Critical Error - Injection Bug #81
Description
Work environment
| Questions | Answers |
|---|---|
| Which component is breaking | Bug Injection |
| Source of LAVA | git clone |
| Version/git commit | v3.1.0 |
Expected behavior
When completing the bug injection step, your yield should NOT be 0.
Actual behavior
Currently, the yield is consistently 0 exploitable bugs.
Steps to reproduce the behavior
Run LAVA end-to-end, and you will see 0 bugs with exploits at the end.
- Use code markdown
CODEto make your code visible
Additional Logs, screenshots, source code, configuration dump, ...
At first, using PANDA v1.8.76, it can pass one injection, but once a certain AST node name, *(((**(((*f)._chain)))._chain)) is passed, Clang can't handle that complicated AST node name on direct code injection. So it would crash.
The obvious attempt was to ban AST node names with **, as seen in here, but it seems that this is the wrong approach? See the PR for better notes on how this was fixed.
