def _run_trace(self, stdout_file=None):
"""
accumulate a basic block trace using qemu
"""
timeout = 0.05
if len(self.binaries) > 1:
timeout = 0.25
args = ["timeout", "-k", str(timeout), str(timeout)]
args += [os.path.join(self.base_dir, "bin", "fakesingle")]
if self.use_alt_flag:
args += ["-s", self.SEED_ALT]
else:
args += ["-s", self.SEED]
args += self.binaries
with open('/dev/null', 'wb') as devnull:
stdout_f = devnull
if stdout_file is not None:
stdout_f = open(stdout_file, 'wb')
l.debug("tracing as raw input")
p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=stdout_f, stderr=devnull)
_, _ = p.communicate(self.payload)
ret = p.wait()
self.returncode = p.returncode
# did a crash occur?
if ret < 0 or ret == 139:
if abs(ret) == signal.SIGSEGV or abs(ret) == signal.SIGILL or ret == 139:
l.info("input caused a crash (signal %d) during dynamic tracing", abs(ret))
l.debug("entering crash mode")
self.crash_mode = True
if stdout_file is not None:
stdout_f.close()
评论列表
文章目录
