is not catching faulting inputs, I think somehow it is failing to generate crashing inputs?
Here’s from v2.60c
Here’s v2.61c
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 28 (28 by maintainers)
@wideglide can you please try the new github state? I made some changes to alloc-inl.h and it works fine for me (15 crashes in 8 minutes for my test target tiff-4.0.4)
If this works for you I make a new release with this version, if this also produces a problem then I revert to the original one and make with that a new release.
@vanhauser-thc we need a hotfix release when I’ll finish with this.
Thank you man for the great effort, I’ll backport it from AFL as a workaround and meanwhile, I’ll work for a better solution.
It’s the changes to
alloc-inl.h. I just used the version from https://github.com/AFL with master and everything works fine.