From d946be29b9a15a28f5b19bd6abc01d2ca0ed44ba Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Sun, 1 Mar 2020 11:16:43 +0100 Subject: [PATCH 1/7] fix #218 --- llvm_mode/afl-clang-fast.c | 1 + 1 file changed, 1 insertion(+) diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index dd8d2dfc..fa3b5c78 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -43,6 +43,7 @@ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ static u8 llvm_fullpath[PATH_MAX]; static u8 cmplog_mode; u8 use_stdin = 0; /* dummy */ +u8 be_quiet = 0; /* Try to find the runtime libraries. If that fails, abort. */ From 59b80cb01e49804f1b6fabffa36514bb6a6a4fea Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Sun, 1 Mar 2020 11:51:15 +0100 Subject: [PATCH 2/7] fix #218 for GCC plugin --- gcc_plugin/afl-gcc-fast.c | 1 + 1 file changed, 1 insertion(+) diff --git a/gcc_plugin/afl-gcc-fast.c b/gcc_plugin/afl-gcc-fast.c index 91b786ba..a57f48d3 100644 --- a/gcc_plugin/afl-gcc-fast.c +++ b/gcc_plugin/afl-gcc-fast.c @@ -41,6 +41,7 @@ static u8* obj_path; /* Path to runtime libraries */ static u8** cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ u8 use_stdin = 0; /* dummy */ +u8 be_quiet; /* Try to find the runtime libraries. If that fails, abort. */ From 6865cd8d691385f805a63b62f9836abf98061e4f Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 1 Mar 2020 13:46:57 +0100 Subject: [PATCH 3/7] Added AFL_AUTORESUME option --- docs/Changelog.md | 1 + docs/env_variables.md | 4 ++++ include/afl-fuzz.h | 1 - include/envs.h | 1 + src/afl-fuzz-init.c | 20 +++++++++++++++----- src/afl-fuzz.c | 11 +++++++++-- 6 files changed, 30 insertions(+), 8 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 2548a356..ab374596 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -13,6 +13,7 @@ sending a mail to . - qemu_mode now uses solely the internal capstone version to fix builds on modern Linux distributions - more tools get environment variable usage info in the help output + - AFL_AUTORESUME will resume execution without the need to specify `-i -` ### Version ++2.62c (release): diff --git a/docs/env_variables.md b/docs/env_variables.md index fdc86a42..527f1c1b 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -265,6 +265,10 @@ checks or alter some of the more exotic semantics of the tool: - Setting AFL_NO_CPU_RED will not display very high cpu usages in red color. + - Setting AFL_AUTORESUME will resume a fuzz run (same as providing `-i -`) + for an existing out folder, even if a different `-i` was provided. + Without this setting, afl-fuzz will refuse execution for a long-fuzzed out dir. + - Outdated environment variables that are that not supported anymore: AFL_DEFER_FORKSRV AFL_PERSISTENT diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 46bead3a..25764726 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -636,7 +636,6 @@ u32 find_start_position(void); void find_timeout(void); double get_runnable_processes(void); void nuke_resume_dir(void); -void maybe_delete_out_dir(void); void setup_dirs_fds(void); void setup_cmdline_file(char**); void setup_stdio_file(void); diff --git a/include/envs.h b/include/envs.h index 0f7ed37a..306143be 100644 --- a/include/envs.h +++ b/include/envs.h @@ -1,6 +1,7 @@ const char *afl_environment_variables[] = { "AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS", + "AFL_AUTORESUME", "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE", "AFL_BENCH_UNTIL_CRASH", "AFL_CAL_FAST", "AFL_CC", "AFL_CMIN_ALLOW_ANY", "AFL_CMIN_CRASHES_ONLY", "AFL_CODE_END", "AFL_CODE_START", "AFL_COMPCOV_BINNAME", diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 632cdf6b..6e7d3f74 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -894,7 +894,7 @@ void find_timeout(void) { } -/* A helper function for maybe_delete_out_dir(), deleting all prefixed +/* A helper function for handle_existing_out_dir(), deleting all prefixed files in a directory. */ static u8 delete_files(u8* path, u8* prefix) { @@ -1018,9 +1018,10 @@ dir_cleanup_failed: } /* Delete fuzzer output directory if we recognize it as ours, if the fuzzer - is not currently running, and if the last run time isn't too great. */ + is not currently running, and if the last run time isn't too great. + Resume fuzzing if `-` is set