LIU Yuwei

icon company Institute of Software Chinese Academy of Sciences icon location Beijing, China icon location Always learning security

Results 48 issues of LIU Yuwei

Missing some instrumentations when instrumenting binary with AFL

RetroWrite generates labels with the format as `.L%x` in https://github.com/HexHive/retrowrite/blob/243db5811b96dfe07e6c697b3a2e2d61e0e7855b/librw/rw.py#L190 and https://github.com/HexHive/retrowrite/blob/9e2e633e9ab165681733f3255e648a62b22e6368/librw/container.py#L191 However, for the `afl-gcc` compilers of AFL-family fuzzers such as [AFL++](https://github.com/AFLplusplus/AFLplusplus), they only instrument the label start with...

bug

change basic block label format from .L%x to .L%d

2 comment

Using `.L%x` could miss some instrumentations when instrumenting binary with AFL.

Compile fuzzgen-preprocessor fail with LLVM 6.0.0

When I compile fuzzgen-preprocessor with LLVM 6.0.0, I get the following error ``` In file included from /home/ubuntu/llvm-6.0.0/tools/clang/tools/fuzzgen/preprocessor.cpp:41:0: /home/ubuntu/llvm-6.0.0/tools/clang/tools/fuzzgen/preprocessor.h:210:18: error: ‘virtual void IncludesProcessor::InclusionDirective(clang::SourceLocation, const clang::Token&, llvm::StringRef, bool, clang::CharSourceRange, const clang::FileEntry*,...

Writing schema for C library (e.g., ngiflib)

1 comment

Hi there, I'm now trying to apply GraphFuzz to multiple C libraries. According to #7, I refer to the `schema.yaml` of sqlite3 as an example and write a `schema.yaml` (in...

stack-buffer-overflow in shellescape() at jhead.c:345 when multiple &i given

When the command contains lots of `&i` argument, the stack buffer will overflow. https://github.com/Matthias-Wandel/jhead/blob/0e98605d0a08bc692b87ca878bb4dc7bdfc12471/jhead.c#L389-L406 In `DoCommand()`, jhead calls `shellescape()` to copy strings to stack buffer `ExecString` when it detects a...

Aborted (core dumped) when load specific elf file by python3 pwntools

1 comment

When the pwntools loads a specific elf file by python3, it shows `Aborted (core dumped)`. The elf file is attached below. [attach.tar.gz](https://github.com/Gallopsled/pwntools/files/13274930/attach.tar.gz) It can be reproduced in the official docker...

bug
backport-required

Fix SSL015 CANARIES condition

According to the code in `MAGMA_ENABLE_FIXES` ```C if (p7->d.ptr == NULL) { PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT); return NULL; } ``` and other 2 CANARIES code, https://github.com/HexHive/magma/blob/75d1ae7b180443a778b8830c79176ca5f93642ac/targets/openssl/patches/bugs/SSL015.patch#L40 https://github.com/HexHive/magma/blob/75d1ae7b180443a778b8830c79176ca5f93642ac/targets/openssl/patches/bugs/SSL015.patch#L61 `p7->d.ptr` should also be null...

dlt_jnpr_ether_cleanup: check config before cleanup

Fix #812 The `ctx->encoder->config` is somehow already cleaned up in `dlt_en10mb_cleanup()` and set as `NULL`, so I add a check in `dlt_jnpr_ether_cleanup()`. ``` (gdb) p & ctx->encoder->config $1 = (void...

add Dockerfile & fix README

Use `docker build -t aflcc ./` to install the docker and `docker run -v /PATH/TO/TARGET/SOURCECODE/:/data -it --rm aflcc /bin/bash` to start the docker

Fix README.md

Fix wrong commands in README.md