diff options
| author | van Hauser <vh@thc.org> | 2022-01-20 16:17:08 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-20 16:17:08 +0100 |
| commit | 7aced239e8a0855d87ecc921ba5691b29202ec1e (patch) | |
| tree | a8e877a149495ea4ec48723d8af57426f8322a3a /docs/FAQ.md | |
| parent | 9242e0db8ac8a0e82d78432af389108e74700f00 (diff) | |
| parent | d1de12d6175cd84357eadbf204e15b184b22ae42 (diff) | |
| download | afl++-7aced239e8a0855d87ecc921ba5691b29202ec1e.tar.gz | |
Merge pull request #1294 from AFLplusplus/dev
Push to stable
Diffstat (limited to 'docs/FAQ.md')
| -rw-r--r-- | docs/FAQ.md | 37 |
1 files changed, 31 insertions, 6 deletions
diff --git a/docs/FAQ.md b/docs/FAQ.md index 3d3dce20..73328d6e 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -58,10 +58,10 @@ If you find an interesting or important question missing, submit it via A program contains `functions`, `functions` contain the compiled machine code. The compiled machine code in a `function` can be in a single or many `basic - blocks`. A `basic block` is the largest possible number of subsequent machine - code instructions that has exactly one entry point (which can be be entered by - multiple other basic blocks) and runs linearly without branching or jumping to - other addresses (except at the end). + blocks`. A `basic block` is the **largest possible number of subsequent machine + code instructions** that has **exactly one entry point** (which can be be entered by + multiple other basic blocks) and runs linearly **without branching or jumping to + other addresses** (except at the end). ``` function() { @@ -191,7 +191,7 @@ If you find an interesting or important question missing, submit it via AFL++ comes with several power schedules, initially ported from [AFLFast](https://github.com/mboehme/aflfast) however modified to be more effective and several more modes added. - The most effective modes are '-p fast` (default) and `-p explore`. + The most effective modes are `-p fast` (default) and `-p explore`. If you fuzz with several parallel afl-fuzz instances, then it is beneficial to assign a different schedule to each instance, however the majority should @@ -204,6 +204,31 @@ If you find an interesting or important question missing, submit it via ## Troubleshooting <details> + <summary id="fatal-forkserver-is-already-up-but-an-instrumented-dlopen-library-loaded-afterwards">FATAL: forkserver is already up but an instrumented dlopen library loaded afterwards</summary><p> + + It can happen that you see this error on startup when fuzzing a target: + + ``` + [-] FATAL: forkserver is already up, but an instrumented dlopen() library + loaded afterwards. You must AFL_PRELOAD such libraries to be able + to fuzz them or LD_PRELOAD to run outside of afl-fuzz. + To ignore this set AFL_IGNORE_PROBLEMS=1. + ``` + + As the error describes, a dlopen() call is happening in the target that is loading an instrumented library after the forkserver is already in place, + This is a problem for afl-fuzz because when the forkserver is started we must know the map size already and it can't be changed later. + + The best solution is to simply set `AFL_PRELOAD=foo.so` the libraries that + are dlopen'ed (e.g. use `strace` to see which), or to set a manual forkserver + after the final dlopen(). + + If this is not a viable option you can set `AFL_IGNORE_PROBLEMS=1` but then + the existing map will be used also for the newly loaded libraries, which + allows it to work, however the efficiency of the fuzzing will be partially + degraded. +</p></details> + +<details> <summary id="i-got-a-weird-compile-error-from-clang">I got a weird compile error from clang.</summary><p> If you see this kind of error when trying to instrument a target with @@ -225,4 +250,4 @@ If you find an interesting or important question missing, submit it via package and because of that the AFL++ llvm plugins do not match anymore. Solution: `git pull ; make clean install` of AFL++. -</p></details>
\ No newline at end of file +</p></details> |