ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/vanhauser-thc/AFLplusplus

Browse Source
This commit is contained in:
h1994st
2020-03-02 15:27:31 -05:00
parent 7b59e05600 f6050ab804
commit 031946136b
12 changed files with 46 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Makefile
View File

@ -68,8 +68,8 @@ override CFLAGS += -Wall -g -Wno-pointer-sign -I include/ \
AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c) AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c)
ifneq "$(shell which python3m)" "" ifneq "$(shell which python3m 2>/dev/null)" ""
ifneq "$(shell which python3m-config)" "" ifneq "$(shell which python3m-config 2>/dev/null)" ""
PYTHON_INCLUDE ?= $(shell python3m-config --includes) PYTHON_INCLUDE ?= $(shell python3m-config --includes)
PYTHON_VERSION ?= $(strip $(shell python3m --version 2>&1)) PYTHON_VERSION ?= $(strip $(shell python3m --version 2>&1))
# Starting with python3.8, we need to pass the `embed` flag. Earier versions didn't know this flag. # Starting with python3.8, we need to pass the `embed` flag. Earier versions didn't know this flag.
@ -81,8 +81,8 @@ ifneq "$(shell which python3m)" ""
endif endif
endif endif
ifneq "$(shell which python3)" "" ifneq "$(shell which python3 2>/dev/null)" ""
ifneq "$(shell which python3-config)" "" ifneq "$(shell which python3-config 2>/dev/null)" ""
PYTHON_INCLUDE ?= $(shell python3-config --includes) PYTHON_INCLUDE ?= $(shell python3-config --includes)
PYTHON_VERSION ?= $(strip $(shell python3 --version 2>&1)) PYTHON_VERSION ?= $(strip $(shell python3 --version 2>&1))
# Starting with python3.8, we need to pass the `embed` flag. Earier versions didn't know this flag. # Starting with python3.8, we need to pass the `embed` flag. Earier versions didn't know this flag.
@ -94,8 +94,8 @@ ifneq "$(shell which python3)" ""
endif endif
endif endif
ifneq "$(shell which python)" "" ifneq "$(shell which python 2>/dev/null)" ""
ifneq "$(shell which python-config)" "" ifneq "$(shell which python-config 2>/dev/null)" ""
PYTHON_INCLUDE ?= $(shell python-config --includes) PYTHON_INCLUDE ?= $(shell python-config --includes)
PYTHON_LIB ?= $(shell python-config --ldflags) PYTHON_LIB ?= $(shell python-config --ldflags)
PYTHON_VERSION ?= $(strip $(shell python --version 2>&1)) PYTHON_VERSION ?= $(strip $(shell python --version 2>&1))

1
afl-cmin
View File

@ -1,4 +1,5 @@
#!/usr/bin/env sh #!/usr/bin/env sh
export AFL_QUIET=1
THISPATH=`dirname ${0}` THISPATH=`dirname ${0}`
export PATH="${THISPATH}:$PATH" export PATH="${THISPATH}:$PATH"
awk -f - -- ${@+"$@"} <<'EOF' awk -f - -- ${@+"$@"} <<'EOF'

2
afl-cmin.bash
View File

@ -51,6 +51,8 @@ TIMEOUT=none
unset IN_DIR OUT_DIR STDIN_FILE EXTRA_PAR MEM_LIMIT_GIVEN \ unset IN_DIR OUT_DIR STDIN_FILE EXTRA_PAR MEM_LIMIT_GIVEN \
AFL_CMIN_CRASHES_ONLY AFL_CMIN_ALLOW_ANY QEMU_MODE UNICORN_MODE AFL_CMIN_CRASHES_ONLY AFL_CMIN_ALLOW_ANY QEMU_MODE UNICORN_MODE
export AFL_QUIET=1
while getopts "+i:o:f:m:t:eQUCh" opt; do while getopts "+i:o:f:m:t:eQUCh" opt; do
case "$opt" in case "$opt" in

3
docs/Changelog.md
View File

@ -10,9 +10,12 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
### Version ++2.62d (developt): ### Version ++2.62d (developt):
- qemu_mode now uses solely the internal capstone version to fix builds - qemu_mode now uses solely the internal capstone version to fix builds
on modern Linux distributions on modern Linux distributions
- afl-fuzz basic tools now report on the environment variables picked up
- more tools get environment variable usage info in the help output - more tools get environment variable usage info in the help output
- AFL_AUTORESUME will resume execution without the need to specify `-i -`
### Version ++2.62c (release): ### Version ++2.62c (release):

