You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi there,
I tried running Magma per your 'Getting Started' section just changing the fuzzer to only use aflplusplus_lto and leaving everything else on default. This unfortunately does not work for me, in one way or another. One way is that the php container does not even build successfully, the problem seems to be a linker error:
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::UnicodeString, std::allocator<icu_60::UnicodeString> >::_M_check_len(unsigned long, char const*) const)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::Formattable, std::allocator<icu_60::Formattable> >::_M_check_len(unsigned long, char const*) const)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Makefile:292: recipe for target 'sapi/fuzzer/php-fuzz-exif' failed
make: *** [sapi/fuzzer/php-fuzz-exif] Error 1
make: *** Waiting for unfinished jobs....
ld.lld: error: undefined symbol: std::__throw_length_error(char const*)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::UnicodeString, std::allocator<icu_60::UnicodeString> >::_M_check_len(unsigned long, char const*) const)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::Formattable, std::allocator<icu_60::Formattable> >::_M_check_len(unsigned long, char const*) const)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [sapi/fuzzer/php-fuzz-json] Error 1
Makefile:289: recipe for target 'sapi/fuzzer/php-fuzz-json' failed
ld.lld: error: undefined symbol: std::__throw_length_error(char const*)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::UnicodeString, std::allocator<icu_60::UnicodeString> >::_M_check_len(unsigned long, char const*) const)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::Formattable, std::allocator<icu_60::Formattable> >::_M_check_len(unsigned long, char const*) const)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [sapi/fuzzer/php-fuzz-parser] Error 1
Makefile:277: recipe for target 'sapi/fuzzer/php-fuzz-parser' failed
ld.lld: error: undefined symbol: std::__throw_length_error(char const*)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::UnicodeString, std::allocator<icu_60::UnicodeString> >::_M_check_len(unsigned long, char const*) const)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::Formattable, std::allocator<icu_60::Formattable> >::_M_check_len(unsigned long, char const*) const)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [sapi/fuzzer/php-fuzz-unserialize] Error 1
Makefile:283: recipe for target 'sapi/fuzzer/php-fuzz-unserialize' failed
ld.lld: error: undefined symbol: std::__throw_length_error(char const*)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::UnicodeString, std::allocator<icu_60::UnicodeString> >::_M_check_len(unsigned long, char const*) const)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::Formattable, std::allocator<icu_60::Formattable> >::_M_check_len(unsigned long, char const*) const)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
Makefile:286: recipe for target 'sapi/fuzzer/php-fuzz-unserializehash' failed
make: *** [sapi/fuzzer/php-fuzz-unserializehash] Error 1
ld.lld: error: undefined symbol: std::__throw_length_error(char const*)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::UnicodeString, std::allocator<icu_60::UnicodeString> >::_M_check_len(unsigned long, char const*) const)
referenced by stl_vector.h:1505 (/usr/lib/gcc/x86_64-linux-gnu/7.5.0/../../../../include/c++/7.5.0/bits/stl_vector.h:1505)
lto.tmp:(std::vector<icu_60::Formattable, std::allocator<icu_60::Formattable> >::_M_check_len(unsigned long, char const*) const)
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [sapi/fuzzer/php-fuzz-execute] Error 1
Makefile:280: recipe for target 'sapi/fuzzer/php-fuzz-execute' failed
The command '/bin/sh -c ${FUZZER}/instrument.sh' returned a non-zero code: 2
`
Another way is that all other containers seem to build successfully, however running them results in them stopping a few second later. Looking at the logs, they all get the same error message from afl++:
`
[*] Checking core_pattern...
[-] Hmm, your system is configured to send core dump notifications to an
external utility. This will cause issues: there will be an extended delay
between stumbling upon a crash and having this information relayed to the
fuzzer via the standard waitpid() API.
If you're just testing, set 'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'.
To avoid having crashes misinterpreted as timeouts, please log in as root
and temporarily modify /proc/sys/kernel/core_pattern, like so:
echo core >/proc/sys/kernel/core_pattern
[-] PROGRAM ABORT : Pipe at the beginning of 'core_pattern'
Location : check_crash_handling(), src/afl-fuzz-init.c:2188
Campaign terminated at 2023-10-11 20:29
`
Is php fixable and would the 'fixes' suggested by afl++ be applicable for the containers?
On another note, I tried to extract the instrumented targets from their respective containers to fuzz them inside afl++'s own docker container (which was my original goal anyway). They dont throw that core_pattern error in there, but now they get zero coverage instead... The error message suggests a syntax problem, is there a way to easily see the command you call afl++ with for each target?
The text was updated successfully, but these errors were encountered:
Hi there,
I tried running Magma per your 'Getting Started' section just changing the fuzzer to only use aflplusplus_lto and leaving everything else on default. This unfortunately does not work for me, in one way or another. One way is that the php container does not even build successfully, the problem seems to be a linker error:
`
ld.lld: error: undefined symbol: std::__throw_length_error(char const*)
Another way is that all other containers seem to build successfully, however running them results in them stopping a few second later. Looking at the logs, they all get the same error message from afl++:
`
[*] Checking core_pattern...
[-] Hmm, your system is configured to send core dump notifications to an
external utility. This will cause issues: there will be an extended delay
between stumbling upon a crash and having this information relayed to the
fuzzer via the standard waitpid() API.
If you're just testing, set 'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'.
[-] PROGRAM ABORT : Pipe at the beginning of 'core_pattern'
Location : check_crash_handling(), src/afl-fuzz-init.c:2188
Campaign terminated at 2023-10-11 20:29
`
Is php fixable and would the 'fixes' suggested by afl++ be applicable for the containers?
On another note, I tried to extract the instrumented targets from their respective containers to fuzz them inside afl++'s own docker container (which was my original goal anyway). They dont throw that core_pattern error in there, but now they get zero coverage instead... The error message suggests a syntax problem, is there a way to easily see the command you call afl++ with for each target?
The text was updated successfully, but these errors were encountered: