Hi Dario, Le 10 août 2015 10:27 PM, "Dario Lombardo" <dario.lombardo...@gmail.com> a écrit : > > No crash still happening... > > $ ../tools/test-captures.sh -b run ../data/hpfeeds_all_packets_sample.pcap > Testing file ../data/hpfeeds_all_packets_sample.pcap... > - with tree... OK > - without tree... OK > - without tree but with a read filter... OK > $
You need to run it on the fuzzed capture (/tmp/fuzz-2015-08-10-7120.pcap), not on the original one. Pascal. > On Mon, Aug 10, 2015 at 10:09 PM, Evan Huus <eapa...@gmail.com> wrote: >> >> The best way to reproduce fuzzer bugs is with ./tools/test-captures.sh >> which sets all the same environment variables and flags as the main >> fuzz script. >> >> Since the error was in a memory canary, valgrind and/or ASAN may also >> prove useful. >> >> Evan >> >> On Mon, Aug 10, 2015 at 3:52 PM, Dario Lombardo >> <dario.lombardo...@gmail.com> wrote: >> > Hi list >> > II was fuzzing a protocol, and I experienced a crash. The fuzz-test.sh gave >> > me this output >> > >> > $ ../tools/fuzz-test.sh -b run ../data/hpfeed_all_packets_sample.pcap >> > [...] >> > Starting pass 130: >> > ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr) OK >> > Starting pass 131: >> > ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr) OK >> > Starting pass 132: >> > ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) (-nr) OK >> > Starting pass 133: >> > ../data/hpfeeds_all_packets_sample.pcap: (-nVxr) ../tools/fuzz-test.sh: >> > line 189: 8725 Segmentation fault (core dumped) "$RUNNER" $COMMON_ARGS >> > $ARGS $TMP_DIR/$TMP_FILE > /dev/null 2>> $TMP_DIR/$ERR_FILE >> > >> > ERROR >> > Processing failed. Capture info follows: >> > >> > Input file: ../data/hpfeed_all_packets_sample.pcap >> > Output file: /tmp/fuzz-2015-08-10-7120.pcap >> > >> > stderr follows: >> > >> > Input file: ../data/hpfeed_all_packets_sample.pcap >> > >> > Build host information: >> > Linux hardcore 3.13.0-61-generic #100-Ubuntu SMP Wed Jul 29 11:21:34 UTC >> > 2015 x86_64 x86_64 x86_64 GNU/Linux >> > Distributor ID: Ubuntu >> > Description: Ubuntu 14.04.3 LTS >> > Release: 14.04 >> > Codename: trusty >> > >> > Return value: 139 >> > >> > Dissector bug: 0 >> > >> > Valgrind error count: 0 >> > >> > >> > >> > >> > Command and args: run/tshark -nVxr >> > >> > ** >> > ERROR:../epan/wmem/wmem_allocator_strict.c:77:wmem_strict_block_check_canaries: >> > assertion failed: (canary[i] == WMEM_CANARY_VALUE) >> > >> > So I tried to reproduce the error, but when I issued >> > >> > run/tshark -nVxr /tmp/fuzz-2015-08-10-7120.pcap >> > >> > no crash happened. Is this the right way to reproduce a bug the fuzzer >> > found? If yes, why it is not crashing? >> > Thanks for your suggestions. >> > Dario. >> > >> > ___________________________________________________________________________ >> > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> > Archives: https://www.wireshark.org/lists/wireshark-dev >> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> > mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe > > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