as in_dir or if AFL_AUTORESUME is set */ -void maybe_delete_out_dir(void) { +static void handle_existing_out_dir(void) { FILE* f; u8* fn = alloc_printf("%s/fuzzer_stats", out_dir); @@ -1063,6 +1064,15 @@ void maybe_delete_out_dir(void) { fclose(f); + /* Autoresume treats a normal run as in_place_resume if a valid out dir already exists */ + + if (getenv("AFL_AUTORESUME")) { + + OKF("Detected prior run with AFL_AUTORESUME set. Resuming."); + in_place_resume = 1; + + } + /* Let's see how much work is at stake. */ if (!in_place_resume && last_update - start_time2 > OUTPUT_GRACE * 60) { @@ -1079,7 +1089,7 @@ void maybe_delete_out_dir(void) { " or specify a different output location for this job. To resume " "the old\n" " session, put '-' as the input directory in the command line " - "('-i -') and\n" + "('-i -') or set the AFL_AUTORESUME=1 env variable and\n" " try again.\n", OUTPUT_GRACE); @@ -1306,7 +1316,7 @@ void setup_dirs_fds(void) { if (errno != EEXIST) PFATAL("Unable to create '%s'", out_dir); - maybe_delete_out_dir(); + handle_existing_out_dir(); } else { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index c7f8ccad..d4c75d9c 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -314,7 +314,14 @@ int main(int argc, char** argv, char** envp) { if (in_dir) FATAL("Multiple -i options not supported"); in_dir = optarg; - if (!strcmp(in_dir, "-")) in_place_resume = 1; + if (!strcmp(in_dir, "-")) { + + if (getenv("AFL_AUTORESUME")) + WARNF("AFL_AUTORESUME has no effect for '-i -'"); + + in_place_resume = 1; + + } break; @@ -649,7 +656,7 @@ int main(int argc, char** argv, char** envp) { usage(argv[0], show_help); OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" " - "Eißfeldt and Andrea Fioraldi"); + "Eißfeldt, Andrea Fioraldi and Dominik Maier"); OKF("afl++ is open source, get it at " "https://github.com/vanhauser-thc/AFLplusplus"); OKF("Power schedules from github.com/mboehme/aflfast"); From 3e0a3ec45fe35f62a293d86139913ecf45670535 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 1 Mar 2020 14:09:21 +0100 Subject: [PATCH 4/7] migrated autoresume to use get_afl_env --- include/afl-fuzz.h | 1 + src/afl-fuzz-globals.c | 1 + src/afl-fuzz-init.c | 2 +- src/afl-fuzz.c | 17 +++++++++-------- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 25764726..1999f16c 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -315,6 +315,7 @@ extern u8 skip_deterministic, /* Skip deterministic stages? */ no_forkserver, /* Disable forkserver? */ crash_mode, /* Crash mode! Yeah! */ in_place_resume, /* Attempt in-place resume? */ + autoresume, /* Resume if out_dir exists? */ auto_changed, /* Auto-generated tokens changed? */ no_cpu_meter_red, /* Feng shui on the status screen */ no_arith, /* Skip most arithmetic ops */ diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index fc71d29d..ae343026 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -115,6 +115,7 @@ u8 skip_deterministic, /* Skip deterministic stages? */ no_forkserver, /* Disable forkserver? */ crash_mode, /* Crash mode! Yeah! */ in_place_resume, /* Attempt in-place resume? */ + autoresume, /* Resume if out_dir exists? */ auto_changed, /* Auto-generated tokens changed? */ no_cpu_meter_red, /* Feng shui on the status screen */ no_arith, /* Skip most arithmetic ops */ diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 6e7d3f74..a82fa8f9 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1066,7 +1066,7 @@ static void handle_existing_out_dir(void) { /* Autoresume treats a normal run as in_place_resume if a valid out dir already exists */ - if (getenv("AFL_AUTORESUME")) { + if (!in_place_resume && autoresume) { OKF("Detected prior run with AFL_AUTORESUME set. Resuming."); in_place_resume = 1; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index d4c75d9c..98c9dbe3 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -314,14 +314,7 @@ int main(int argc, char** argv, char** envp) { if (in_dir) FATAL("Multiple -i options not supported"); in_dir = optarg; - if (!strcmp(in_dir, "-")) { - - if (getenv("AFL_AUTORESUME")) - WARNF("AFL_AUTORESUME has no effect for '-i -'"); - - in_place_resume = 1; - - } + if (!strcmp(in_dir, "-")) in_place_resume = 1; break; @@ -757,6 +750,14 @@ int main(int argc, char** argv, char** envp) { if (get_afl_env("AFL_SHUFFLE_QUEUE")) shuffle_queue = 1; if (get_afl_env("AFL_FAST_CAL")) fast_cal = 1; + if (get_afl_env("AFL_AUTORESUME")) { + + autoresume = 1; + if (in_place_resume) + WARNF("AFL_AUTORESUME has no effect for '-i -'"); + + } + if (get_afl_env("AFL_HANG_TMOUT")) { hang_tmout = atoi(getenv("AFL_HANG_TMOUT")); From f0cf9c2cdf6fbf26063a1abef479d4f1b1b4e704 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 1 Mar 2020 22:30:38 +0100 Subject: [PATCH 5/7] make afl-showmap quiet when called from afl-cmin* --- afl-cmin | 1 + afl-cmin.bash | 2 ++ docs/Changelog.md | 2 ++ 3 files changed, 5 insertions(+) diff --git a/afl-cmin b/afl-cmin index c7531221..28d8c746 100755 --- a/afl-cmin +++ b/afl-cmin @@ -1,4 +1,5 @@ #!/usr/bin/env sh +export AFL_QUIET=1 THISPATH=`dirname ${0}` export PATH="${THISPATH}:$PATH" awk -f - -- ${@+"$@"} <<'EOF' diff --git a/afl-cmin.bash b/afl-cmin.bash index b1378eb5..1f23f6bc 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -51,6 +51,8 @@ TIMEOUT=none unset IN_DIR OUT_DIR STDIN_FILE EXTRA_PAR MEM_LIMIT_GIVEN \ AFL_CMIN_CRASHES_ONLY AFL_CMIN_ALLOW_ANY QEMU_MODE UNICORN_MODE +export AFL_QUIET=1 + while getopts "+i:o:f:m:t:eQUCh" opt; do case "$opt" in diff --git a/docs/Changelog.md b/docs/Changelog.md index ab374596..d5c2a279 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,8 +10,10 @@ sending a mail to . ### Version ++2.62d (developt): + - qemu_mode now uses solely the internal capstone version to fix builds on modern Linux distributions + - afl-fuzz basic tools now report on the environment variables picked up - more tools get environment variable usage info in the help output - AFL_AUTORESUME will resume execution without the need to specify `-i -` From 43e97a5aa24744c5c4abd04041a099bd2c3eec12 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 2 Mar 2020 16:10:08 +0100 Subject: [PATCH 6/7] Autoresume added to help --- src/afl-fuzz.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 98c9dbe3..548f029b 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -186,6 +186,7 @@ static void usage(u8* argv0, int more_help) { //"AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" "AFL_BENCH_UNTIL_CRASH: exit soon when the first crashing input has been found\n" + "AFL_AUTORESUME: resume fuzzing if directory specified by -o already exists\n" "\n" ); else @@ -754,7 +755,7 @@ int main(int argc, char** argv, char** envp) { autoresume = 1; if (in_place_resume) - WARNF("AFL_AUTORESUME has no effect for '-i -'"); + SAYF("AFL_AUTORESUME has no effect for '-i -'"); } From f6050ab804f06fbedfb1fd1b619217be85db2e00 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 2 Mar 2020 16:12:12 +0100 Subject: [PATCH 7/7] Silenced output of if python not found --- Makefile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index f97f7f4f..b64a6dfe 100644 --- a/Makefile +++ b/Makefile @@ -68,8 +68,8 @@ override CFLAGS += -Wall -g -Wno-pointer-sign -I include/ \ AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c) -ifneq "$(shell which python3m)" "" - ifneq "$(shell which python3m-config)" "" +ifneq "$(shell which python3m 2>/dev/null)" "" + ifneq "$(shell which python3m-config 2>/dev/null)" "" PYTHON_INCLUDE ?= $(shell python3m-config --includes) PYTHON_VERSION ?= $(strip $(shell python3m --version 2>&1)) # Starting with python3.8, we need to pass the `embed` flag. Earier versions didn't know this flag. @@ -81,8 +81,8 @@ ifneq "$(shell which python3m)" "" endif endif -ifneq "$(shell which python3)" "" - ifneq "$(shell which python3-config)" "" +ifneq "$(shell which python3 2>/dev/null)" "" + ifneq "$(shell which python3-config 2>/dev/null)" "" PYTHON_INCLUDE ?= $(shell python3-config --includes) PYTHON_VERSION ?= $(strip $(shell python3 --version 2>&1)) # Starting with python3.8, we need to pass the `embed` flag. Earier versions didn't know this flag. @@ -94,8 +94,8 @@ ifneq "$(shell which python3)" "" endif endif -ifneq "$(shell which python)" "" - ifneq "$(shell which python-config)" "" +ifneq "$(shell which python 2>/dev/null)" "" + ifneq "$(shell which python-config 2>/dev/null)" "" PYTHON_INCLUDE ?= $(shell python-config --includes) PYTHON_LIB ?= $(shell python-config --ldflags) PYTHON_VERSION ?= $(strip $(shell python --version 2>&1))