Created
November 24, 2023 07:59
-
-
Save Mech0n/1abbcb762ebdf9bb0b55ac448bc49f76 to your computer and use it in GitHub Desktop.
find all crash case after fuzzing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
python3 test_crashes.py <result> -- <bin_with_asan> <args contains args> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import os | |
from rich import print | |
import subprocess | |
import sys | |
import json | |
import random | |
CRASH_DIR = "" | |
BIN_DIR = "" | |
def do_add(s, x): | |
return len(s) != (s.add(x) or len(s)) | |
def main(): | |
# parse cmdline args | |
if len(sys.argv) <= 4: | |
print("Usage: Run python3 test_crashes.py path -- args (args contains @@ as the crash file)") | |
exit(-1) | |
if (sys.argv[2] != '--'): | |
print("Usage: Run python3 test_crashes.py path -- args (args contains @@ as the crash file)") | |
exit(-1) | |
CRASH_DIR = sys.argv[1] | |
print(f"[*] CRASH_DIR\t: {CRASH_DIR}") | |
BIN_DIR = sys.argv[3] | |
print(f"[*] BIN_DIR\t: {BIN_DIR}") | |
run_args = sys.argv[3:] | |
if '@@' not in run_args: | |
print("Usage: Run python3 test_crashes.py path -- args (args contains @@ as the crash file)") | |
exit(-1) | |
print(f"[*] Your CMD:") | |
print(run_args) | |
# travel all crashes | |
crashes_list = set() | |
for root, _, fs in os.walk(CRASH_DIR): | |
if not root.endswith("crashes"): | |
continue | |
for file in fs: | |
if not file.startswith("id"): | |
continue | |
crashes_list.add(os.path.join(root, file)) | |
crashes_count = len(crashes_list) | |
# print(f"[*] crashes: ") | |
# print(crashes_list) | |
print(f"[*] crashes counts: {crashes_count}") | |
input("Continue Run Crashes? Ctrl-C to exit.") | |
# test all crashes | |
crashes_types = set() | |
crashes_types_info = {} | |
for i, crash in enumerate(crashes_list): | |
try: | |
print(f"[*] Running {[crash if x == '@@' else x for x in run_args]} ... {i}") | |
result = subprocess.check_output( | |
[crash if x == '@@' else x for x in run_args], | |
stderr=subprocess.STDOUT, | |
# env={ | |
# "LD_LIBRARY_PATH": "$LD_LIBRARY_PATH" | |
# }, | |
) | |
except subprocess.CalledProcessError as e: | |
if len(e.stdout) > 0: | |
asan_result = e.stdout.decode().split("\n") | |
RW = "" | |
for line in asan_result: | |
if line.startswith("READ"): | |
RW = "READ" | |
if line.startswith("WRITE"): | |
RW = "WRITE" | |
if line.startswith("SUMMARY: AddressSanitizer:"): | |
asan_summary = line.split(" ") | |
if len(asan_summary) >= 6: | |
if do_add(crashes_types, (asan_summary[2], asan_summary[3], asan_summary[5])): | |
print(f"[*] add : {(RW, asan_summary[2], asan_summary[3], asan_summary[5], crash)}") | |
crashes_types_info[crash] = (RW, asan_summary[2], asan_summary[3], asan_summary[5]) | |
# crashes_types.add((asan_summary[2], asan_summary[3], asan_summary[5])) | |
# TODO: maybe add some more info when saving the res. | |
result_file_name = random.getrandbits(128) | |
with open(f"{str(result_file_name)}.json", "w") as f: | |
json.dump(crashes_types_info, f, indent=2) | |
print(f"[*] result saved in {str(result_file_name)}.json") | |
if __name__ == "__main__": | |
main() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment