Comments (6)
Hmm I heard from other people encountering the same error, but I wasn't able to reproduce myself. Can you reproduce with the test target provided with jackalope (when running using file delivery mechanism, e.g. fuzzer.exe -in in -out out -t 1000 -delivery file -instrument_module test.exe -target_module test.exe -target_method fuzz -nargs 1 -iterations 10000 -persist -loop -cmp_coverage -- test.exe -f @@
) or only with your own target?
In general, this can happen if Jackalope can't write a sample to the output file. In case the target still holds a reference to the file and that's the reason the file can't be written, Jackalope attempts to kill the target process and retry as can be seen in https://github.com/googleprojectzero/Jackalope/blob/main/fuzzer.cpp#L214. But in your case, it appears that that didn't resolve the issue.
Currently, the best workaround is to use sample delivery via shared memory (see test.cpp for an example on how to modify your target to support it). This will likely also result in the increased fuzzing speed.
from jackalope.
Hmm I heard from other people encountering the same error, but I wasn't able to reproduce myself. Can you reproduce with the test target provided with jackalope (when running using file delivery mechanism, e.g.
fuzzer.exe -in in -out out -t 1000 -delivery file -instrument_module test.exe -target_module test.exe -target_method fuzz -nargs 1 -iterations 10000 -persist -loop -cmp_coverage -- test.exe -f @@
) or only with your own target?In general, this can happen if Jackalope can't write a sample to the output file. In case the target still holds a reference to the file and that's the reason the file can't be written, Jackalope attempts to kill the target process and retry as can be seen in https://github.com/googleprojectzero/Jackalope/blob/main/fuzzer.cpp#L214. But in your case, it appears that that didn't resolve the issue.
Currently, the best workaround is to use sample delivery via shared memory (see test.cpp for an example on how to modify your target to support it). This will likely also result in the increased fuzzing speed.
when the delivery is via shared memory, the speed is observed to be very high, there are some instances when the APIs require only file or file handles, yesterday I have read the blog https://www.zerodayinitiative.com/blog/2019/10/31/the-little-bitmap-that-couldnt where they have implemented a minimal harness application, I copied the same harness and started fuzzing it via Jackalope with flag "-delivery shmem" , I expected the fuzzer to throw an error since shared memory is not implemented in the application, but instead it started fuzzing with multiples of thousands execs/sec, can I know why I have not encountered error in this case, while in previous case when i try to fuzz custom WinAFL harness, it allowed only "-delivery file" ??
from jackalope.
Most likely the target is doing something and you're getting coverage for that, but that "something" isn't related to the input sample if, as you say, you're passing it over shared memory and the target is not aware of this shared memory.
from jackalope.
Hmm I heard from other people encountering the same error, but I wasn't able to reproduce myself. Can you reproduce with the test target provided with jackalope (when running using file delivery mechanism, e.g.
fuzzer.exe -in in -out out -t 1000 -delivery file -instrument_module test.exe -target_module test.exe -target_method fuzz -nargs 1 -iterations 10000 -persist -loop -cmp_coverage -- test.exe -f @@
) or only with your own target?In general, this can happen if Jackalope can't write a sample to the output file. In case the target still holds a reference to the file and that's the reason the file can't be written, Jackalope attempts to kill the target process and retry as can be seen in https://github.com/googleprojectzero/Jackalope/blob/main/fuzzer.cpp#L214. But in your case, it appears that that didn't resolve the issue.
Currently, the best workaround is to use sample delivery via shared memory (see test.cpp for an example on how to modify your target to support it). This will likely also result in the increased fuzzing speed.
Hi,fratric,I get the same issue when fuzzing some windows codecs using jackalope,with delivery=file and nthreads=10.Cmd line like:
fuzzer.exe -delivery file -nthreads 10 -t 1000 -in D:\corpus\xx -out R:\Temp\xx -instrument_module xx.dll -target_module fuzzer.exe -target_method fuzz -nargs 1 -iterations 2337 -persist -loop -cmp_coverage -- fuzzer.exe @@
Without nthreads=10 option,seems jackalope works fine with the same harness code.
from jackalope.
Thank you for letting me know this is related to nthreads. It's interesting because each thread is writing to it's own file so there shouldn't be race conditions there (but I'll doublecheck it just in case).
In the meantime, can you test if putting
Sleep(10000);
before or after
Line 213 in 364bf09
helps with the issue at all?
from jackalope.
I managed to reproduce the issue. It should be fixed in the latest version, commit 2f72da1
though note some warnings will still be printed.
Tentatively closing. Please reopen if the same issue still persist even after the patch.
from jackalope.
Related Issues (20)
- PROGRAM ABORT : No interesting input files HOT 1
- The value of FUZZ_CHILD_CTRL_IN / OUT is too low. HOT 1
- Question about OOM in GrammarMutator HOT 4
- Question on Grammar-based mutation HOT 2
- Update README instructions for building on macOS HOT 13
- How to solve create process failed, GLE=2 error HOT 9
- sir fuzzer is running but errors are not identifying..
- Investigating performance HOT 25
- Wrong crashes count? HOT 1
- How can I add new samples to an existing session? HOT 2
- Help with running as server HOT 9
- Handling Wide strings HOT 7
- WARNING: Error delivering sample, retrying with a clean target
- Implementing network fuzzing HOT 2
- Program abort due to `Process hanged before reaching the target method` HOT 1
- Adding extensions list HOT 2
- "process dead" issue that is not occured by WinAFL or other Fuzzer HOT 6
- Question: Would Jackalope be able to track code coverage for a child process spawned by the target? HOT 2
- PROGRAM ABORT : Process exited before reaching the target method - due to partial memory read from process HOT 3
- Fuzzer quits without saving crash HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from jackalope.