Giter VIP home page Giter VIP logo

Comments (5)

ifratric avatar ifratric commented on July 24, 2024

WinAFL can't change the memory limit of the target process. If you need to enforce a memory limit you need to build a custom solution for your target.

from winafl.

bytems avatar bytems commented on July 24, 2024

Hmm OK. Well, the main reason why I raised this issue is because, all the test cases generated by WinAFL in the crash folder (the ones that caused the target to crash during the WinAFL run). When I actually individually ran those test cases straight to the target, none of them crash the target.
Basically I can't reproduce the crashes found by WinAFL. The AFL readme file suggested that changing memory limit might resolve this issue.

from winafl.

bytems avatar bytems commented on July 24, 2024

I can't reproduce the crashes found by WinAFL. Running the individual test cases (in the crashes folder) against my target binary does not result in a crash or segmentation fault.
Can this happen, or am I doing something wrong?

from winafl.

ivanfratric avatar ivanfratric commented on July 24, 2024

There are several reasons this could be happening. For reference, take a look at the onexception() function inside winafl.c to see how WinAFL catches crashes. Some possibilities:

  • The exception is caught by your target so it doesn't crash. In this case you should still see an exception if you run the target with a debugger. You can also run the "crashing" sample in the WinAFL debug mode and the most recent version is going to report encountered exceptions in the debug log.
  • Since WinAFL uses persistent mode, it is possible that some of the previous samples put your target in a state where a subsequent state caused a crash. In the simple case it could be that previous samples exhausted the memory of the target process, a subsequent sample tried to allocate memory and failed which caused a crash. But it could also mean more serious incorrect states. You can run WinAFL with lesser number of fuzz_iterations. In the extreme case you can set fuzz_iterations to 1 which will restart a process for every sample (needless to say that's going to run much slower). You can also take a corpus provided by WinAFL and run it through some other, non-coverage-guided fuzzer in order to try to rediscover a crash.

from winafl.

ivanfratric avatar ivanfratric commented on July 24, 2024

I'm closing this issue since memory limit support was added in 1.11

from winafl.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.