-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
I do fuzz test the Tor sources with AFL using the script in [1]. Today I was faced with the afl message :
- - The current memory limit (47.7 TB) is too restrictive, causing the ...
Therefore I re-run this:
torproject@mr-fox ~ $ cd ~; for i in ./tor/src/test/fuzz/fuzz-*; do echo $(./recidivm-0.1.1/recidivm -v $i 2>&1 | tail -n 1) $i ; done | sort -n 140647294041983 ./tor/src/test/fuzz/fuzz-hsdescv2 210556434775808 ./tor/src/test/fuzz/fuzz-descriptor 211071855558638 ./tor/src/test/fuzz/fuzz-microdesc 230618232257983 ./tor/src/test/fuzz/fuzz-consensus 272676600806400 ./tor/src/test/fuzz/fuzz-http 275960232411072 ./tor/src/test/fuzz/fuzz-diff-apply 280371168541696 ./tor/src/test/fuzz/fuzz-vrs 281200098803455 ./tor/src/test/fuzz/fuzz-iptsv2 281298748667644 ./tor/src/test/fuzz/fuzz-extrainfo 281456722575360 ./tor/src/test/fuzz/fuzz-diff
and was wondering about the bug numbers - a previous run few weeks ago gave me the numbers as seen in [1]:
# 40880663 ./tor/src/test/fuzz/fuzz-iptsv2 # 40880757 ./tor/src/test/fuzz/fuzz-consensus # 40880890 ./tor/src/test/fuzz/fuzz-extrainfo # 40885159 ./tor/src/test/fuzz/fuzz-hsdescv2 # 40885224 ./tor/src/test/fuzz/fuzz-http # 40888156 ./tor/src/test/fuzz/fuzz-descriptor # 40897371 ./tor/src/test/fuzz/fuzz-microdesc # 40955570 ./tor/src/test/fuzz/fuzz-vrs
Now I do wonder, if the new linux kernel, a new AFL (changed from 2.39b to 2.46b recently) or what else is causing this issue ?
[1] https://github.com/toralf/torutils/blob/master/fuzz.sh
- -- Toralf PGP C4EACDDE 0076E94E
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 07/23/2017 09:08 PM, Toralf Förster wrote:
I do fuzz test the Tor sources with AFL using the script in [1].
Hhm, the root cause is the configure option "--enable-expensive-hardening".
Without that I can continue fuzz testing. I do wonder, since when this configure option doesn't play well together with AFL ?
- -- Toralf PGP C4EACDDE 0076E94E
On 25 Jul 2017, at 06:32, Toralf Förster toralf.foerster@gmx.de wrote:
Signed PGP part On 07/23/2017 09:08 PM, Toralf Förster wrote:
I do fuzz test the Tor sources with AFL using the script in [1].
Hhm, the root cause is the configure option "--enable-expensive-hardening".
Without that I can continue fuzz testing. I do wonder, since when this configure option doesn't play well together with AFL ?
This option enables ASAN.
ASAN requires a lot of extra shadow VM mappings, which it never uses, but afl still sees them as part of its allocations.
See the afl documentation for details.
T -- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------
tor-relays@lists.torproject.org