Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PROGRAM ABORT : Null reference Location : stricmp(), src/afl-fuzz.c:490 #590

Open
Pr0methean opened this issue Feb 25, 2025 · 2 comments
Open

PROGRAM ABORT : Null reference Location : stricmp(), src/afl-fuzz.c:490 #590

Pr0methean opened this issue Feb 25, 2025 · 2 comments

Comments

@Pr0methean
Copy link

I get this error when running a fuzz target on a GitHub Actions ubuntu-latest runner:

Run actions-rs/cargo@v1
  with:
    command: afl
    args: fuzz -i /home/runner/work/zip2/zip2/fuzz_read/in -o out -V 3600 -a binary -- /home/runner/work/zip2/zip2/fuzz_read/target/debug/fuzz_read
    use-cross: false
  env:
    RUSTFLAGS: -Dwarnings
/home/runner/.cargo/bin/cargo afl fuzz -i /home/runner/work/zip2/zip2/fuzz_read/in -o out -V 3600 -a binary -- /home/runner/work/zip2/zip2/fuzz_read/target/debug/fuzz_read
afl-fuzz++4.31c based on afl by Michal Zalewski and a large online community
25h
[-] PROGRAM ABORT : Null reference
         Location : stricmp(), src/afl-fuzz.c:490

The output of cargo afl system-config was:

Run actions-rs/cargo@v1
  with:
    command: afl
    args: system-config
    use-cross: false
  env:
    RUSTFLAGS: -Dwarnings
/home/runner/.cargo/bin/cargo afl system-config
Running: "sudo" "--reset-timestamp" "/home/runner/.local/share/afl.rs/rustc-1.87.0-nightly-617aad8/afl.rs-0.15.15/afl/bin/afl-system-config"
This reconfigures the system to have a better fuzzing performance.
WARNING: this reduces the security of the system!

sysctl: cannot stat /proc/sys/kernel/sched_child_runs_first: No such file or directory
Settings applied.

It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this:
  /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs pcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=on pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"

If you run fuzzing instances in docker, run them with "--security-opt seccomp=unconfined" for more speed.

Updating from 0.15.10 to 0.15.15 doesn't fix this.
@Pr0methean
Copy link
Author

Pr0methean commented Feb 25, 2025
edited
Loading

I've tried installing llvm separately from the Rust toolchain (the way this repo's CI workflow does) and running cargo afl config --plugins --force or cargo afl config --build --plugins --force, but I still get the error.

This was referenced Feb 25, 2025
Merged
Closed
@Pr0methean
Copy link
Author

Update: On my Ubuntu laptop, I managed to fix this by removing the flag -a binary. The input corpus is in binary format, but the input dictionary is in text format. Checking whether that fixes it in GitHub Actions...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Pr0methean