Burkov Egor
Burkov Egor
I don't have source code for target library :\
Symbolized asan report btw: ``` gum_read_auxv_from_stack /home/runner/work/frida/frida/build/../subprojects/frida-gum/gum/backend-linux/gumprocess-linux.c:481:13 gum_query_program_ranges /home/runner/work/frida/frida/build/../subprojects/frida-gum/gum/backend-linux/gumprocess-linux.c:397:10 gum_query_program_modules /home/runner/work/frida/frida/build/../subprojects/frida-gum/gum/backend-linux/gumprocess-linux.c:309:16 gum_do_enumerate_modules /home/runner/work/frida/frida/build/../subprojects/frida-gum/gum/backend-linux/gumprocess-linux.c:1082:8 gum_process_enumerate_modules /home/runner/work/frida/frida/build/../subprojects/frida-gum/gum/gumprocess.c:262:3 gumjs_process_find_module_by_name_impl /home/runner/work/frida/frida/build/../subprojects/frida-gum/bindings/gumjs/gumquickprocess.c:480:3 gumjs_process_find_module_by_name /home/runner/work/frida/frida/build/../subprojects/frida-gum/bindings/gumjs/gumquickprocess.c:463:1 js_call_c_function /__w/frida/frida/deps/src/_sdk.tmp/android-arm64/quickjs/../../../quickjs/quickjs.c:16225:19 JS_CallInternal /__w/frida/frida/deps/src/_sdk.tmp/android-arm64/quickjs/../../../quickjs/quickjs.c:16420:16 JS_CallInternal /__w/frida/frida/deps/src/_sdk.tmp/android-arm64/quickjs/../../../quickjs/quickjs.c:16827:27 JS_CallInternal /__w/frida/frida/deps/src/_sdk.tmp/android-arm64/quickjs/../../../quickjs/quickjs.c:16827:27 JS_CallFree /__w/frida/frida/deps/src/_sdk.tmp/android-arm64/quickjs/../../../quickjs/quickjs.c:18893:19 JS_EvalFunctionInternal...
> Looks like FRIDA is triggering ASAN while searching for the auxilliary vector on the stack, [here](https://github.com/frida/frida-gum/blob/dc11cd1c7411b1dc7d2472bbdcaf823270294a5c/gum/backend-linux/gumprocess-linux.c#L458). ASAN is triggered by a call to `memmem` which it hooks, so while...
> AFL_DEBUG_CHILD Same output. Very interesting why on x86 Android emu it works fine.
Got it! Expand me ``` [+] Enabled environment variable AFL_DEBUG with value 1 [+] Enabled environment variable AFL_PRELOAD with value ./libclang_rt.asan-aarch64-android.so [+] Enabled environment variable AFL_DEBUG_CHILD with value 1 [+]...
I'm using latest frida using tarball from release page. > If you add some `printfs` into the code and run with `AFL_DEBUG_CHILD`, you should hopefully be able to see why...
Okay, I replaced memmem in `gum_read_auxv_from_stack` with non-asan realization and it works fine, but have some problems with DSO of fuzzed app =0
For me helps downgrade to frida-gum 16.0.3 with replacing memmem to static (which no hooked by asan). And everything works fine now Thanks for help
No, I don't get panic, just triaging sast result, and thought that we can get it here.
Hi! I just expect to some library error, not reading undefined exception ```console docker run -it --rm node:24-alpine3.21 sh mkdir src && cd src npm init npm install braces node...