Am Fri, 07 Nov 2014 16:45:07 +0100
schrieb Mark Wielaard <mjw@redhat.com>:

> > Fixes some of them but not all.
> > Still crashers:
> > id:000053,src:000000,op:flip1,pos:879
> > id:000054,src:000000,op:flip1,pos:885
> 
> Those seem fine for me. How do they crash for you? Could you run under
> gdb and provide a backtrace?

Hmm, interesting, seems these only crash if compiled with american
fuzzy lop instructions...
Maybe this is a bug in afl or maybe it is triggered by the
circumstances.

valgrind says on id:000053,src:000000,op:flip1,pos:879:
ELF Header:
vex x86->IR: unhandled instruction bytes: 0xC5 0xF8 0x77 0xE8
==6217== valgrind: Unrecognised instruction at address 0x410f7a7.
==6217==    at 0x410F7A7: vfprintf (in /lib32/libc-2.19.so)
==6217==    by 0x41C766F: __printf_chk (in /lib32/libc-2.19.so)
==6217==    by 0x805F27D: printf (stdio2.h:104)
==6217==    by 0x805F27D: print_ehdr (readelf.c:944)
==6217==    by 0x806E004: process_elf_file (readelf.c:869)
==6217==    by 0x806E004: process_dwflmod (readelf.c:691)
==6217==    by 0x4082BE3: dwfl_getmodules (in /usr/lib32/libdw-0.158.so)
==6217==    by 0x80580D2: process_file (readelf.c:790)
==6217==    by 0x804AD57: main (readelf.c:296)

gdb backtrace:
Program received signal SIGSEGV, Segmentation fault.
0xf7de4e37 in vfprintf () from /lib32/libc.so.6
(gdb) bt
#0  0xf7de4e37 in vfprintf () from /lib32/libc.so.6
#1  0xf7e99670 in __printf_chk () from /lib32/libc.so.6
#2  0x08064818 in printf (__fmt=0x809e055 "(%s)")
at /usr/include/bits/stdio2.h:104 #3  handle_versym (scn=0x80aef04,
shdr=0xffffcae8, ebl=<optimized out>) at readelf.c:2860 #4  0x08070531
in print_verinfo (ebl=<optimized out>) at readelf.c:2402 #5
process_elf_file (fd=<optimized out>, dwflmod=<optimized out>) at
readelf.c:885 #6  process_dwflmod (dwflmod=0x80ae8a8,
userdata=0x80ae8b0, name=0x80ae9b8
"id:000053,src:000000,op:flip1,pos:879", base=4194304, arg=0xffffca00)
at readelf.c:691 #7  0xf7f7ebe4 in dwfl_getmodules ()
from /usr/lib32/libdw.so.1 #8  0x080580d3 in process_file
(fd=fd(a)entry=3, fname=<optimized out>, only_one=only_one(a)entry=true) at
readelf.c:790 #9  0x0804ad58 in main (argc=3, argv=0xffffce84) at
readelf.c:296


-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: BBB51E42