0

I am quite new to the AFL tool and read their quickstart guide. While the Klee tool, can detect the following bug, it seems like AFL is unable to catch it. Could someone please tell why is that the case?


#include<stdio.h>
int get_sign(int x) {
  int foo[3] = {1,2,3};
    if (x == 0)
        return foo[x];

    if (x < 0)
        return foo[x];
    else
        return foo[x];
}

int main() {
    int a;
    printf("Give some input :\n");
    scanf("%d", &a);
  
    return get_sign(a);
}

Please let me know if any further information is required.

desert_ranger
  • 1,096
  • 3
  • 13
  • 26

1 Answers1

1

Two items for you to check:

1. Enable ASAN

Not all memory access violation will cause crash. In your code, even you input -1, it won't crash. AFL need crashes to know if AFL hit a bug.

Check this article: https://fuzzing-project.org/tutorial3.html

2. Check your test harness

I don't know if you have any modification before you fuzz the get_sign. Maybe the get_sign never receive AFL's input. Or you may try file input. AFL will send file path as argument for your test harness to load.

Nick
  • 32
  • 4