Comments (9)
Sorry.. misleading title. I was originally trying this on Fedora 16 and got
this error, but valgrind included with 0.4 does not support the 3.x kernel
series, so I moved to the CentOS 5.8 where I could compare both versions.
Original comment by [email protected]
on 9 May 2012 at 12:12
from avalanche.
More info... even though I could get 0.6.0 to build in the manner described
above, it failed to solve the sample file input example. Version 0.4 worked
correctly.
Original comment by [email protected]
on 9 May 2012 at 3:30
from avalanche.
Unfortunately, it looks like the update to PL.y due to yacc/bison compatibility
problem slipped being commited. Replacing stp-ver-0.1-11-18-2008/parser/PL.y
with this version should fix make process for non-bison users.
Can you provide more info (avalanche output etc.) on sample failing?
Original comment by [email protected]
on 14 May 2012 at 8:22
Attachments:
from avalanche.
tar zxf Desktop/avalanche-0.6.tar.gz
cp Desktop/PL.y avalanche-0.6.0/stp-ver-0.1-11-18-2008/parser/PL.y
cd avalanche-0.6.0/
./configure
make
su -c "make install"
everything built cleanly... but the sample still fails...
$ od seed
0000000 000000 000000
0000004
$ avalanche -v --filename=seed ./sample2 seed
Avalanche, a dynamic analysis tool. Mon May 14 07:35:55 2012
Iteration 1. Mon May 14 07:35:55 2012
Inputs size = 1.
Selected next input with score 1346.
Unique error(s) found: 0.
Time statistics: 0 sec, tracegrind: 0, covgrind: 0, stp: 0.
If I explicitly run it with a bad file, then it works...
$ echo 'bad!' > bad
$ avalanche -v --filename=bad ./sample2 bad
Avalanche, a dynamic analysis tool. Mon May 14 07:38:03 2012
Error detected. Mon May 14 07:38:03 2012
Process terminating with default action of signal 6 (SIGABRT)
at 0x3E0F030285: raise (in /lib64/libc-2.5.so)
by 0x3E0F031D2F: abort (in /lib64/libc-2.5.so)
by 0x4005AB: main (in /home/vegs-usr/avalanche-0.4/samples/simple/sample2)
Dumping input to file exploit_0_0.
Command: ./sample2 exploit_0_0
Iteration 1. Mon May 14 07:38:03 2012
Inputs size = 1.
Selected next input with score 1277.
Unique error(s) found: 1.
Error #0: Received SIGABRT
Inputs: exploit_0_0;
Command: ./sample2 exploit_0_0
Time statistics: 0 sec, tracegrind: 0, covgrind: 0, stp: 0.
Original comment by [email protected]
on 14 May 2012 at 11:39
from avalanche.
And with the debug flag...
$ avalanche -v --debug --filename=seed ./sample2 seed
Avalanche, a dynamic analysis tool. Mon May 14 07:55:12 2012
Running plugin Covgrind.
Executing command: /usr/local/bin/../lib/avalanche/valgrind, with args:
/usr/local/bin/../lib/avalanche/valgrind --tool=covgrind --trace-children=no -v
--alarm=300 --log-file=/tmp/avalanche-jfilik/execution.log
--filename=/tmp/avalanche-jfilik/basic_blocks.log ./sample2 seed
Covgrind is finished.
First score = 1346.
Iteration 1. Mon May 14 07:55:12 2012
Inputs size = 1.
Selected next input with score 1346.
Running plugin Tracegrind.
Executing command: /usr/local/bin/../lib/avalanche/valgrind, with args:
/usr/local/bin/../lib/avalanche/valgrind --tool=tracegrind --trace-children=no
--startdepth=1 --temp-dir=/tmp/avalanche-jfilik/ --invertdepth=100
--dump-prediction=yes --file=seed
--log-file=/tmp/avalanche-jfilik/execution.log ./sample2 seed
Tracegrind exited on signal.
Failure in Tracegrind.
No QUERY's found.
Unique error(s) found: 0.
Time statistics: 0 sec, tracegrind: 0, covgrind: 0, stp: 0.
Original comment by [email protected]
on 14 May 2012 at 11:56
from avalanche.
It looks like tracegrind fails to produce trace for STP. Can you run tracegrind
explicitly? You'll need to omit temp-dir and log-file options:
/usr/local/bin/../lib/avalanche/valgrind --tool=tracegrind --trace-children=no
--startdepth=1 --invertdepth=100 --dump-prediction=yes --file=seed ./sample2
seed
Original comment by [email protected]
on 14 May 2012 at 1:34
from avalanche.
==4875== Tracegrind-1.0, valgrind IR to STP declarations converter
==4875== Copyright (C) iisaev
==4875== Using Valgrind-3.7.0.SVN and LibVEX; rerun with -h for copyright info
==4875== Command: ./sample2 seed
==4875==
==4875==
==4875== Process terminating with default action of signal 11 (SIGSEGV)
==4875== Access not within mapped region at address 0x1C
==4875== at 0x3E0EC00A70: ??? (in /lib64/ld-2.5.so)
==4875== by 0x1: ???
==4875== by 0x7FEFFFF7E: ???
==4875== by 0x7FEFFFF88: ???
==4875== If you believe this happened as a result of a stack
==4875== overflow in your program's main thread (unlikely but
==4875== possible), you can try to increase the size of the
==4875== main thread stack using the --main-stacksize= flag.
==4875== The main thread stack size used in this run was 10485760.
==4875==
==4875== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)
Segmentation fault
GDB shows:
Program received signal SIGSEGV, Segmentation fault.
createTaintedTemp (basicBlockLowerBytes=<value optimized out>,
basicBlockUpperBytes=<value optimized out>) at tg_main.c:3440
3440 curNode->visited++;
curNode is null...
Original comment by [email protected]
on 14 May 2012 at 1:46
from avalanche.
Could you try this patch?
cd avalanche-0.6.0
patch -p0 -i tracegrind_patch
Original comment by [email protected]
on 14 May 2012 at 3:09
Attachments:
from avalanche.
Thanks! That seems to have fixed it on CentOS 5.8 and Fedora 16. Great job.
Original comment by [email protected]
on 14 May 2012 at 3:32
from avalanche.
Related Issues (14)
- glibc 2.13 unsupported HOT 1
- Configure said 'kernel version... unsupported' HOT 13
- Configure script doesn't check lack of lex and yacc needed by STP HOT 1
- Error opening file basic_blocks.log before iteration 0 start HOT 2
- Avalanche 0.6 doesn't compile on 64-bits architecture
- [deleted issue]
- Exploits may not be found when standard string functions (string.h) are used HOT 1
- Avalanche crashes with segmentation fault when being run from PATH HOT 1
- Incorrect STP queries when lseek (fseek, etc.) is used HOT 1
- Avalanche 0.4 doesn't check the cause of crash of the tested application HOT 4
- the tool doesn't track tainted data in static variables HOT 2
- the tool doesn't expand input file size if necessary HOT 1
- Avalanche-0.4 finished of checking an application but did't find an actual bug HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from avalanche.