4
docs/env_variables.md
View File

@ -265,6 +265,10 @@ checks or alter some of the more exotic semantics of the tool:
- Setting AFL_NO_CPU_RED will not display very high cpu usages in red color. - Setting AFL_NO_CPU_RED will not display very high cpu usages in red color.
- Setting AFL_AUTORESUME will resume a fuzz run (same as providing `-i -`)
for an existing out folder, even if a different `-i` was provided.
Without this setting, afl-fuzz will refuse execution for a long-fuzzed out dir.
- Outdated environment variables that are that not supported anymore: - Outdated environment variables that are that not supported anymore:
AFL_DEFER_FORKSRV AFL_DEFER_FORKSRV
AFL_PERSISTENT AFL_PERSISTENT

1
gcc_plugin/afl-gcc-fast.c
View File

@ -41,6 +41,7 @@ static u8* obj_path; /* Path to runtime libraries */
static u8** cc_params; /* Parameters passed to the real CC */ static u8** cc_params; /* Parameters passed to the real CC */
static u32 cc_par_cnt = 1; /* Param count, including argv0 */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */
u8 use_stdin = 0; /* dummy */ u8 use_stdin = 0; /* dummy */
u8 be_quiet;
/* Try to find the runtime libraries. If that fails, abort. */ /* Try to find the runtime libraries. If that fails, abort. */

2
include/afl-fuzz.h
View File

@ -315,6 +315,7 @@ extern u8 skip_deterministic, /* Skip deterministic stages? */
no_forkserver, /* Disable forkserver? */ no_forkserver, /* Disable forkserver? */
crash_mode, /* Crash mode! Yeah! */ crash_mode, /* Crash mode! Yeah! */
in_place_resume, /* Attempt in-place resume? */ in_place_resume, /* Attempt in-place resume? */
autoresume, /* Resume if out_dir exists? */
auto_changed, /* Auto-generated tokens changed? */ auto_changed, /* Auto-generated tokens changed? */
no_cpu_meter_red, /* Feng shui on the status screen */ no_cpu_meter_red, /* Feng shui on the status screen */
no_arith, /* Skip most arithmetic ops */ no_arith, /* Skip most arithmetic ops */
@ -697,7 +698,6 @@ u32 find_start_position(void);
void find_timeout(void); void find_timeout(void);
double get_runnable_processes(void); double get_runnable_processes(void);
void nuke_resume_dir(void); void nuke_resume_dir(void);
void maybe_delete_out_dir(void);
void setup_dirs_fds(void); void setup_dirs_fds(void);
void setup_cmdline_file(char**); void setup_cmdline_file(char**);
void setup_stdio_file(void); void setup_stdio_file(void);

1
include/envs.h
View File

@ -1,6 +1,7 @@
const char *afl_environment_variables[] = { const char *afl_environment_variables[] = {
"AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS", "AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS",
"AFL_AUTORESUME",
"AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE", "AFL_BENCH_UNTIL_CRASH", "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE", "AFL_BENCH_UNTIL_CRASH",
"AFL_CAL_FAST", "AFL_CC", "AFL_CMIN_ALLOW_ANY", "AFL_CMIN_CRASHES_ONLY", "AFL_CAL_FAST", "AFL_CC", "AFL_CMIN_ALLOW_ANY", "AFL_CMIN_CRASHES_ONLY",
"AFL_CODE_END", "AFL_CODE_START", "AFL_COMPCOV_BINNAME", "AFL_CODE_END", "AFL_CODE_START", "AFL_COMPCOV_BINNAME",

1
llvm_mode/afl-clang-fast.c
View File

@ -43,6 +43,7 @@ static u32 cc_par_cnt = 1; /* Param count, including argv0 */
static u8 llvm_fullpath[PATH_MAX]; static u8 llvm_fullpath[PATH_MAX];
static u8 cmplog_mode; static u8 cmplog_mode;
u8 use_stdin = 0; /* dummy */ u8 use_stdin = 0; /* dummy */
u8 be_quiet = 0;
/* Try to find the runtime libraries. If that fails, abort. */ /* Try to find the runtime libraries. If that fails, abort. */

1
src/afl-fuzz-globals.c
View File

@ -115,6 +115,7 @@ u8 skip_deterministic, /* Skip deterministic stages? */
no_forkserver, /* Disable forkserver? */ no_forkserver, /* Disable forkserver? */
crash_mode, /* Crash mode! Yeah! */ crash_mode, /* Crash mode! Yeah! */
in_place_resume, /* Attempt in-place resume? */ in_place_resume, /* Attempt in-place resume? */
autoresume, /* Resume if out_dir exists? */
auto_changed, /* Auto-generated tokens changed? */ auto_changed, /* Auto-generated tokens changed? */
no_cpu_meter_red, /* Feng shui on the status screen */ no_cpu_meter_red, /* Feng shui on the status screen */
no_arith, /* Skip most arithmetic ops */ no_arith, /* Skip most arithmetic ops */

