Add optional handling of Nyx InvalidWriteToPayload event #2027
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
but it is wrong to keep it like this. this should kill the target (qemu). can you please add this? |
| @@ -1840,6 +1840,8 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, | |||
| case Timeout: | |||
| return FSRV_RUN_TMOUT; | |||
| case InvalidWriteToPayload: | |||
| if (!!getenv("AFL_NYX_HANDLE_INVALID_WRITE")) { return FSRV_RUN_CRASH; } | |||
|
|
|||
| /* ??? */ | |||
| FATAL("FixMe: Nyx InvalidWriteToPayload handler is missing"); | |||
There was a problem hiding this comment.
If you switch FATAL to NYX_PRE_FATAL it should be enough.
There was a problem hiding this comment.
Thanks, I'm testing this right now locally.
There was a problem hiding this comment.
great, ping when you have a result :)
|
Fwiw, I just managed to reproduce with the new code (and the env var set). The log will contain something like:
So that's even nicer. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds
AFL_NYX_HANDLE_INVALID_WRITEto allow AFL++ to ignore the InvalidWriteToPayload event. If such events occur sporadically, it is most likely due to OOM in the guest where the kernel is reclaiming memory and therefore touching the payload buffer. I decided to count these as crashes, hoping that they remain visible with this approach (but with a zero-size log). However, this happens quite rarely in my local setup so it is difficult to test.Without this variable set, AFL++ will just die and leave qemu running in the background. Long term, we might want to change the default behavior here as well.