SIGSEGV for every seed?

[landaire]

Running zzuf on my target produces zzuf[s=0,r=0.004]: signal 11 (SIGSEGV) for every seed value provided. Running the application with the modified file though normally and in lldb I can see no evidence of a segfault. Is there a way to debug this false positive? Running the application with valgrind -q the only suspicious behavior I can see is Conditional jump or move depends on uninitialised value(s) and Use of uninitialised value of size 8.

This occurs on OS X 10.11.2 if it matters.

[samhocevar]

This is likely caused by zzuf not understanding what the application does in terms of read/write operations, and fuzzing data that shouldn’t be fuzzed, or not fuzzing data that should be fuzzed. You can use the -d flag (also twice: -dd) to see what it thinks the application does and how it acts upon it.

Note that the OS X port hasn’t been maintained for years, as I don’t have access to Mac hardware and mostly rely on user contributions.

[theopolis]

I saw this for some C++ binaries, tracked it down to malloc and free but couldn't reduce the error any further. :/

For a quick and dirty fix: theopolis@9edc7f9

[landaire]

I'll give it a try later, thanks @theopolis

[JulianVolodia]

Note that the OS X port hasn’t been maintained for years, as I don’t have access to Mac hardware and mostly rely on user contributions.

@samhocevar it could be done now without HW, using TravisCI (for free).

@landaire, it is old. Did you tried that fix?