Static Analysis Error In ImageMagick (:-1: Bug: typeOfLval: Mem on a non-pointer (__cil_tmp76))

[goldthree-shit]

When I try to use DAFL-artifact to fuzz ImageMagick , I encounter an error, error message:

--------------------------------------------------------------------------------
Front-end begins...
--------------------------------------------------------------------------------
Warning: init list  xwindow.c:2107
Warning: init list 
xwindow.c:2107
Warning: init list  xwindow.c:2107
Warning: init list 
xwindow.c:2107
Warning: init list  xwindow.c:2107
Warning: init list 
xwindow.c:2107
:-1: Bug: typeOfLval: Mem on a non-pointer (__cil_tmp76)
Fatal error: exception Errormsg.Error
Raised at Stdlib__String.index_rec in file "string.ml" (inlined), line 128, characters 19-34
Called from Stdlib__String.index in file "string.ml", line 132, characters 16-42
Called from Pretty.breakString in file "src/ocamlutil/pretty.ml", line 78, characters 18-41
[*] Executing: cp /benchmark/tmp/magick-2017-14224/2017-14224/slice_func.txt /benchmark/DAFL-input/inst-targ/magick-2017-14224/2017-14224
[*] Executing: cp /benchmark/tmp/magick-2017-14224/2017-14224/slice_dfg.txt /benchmark/DAFL-input/dfg/magick-2017-14224/2017-14224

Reproduce:

git clone https://github.com/ImageMagick/ImageMagick
cd ImageMagick
git checkout 280ba7f732291ade6933ab400e15ab34ec774ba9
export CC="clang"
export CXX="clang++"
export CMAKE_EXPORT_COMPILE_COMMANDS=1
./configure --enable-static=yes  --enable-shared=no
yes | /smake/smake --init
/smake/smake -j 1
cp -r /path/to/ImageMagick/sparrow/utilities/magick /benchmark/smake-out/magick-2017-14224

Above steps could success execute, and then I attemp to static analysis, Follow DAFL's evaluation setting:

• setting target line:

echo "pcx.c:1094" > /benchmark/target/line/magick-2017-14224/2017-14224

• Add element to benchmark.py,

SLICE_TARGETS = {
    'magick-2017-14224': {
        'frontend':'clang', # if use cli, also encounter another error, syntax error， I guess DAFL does not support grammer "#program" in C program
        'entry_point':'main',
        'bugs': ['2017-14224']
    }
}

• Run sparrow

python3 /benchmark/scripts/run_sparrow.py magick-2017-14224 thin

• Then will arise:

root@dell:/benchmark/scripts# python3 /benchmark/scripts/run_sparrow.py magick-2017-14224 thin
/benchmark/smake-out/magick-2017-14224/f4.MagickCore_libMagickCore_7_Q16HDRI_la-bgr.o.i /benchmark/smake-out/magick-2017-14224/156.MagickCore_libMagickCore_7_Q16HDRI_la-mvg.o.i /benchmark/smake-out/magick-2017-14224/162.MagickCore_libMagickCore_7_Q16HDRI_la-pdb.o.i /benchmark/smake-out/magick-2017-14224/106.MagickCore_libMagickCore_7_Q16HDRI_la-colorspace.o.i /benchmark/smake-out/magick-2017-14224/77.MagickCore_libMagickCore_7_Q16HDRI_la-pcx.o.i /benchmark/smake-out/magick-2017-14224/108.MagickCore_libMagickCore_7_Q16HDRI_la-composite.o.i /benchmark/smake-out/magick-2017-14224/c4.MagickCore_libMagickCore_7_Q16HDRI_la-wpg.o.i /benchmark/smake-out/magick-2017-14224/58.MagickCore_libMagickCore_7_Q16HDRI_la-magick.o.i /benchmark/smake-out/magick-2017-14224/00.magick.o.i /benchmark/smake-
.....
--------------------------------------------------------------------------------
Front-end begins...
--------------------------------------------------------------------------------
Warning: init list  xwindow.c:2107
Warning: init list 
xwindow.c:2107
Warning: init list  xwindow.c:2107
Warning: init list 
xwindow.c:2107
Warning: init list  xwindow.c:2107
Warning: init list 
xwindow.c:2107
:-1: Bug: typeOfLval: Mem on a non-pointer (__cil_tmp76)
Fatal error: exception Errormsg.Error
Raised at Stdlib__String.index_rec in file "string.ml" (inlined), line 128, characters 19-34
Called from Stdlib__String.index in file "string.ml", line 132, characters 16-42
Called from Pretty.breakString in file "src/ocamlutil/pretty.ml", line 78, characters 18-41
[*] Executing: cp /benchmark/tmp/magick-2017-14224/2017-14224/slice_func.txt /benchmark/DAFL-input/inst-targ/magick-2017-14224/2017-14224
[*] Executing: cp /benchmark/tmp/magick-2017-14224/2017-14224/slice_dfg.txt /benchmark/DAFL-input/dfg/magick-2017-14224/2017-14224

enviroment

prosyslab/dafl-artifact

Could tell me how to correct use DAFL-artifact to fuzz ImageMagick ? Thanks!

[Crispy-fried-chicken]

@hy38 @goodtaeeun Hi, I also met this problem. Could you please tell me how to fix it?

[goodtaeeun]

Hi, thank you for using DAFL.
Would you mind trying 'frontend': 'claml' in benchmark.py instead of clang or cil?
This is an alternative frontend parser module for our analyzer.
I checked that it gets past the frontend stage where your error occurred.