Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Feebdack

See original GitHub issue

I used the mruby example and got this just when starting up:

┘mutation error: No such file or directory

[-] PROGRAM ABORT : Error in custom_fuzz. Size returned: 0
         Location : fuzz_one_original(), src/afl-fuzz-one.c:1747

It should all be there:

AFL_CUSTOM_MUTATOR_ONLY=1
AFL_CUSTOM_MUTATOR_LIBRARY=/prg/Grammar-Mutator/trunk/src/libgrammarmutator.so
afl-fuzz -i in -o out -- mruby/bin/mruby @@
ls out/trees/
...
id:000070,time:0,orig:70  id:000156,time:0,orig:156  id:000242,time:0,orig:242
id:000071,time:0,orig:71  id:000157,time:0,orig:157  id:000243,time:0,orig:243
id:000072,time:0,orig:72  id:000158,time:0,orig:158  id:000244,time:0,orig:244
id:000073,time:0,orig:73  id:000159,time:0,orig:159  id:000245,time:0,orig:245
...

more feedback:

IMHO the GRAMMAR_FILE env var should always be required. having a JSON default is not helpful.
./grammar_generator 123 100 1000 /tmp/seeds /tmp/trees -> not found. it is src/grammar_generator. better copy the grammar_generator and the .so to the project root when done compiling, maybe even with the grammar type in their filename?

export export AFL_CUSTOM_MUTATOR_LIBRARY=/path/to/libgrammarmutator.so -> double export, also again below

dont put -o to /tmp, this is not best practice. just leave paths away so the example work in the the current directory

Issue Analytics

State:
Created 3 years ago
Comments:18 (10 by maintainers)

Top GitHub Comments

1reaction

h1994stcommented, Aug 28, 2020

this code fragment looks pointless:
  size_t      fn_len = strlen(fn);
  strncpy(data->new_tree_fn, fn, fn_len);
  data->new_tree_fn[fn_len] = '\0';
this is basically a strcpy(data->new_tree_fn, fn) just split to be 3 lines instead of one. if you dont want a buffer overflow (unlikely with PATH_MAX though) switch fn_len with PATH_MAX - 1 in line 2 and 3

It’s my fault. I wrongly think strncpy is a safer version of strcpy, but the destination string after strncpy is sometimes not null-terminated. I changed it to snprintf, which also avoids the buffer overflow.

0reactions

h1994stcommented, Aug 31, 2020

Thanks! I have submitted the final evaluation.