PROGRAM ABORT : Null reference Location : stricmp(), src/afl-fuzz.c:490

[Pr0methean]

I get this error when running a fuzz target on a GitHub Actions ubuntu-latest runner:

Run actions-rs/cargo@v1
  with:
    command: afl
    args: fuzz -i /home/runner/work/zip2/zip2/fuzz_read/in -o out -V 3600 -a binary -- /home/runner/work/zip2/zip2/fuzz_read/target/debug/fuzz_read
    use-cross: false
  env:
    RUSTFLAGS: -Dwarnings
/home/runner/.cargo/bin/cargo afl fuzz -i /home/runner/work/zip2/zip2/fuzz_read/in -o out -V 3600 -a binary -- /home/runner/work/zip2/zip2/fuzz_read/target/debug/fuzz_read
afl-fuzz++4.31c based on afl by Michal Zalewski and a large online community
25h
[-] PROGRAM ABORT : Null reference
         Location : stricmp(), src/afl-fuzz.c:490

The output of cargo afl system-config was:

Run actions-rs/cargo@v1
  with:
    command: afl
    args: system-config
    use-cross: false
  env:
    RUSTFLAGS: -Dwarnings
/home/runner/.cargo/bin/cargo afl system-config
Running: "sudo" "--reset-timestamp" "/home/runner/.local/share/afl.rs/rustc-1.87.0-nightly-617aad8/afl.rs-0.15.15/afl/bin/afl-system-config"
This reconfigures the system to have a better fuzzing performance.
WARNING: this reduces the security of the system!

sysctl: cannot stat /proc/sys/kernel/sched_child_runs_first: No such file or directory
Settings applied.

It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this:
  /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs pcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=on pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"

If you run fuzzing instances in docker, run them with "--security-opt seccomp=unconfined" for more speed.

Updating from 0.15.10 to 0.15.15 doesn't fix this.

[Pr0methean]

I've tried installing llvm separately from the Rust toolchain (the way this repo's CI workflow does) and running cargo afl config --plugins --force or cargo afl config --build --plugins --force, but I still get the error.

[Pr0methean]

Update: On my Ubuntu laptop, I managed to fix this by removing the flag -a binary. The input corpus is in binary format, but the input dictionary is in text format. Checking whether that fixes it in GitHub Actions...

[smoelius]

@Pr0methean Are you still having trouble?

Based on your last message, it sounds like you can reproduce the problem locally (not just in just in CI).

Also, just to set expectations, this may be a problem in AFL++ and not something we can fix in afl.rs:

[-] PROGRAM ABORT : Null reference
Location : stricmp(), src/afl-fuzz.c:490

[vanhauser-thc]

this is a bug in afl-fuzz that was fixed in the dev branch on the 14th February.
if you use an older afl-fuzz than you cannot use the -a parameter.

[Pr0methean]

My workaround seems to be effective; this can probably be closed once cargo-afl picks up the next release of AFL++.

[smoelius]

My workaround seems to be effective; this can probably be closed once cargo-afl picks up the next release of AFL++.

@Pr0methean cargo-afl version 0.15.18 was just released, and it uses AFL++ version 4.32c.

Do you want to test it before we close this?