20
src/afl-fuzz-init.c
View File

@ -866,7 +866,7 @@ void find_timeout(void) {
} }
/* A helper function for maybe_delete_out_dir(), deleting all prefixed /* A helper function for handle_existing_out_dir(), deleting all prefixed
files in a directory. */ files in a directory. */
static u8 delete_files(u8* path, u8* prefix) { static u8 delete_files(u8* path, u8* prefix) {
@ -990,9 +990,10 @@ dir_cleanup_failed:
} }
/* Delete fuzzer output directory if we recognize it as ours, if the fuzzer /* Delete fuzzer output directory if we recognize it as ours, if the fuzzer
is not currently running, and if the last run time isn't too great. */ is not currently running, and if the last run time isn't too great.
Resume fuzzing if `-` is set as in_dir or if AFL_AUTORESUME is set */
void maybe_delete_out_dir(void) { static void handle_existing_out_dir(void) {
FILE* f; FILE* f;
u8* fn = alloc_printf("%s/fuzzer_stats", out_dir); u8* fn = alloc_printf("%s/fuzzer_stats", out_dir);
@ -1035,6 +1036,15 @@ void maybe_delete_out_dir(void) {
fclose(f); fclose(f);
/* Autoresume treats a normal run as in_place_resume if a valid out dir already exists */
if (!in_place_resume && autoresume) {
OKF("Detected prior run with AFL_AUTORESUME set. Resuming.");
in_place_resume = 1;
}
/* Let's see how much work is at stake. */ /* Let's see how much work is at stake. */
if (!in_place_resume && last_update - start_time2 > OUTPUT_GRACE * 60) { if (!in_place_resume && last_update - start_time2 > OUTPUT_GRACE * 60) {
@ -1051,7 +1061,7 @@ void maybe_delete_out_dir(void) {
" or specify a different output location for this job. To resume " " or specify a different output location for this job. To resume "
"the old\n" "the old\n"
" session, put '-' as the input directory in the command line " " session, put '-' as the input directory in the command line "
"('-i -') and\n" "('-i -') or set the AFL_AUTORESUME=1 env variable and\n"
" try again.\n", " try again.\n",
OUTPUT_GRACE); OUTPUT_GRACE);
@ -1278,7 +1288,7 @@ void setup_dirs_fds(void) {
if (errno != EEXIST) PFATAL("Unable to create '%s'", out_dir); if (errno != EEXIST) PFATAL("Unable to create '%s'", out_dir);
maybe_delete_out_dir(); handle_existing_out_dir();
} else { } else {

11
src/afl-fuzz.c
View File

@ -186,6 +186,7 @@ static void usage(u8* argv0, int more_help) {
//"AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n" //"AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n"
"AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"
"AFL_BENCH_UNTIL_CRASH: exit soon when the first crashing input has been found\n" "AFL_BENCH_UNTIL_CRASH: exit soon when the first crashing input has been found\n"
"AFL_AUTORESUME: resume fuzzing if directory specified by -o already exists\n"
"\n" "\n"
); );
else else
@ -649,7 +650,7 @@ int main(int argc, char** argv, char** envp) {
usage(argv[0], show_help); usage(argv[0], show_help);
OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" " OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" "
"Eißfeldt and Andrea Fioraldi"); "Eißfeldt, Andrea Fioraldi and Dominik Maier");
OKF("afl++ is open source, get it at " OKF("afl++ is open source, get it at "
"https://github.com/vanhauser-thc/AFLplusplus"); "https://github.com/vanhauser-thc/AFLplusplus");
OKF("Power schedules from github.com/mboehme/aflfast"); OKF("Power schedules from github.com/mboehme/aflfast");
@ -750,6 +751,14 @@ int main(int argc, char** argv, char** envp) {
if (get_afl_env("AFL_SHUFFLE_QUEUE")) shuffle_queue = 1; if (get_afl_env("AFL_SHUFFLE_QUEUE")) shuffle_queue = 1;
if (get_afl_env("AFL_FAST_CAL")) fast_cal = 1; if (get_afl_env("AFL_FAST_CAL")) fast_cal = 1;
if (get_afl_env("AFL_AUTORESUME")) {
autoresume = 1;
if (in_place_resume)
SAYF("AFL_AUTORESUME has no effect for '-i -'");
}
if (get_afl_env("AFL_HANG_TMOUT")) { if (get_afl_env("AFL_HANG_TMOUT")) {
hang_tmout = atoi(getenv("AFL_HANG_TMOUT")); hang_tmout = atoi(getenv("AFL_HANG_TMOUT"));