Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New error in libfl 0.9.0 #1059

Closed
cokeBeer opened this issue Feb 12, 2023 · 5 comments
Closed

New error in libfl 0.9.0 #1059

cokeBeer opened this issue Feb 12, 2023 · 5 comments
Labels
bug Something isn't working

Comments

@cokeBeer
Copy link

cokeBeer commented Feb 12, 2023
edited
Loading

Describe the bug
Atfer I upgraded my libafl version from 0.8.x ( rev = "7ed1ac9" ) to 0.9.0, my code suddenly encountered some runtime errors.

To Reproduce
Steps to reproduce the behavior:

  1. load corpus from disk like
    state
        .load_initial_inputs_forced(&mut fuzzer, &mut executor, &mut mgr, corpus_dirs)
        .unwrap_or_else(|_| panic!("Failed to load initial corpus at {:?}",&corpus_dirs));
        println!("We imported {} inputs from disk.", state.corpus().count());
  1. run fuzz like
while state.solutions().is_empty() {
            fuzzer.fuzz_one(&mut stages, &mut executor, &mut state, &mut mgr)?;
        }

Expected behavior
get a runtime error

Loading file "./corpus\\case1" ...
abcd
[Testcase #0] run time: 0h-0m-0s, clients: 1, corpus: 1, objectives: 0, executions: 1, exec/sec: 0.000
[LOG Debug]: Loaded 1 initial testcases.
We imported 1 inputs from disk.
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', C:\Users\Administrator\.cargo\registry\src\github.aaakk.us.kg-1ecc6299db9ec823\libafl-0.9.0\src\stages\mutational.rs:76:34github.com-1ecc6299db9ec823\libafl-0.9.0\src\stages\mutational.rs:76:34
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Crashed with STATUS_ILLEGAL_INSTRUCTION
Double crash

We crashed at addr 0x7ff792fcb9e8, but are not in the target... Bug in the fuzzer? Exiting.
Type QUIT to restart the child

which is from

impl<I, S> MutatedTransform<I, S> for I
where
    I: Input + Clone,
{
    type Post = ();

    #[inline]
    fn try_transform_from(
        base: &Testcase<I>,
        _state: &S,
        _corpus_idx: CorpusId,
    ) -> Result<Self, Error> {
        Ok(base.input().as_ref().unwrap().clone()) // here 
    }

    #[inline]
    fn try_transform_into(self, _state: &S) -> Result<(I, Self::Post), Error> {
        Ok((self, ()))
    }
}

Screen output/Screenshots
If applicable, add copy-paste of the screen output or screenshot that shows the issue. Please ensure the output is in English and not in Chinese, Russian, German, etc.

Additional context
My code works well in 0.8.x and I update some new apis in 0.9.0 to fix errors reported by static analyse.
So how can I fix this runtime error?
@cokeBeer cokeBeer added the bug Something isn't working label Feb 12, 2023
@domenukk
Copy link
Member

What input and corpus do you use?
Cc @andreafioraldi

@cokeBeer
Copy link
Author

cokeBeer commented Feb 13, 2023
edited
Loading

testcase: abcd
input: BytesInput
corpus: OnDiskCorpus

@f0rki
Copy link
Contributor

f0rki commented Feb 14, 2023
edited
Loading

I encountered the same issue and fixed it like this:

diff --git a/libafl/src/stages/mutational.rs b/libafl/src/stages/mutational.rs
index d5120313..e68c170d 100644
--- a/libafl/src/stages/mutational.rs
+++ b/libafl/src/stages/mutational.rs
@@ -73,7 +73,11 @@ where
         _state: &S,
         _corpus_idx: CorpusId,
     ) -> Result<Self, Error> {
-        Ok(base.input().as_ref().unwrap().clone())
+        if let Some(i) = base.input().as_ref() {
+            Ok(i.clone())
+        } else {
+            Ok(base.clone().load_input()?.clone())
+        }
     }

     #[inline]
--

@addisoncrump
Copy link
Collaborator

This change is correct @f0rki, would you be willing to submit a PR?

f0rki added a commit to f0rki/LibAFL that referenced this issue Feb 16, 2023
@f0rki
make sure input was loaded to avoid panic on unwrap
e92fcd8 
fixes issue AFLplusplus#1059
@f0rki f0rki mentioned this issue Feb 16, 2023
Merged
domenukk pushed a commit that referenced this issue Feb 16, 2023
@f0rki @addisoncrump
Make sure input was loaded to avoid panic on unwrap in MutatedTransfo…
46b7574 
…rm (#1077)

* make sure input was loaded to avoid panic on unwrap
fixes issue #1059

* avoid unnecessary clone, avoid unnecessary branching

---------

Co-authored-by: Michael Rodler <[email protected]>
Co-authored-by: Addison Crump <[email protected]>
@addisoncrump
Copy link
Collaborator

Fixed by #1077

@cokeBeer cokeBeer mentioned this issue Feb 18, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@domenukk @f0rki @addisoncrump @cokeBeer