pythonfuzz icon indicating copy to clipboard operation
pythonfuzz copied to clipboard
verified publisher icon fuzzitdev

Add a way to save hard crashes

Open jvoisin opened this issue 6 years ago • 5 comments

While fuzzing some python stuff, I've found several heap-corruption issues. Unfortunately, since the whole Python thingy is crashing in a weird way, the crashing input isn't saved, and this is annoying.

It would be nice to have a way (maybe hidden behind a flag) to keep this kind of crashes.

jvoisin avatar Dec 18 '19 18:12 jvoisin

heap-corruption issues in the runtime itself? this is cool!(would love to see that when possible/fixed). The only way I can think of saving those kind of crashes are saving each time the last input on disk but that will kind of slow the whole thing down. Do you have some kind of reproduction for this? maybe it's just running out of memory?

yevgenypats avatar Dec 18 '19 18:12 yevgenypats

I thought about keeping everything, but it would murder the performances. A better way would be to have a better monitoring of the fuzzee's process, to detect this kind of issues, and dump the input.

I'm currently trying to run my fuzzer in an ASAN environment, to see if I can reproduce this.

jvoisin avatar Dec 18 '19 18:12 jvoisin

If you have a reproduction you can share I'll be happy to take a look at this. sounds like an interesting case-study.

yevgenypats avatar Dec 18 '19 18:12 yevgenypats

You can always use something like this I guess:

import ctypes

i = ctypes.c_char(b'a')
j = ctypes.pointer(i)
c = 0
while True:
    j[c] = b'a'
    c += 1

jvoisin avatar Dec 18 '19 19:12 jvoisin

Ah got it, you meant code that uses cbindings. That makes more sense now.

yevgenypats avatar Dec 19 '19 07:12 yevgenypats