| 7 Oct 2025 |
 fzakaria | i just wasn't sure if i would "reset it" correctly | 19:51:53 |
| fzakaria | did you give it a dictionary? | 19:53:11 |
 lovesegfault | i did not | 19:54:37 |
| fzakaria | I saw you could; the bash.dict in AFL++ is a good example. That PR is pretty slick; I don't understand yet the N fuzzers but must be a feature with harness i'm not familiar with | 19:56:27 |
| lovesegfault | i took it from this: https://aflplus.plus/docs/fuzzing_in_depth/#c-using-multiple-cores | 19:58:01 |
| fzakaria | afl-tmin is pretty cool too. | 19:58:09 |
| lovesegfault | i'm trying out a dictionary, let's see | 19:58:19 |
| fzakaria | (even minimizes without a crash to give you same coverage) | 19:58:25 |
| fzakaria | the sweet of tools is insane | 19:58:57 |
| fzakaria | like https://aflplus.plus/docs/technical_details/#13-the-afl-analyze-tool | 19:59:24 |
| lovesegfault | i wonder if i need each secondary fuzzer to get passed -x as well | 20:00:15 |
| fzakaria | here is my dumb (I wanted to learn it) post https://fzakaria.com/2025/10/07/fuzzing-for-fun-and-profit | 20:00:16 |
| fzakaria | might be cool to look at queue and have AFL try to do nix build; see what interesting derivations it comes up with :P | 20:01:44 |
| fzakaria | since at some point it needs to do derivation function or use nixpkgs... it cant just evaluate simple Nix expressions | 20:02:23 |
| fzakaria | similar to https://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-thin-air.html | 20:04:06 |
| lovesegfault | oh, the dictionary made it better i think | 20:04:25 |
| lovesegfault | it's getting more coverage now | 20:04:29 |
| fzakaria | let's see what AFL cooks up as a derivation | 20:13:49 |
| lovesegfault | pushed the dict work | 20:30:22 |
| fzakaria | my coverage sucks; is it the map density ? | 20:30:52 |
| fzakaria | okay this is crazy | 20:39:58 |
| fzakaria | this is a valid derivation | 20:40:02 |
| fzakaria |
builtins�ivatorld' > $out" ];⏎
| 20:40:04 |
| fzakaria | cat output_dir/default/queue/id:000001,src:000000,time:7439,execs:424,op:havoc,rep:2,+cov
builtins�ivatorld' > $out" ];⏎
> nix build -f output_dir/default/queue/id:000001,src:000000,time:7439,execs:424,op:havoc,rep:2,+cov
| 20:40:31 |
| fzakaria | * cat output_dir/default/queue/id:000001,src:000000,time:7439,execs:424,op:havoc,rep:2,+cov
builtins�ivatorld' > $out" ];⏎
> nix build -f output_dir/default/queue/id:000001,src:000000,time:7439,execs:424,op:havoc,rep:2,+cov
> echo $status
0
| 20:40:44 |
| fzakaria | well ... it just exits with 0 ... but there is no result | 20:42:37 |
| fzakaria | (lots of other similar cases) | 20:42:45 |
 dramforever | can you get a hexdump? i want to take a look | 20:46:33 |
| fzakaria | I have tons of them. | 20:46:42 |
| fzakaria | here is a small one | 20:46:58 |
