warn on _AFL and __AFL env vars

2025-06-14 11:08:06 +00:00 · 2020-12-23 17:56:39 +01:00
parent 1c79687dfe
commit 03849d147a
7 changed files with 44 additions and 29 deletions
--- a/include/alloc-inl.h
+++ b/include/alloc-inl.h
@ -363,7 +363,8 @@ static inline void *DFL_ck_realloc(void *orig, u32 size) {

  if (orig) {

-    memcpy((char *)ret + ALLOC_OFF_HEAD, (char *)orig + ALLOC_OFF_HEAD, MIN(size, old_size));
+    memcpy((char *)ret + ALLOC_OFF_HEAD, (char *)orig + ALLOC_OFF_HEAD,
+           MIN(size, old_size));
    memset((char *)orig + ALLOC_OFF_HEAD, 0xFF, old_size);

    ALLOC_C1((char *)orig + ALLOC_OFF_HEAD) = ALLOC_MAGIC_F;
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@ -103,11 +103,11 @@ static u32 map_size = MAP_SIZE;
 /* Classify tuple counts. This is a slow & naive version, but good enough here.
 */

-#define TIMES4(x) x,x,x,x
-#define TIMES8(x) TIMES4(x),TIMES4(x)
-#define TIMES16(x) TIMES8(x),TIMES8(x)
-#define TIMES32(x) TIMES16(x),TIMES16(x)
-#define TIMES64(x) TIMES32(x),TIMES32(x)
+#define TIMES4(x) x, x, x, x
+#define TIMES8(x) TIMES4(x), TIMES4(x)
+#define TIMES16(x) TIMES8(x), TIMES8(x)
+#define TIMES32(x) TIMES16(x), TIMES16(x)
+#define TIMES64(x) TIMES32(x), TIMES32(x)
 static u8 count_class_lookup[256] = {

    [0] = 0,
@ -121,6 +121,7 @@ static u8 count_class_lookup[256] = {
    [128] = TIMES64(128)

 };
+
 #undef TIMES64
 #undef TIMES32
 #undef TIMES16
--- a/src/afl-common.c
+++ b/src/afl-common.c
@ -432,7 +432,9 @@ void check_environment_vars(char **envp) {
  char *env, *val;
  while ((env = envp[index++]) != NULL) {

-    if (strncmp(env, "ALF_", 4) == 0) {
+    if (strncmp(env, "ALF_", 4) == 0 || strncmp(env, "_ALF", 4) == 0 ||
+        strncmp(env, "__ALF", 5) == 0 || strncmp(env, "_AFL", 4) == 0 ||
+        strncmp(env, "__AFL", 5) == 0) {

      WARNF("Potentially mistyped AFL environment variable: %s", env);
      issue_detected = 1;
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@ -26,7 +26,7 @@
 #include "afl-fuzz.h"
 #include <limits.h>
 #if !defined NAME_MAX
-#define NAME_MAX _XOPEN_NAME_MAX
+  #define NAME_MAX _XOPEN_NAME_MAX
 #endif

 /* Write bitmap to file. The bitmap is useful mostly for the secret
@ -143,12 +143,14 @@ u32 count_non_255_bytes(afl_state_t *afl, u8 *mem) {
   and replacing it with 0x80 or 0x01 depending on whether the tuple
   is hit or not. Called on every new crash or timeout, should be
   reasonably fast. */
-#define TIMES4(x) x,x,x,x
-#define TIMES8(x) TIMES4(x),TIMES4(x)
-#define TIMES16(x) TIMES8(x),TIMES8(x)
-#define TIMES32(x) TIMES16(x),TIMES16(x)
-#define TIMES64(x) TIMES32(x),TIMES32(x)
-#define TIMES255(x) TIMES64(x),TIMES64(x),TIMES64(x),TIMES32(x),TIMES16(x),TIMES8(x),TIMES4(x),x,x,x
+#define TIMES4(x) x, x, x, x
+#define TIMES8(x) TIMES4(x), TIMES4(x)
+#define TIMES16(x) TIMES8(x), TIMES8(x)
+#define TIMES32(x) TIMES16(x), TIMES16(x)
+#define TIMES64(x) TIMES32(x), TIMES32(x)
+#define TIMES255(x)                                                      \
+  TIMES64(x), TIMES64(x), TIMES64(x), TIMES32(x), TIMES16(x), TIMES8(x), \
+      TIMES4(x), x, x, x
 const u8 simplify_lookup[256] = {

    [0] = 1, [1] = TIMES255(128)
@ -172,6 +174,7 @@ const u8 count_class_lookup8[256] = {
    [128] = TIMES64(128)

 };
+
 #undef TIMES255
 #undef TIMES64
 #undef TIMES32
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@ -29,7 +29,7 @@
 #include <signal.h>
 #include <limits.h>
 #if !defined NAME_MAX
-#define NAME_MAX _XOPEN_NAME_MAX
+  #define NAME_MAX _XOPEN_NAME_MAX
 #endif

 #include "cmplog.h"
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@ -98,17 +98,23 @@ static sharedmem_t *     shm_fuzz;
 /* Classify tuple counts. Instead of mapping to individual bits, as in
   afl-fuzz.c, we map to more user-friendly numbers between 1 and 8. */

-#define TIMES4(x) x,x,x,x
-#define TIMES8(x) TIMES4(x),TIMES4(x)
-#define TIMES16(x) TIMES8(x),TIMES8(x)
-#define TIMES32(x) TIMES16(x),TIMES16(x)
-#define TIMES64(x) TIMES32(x),TIMES32(x)
-#define TIMES96(x) TIMES64(x),TIMES32(x)
-#define TIMES128(x) TIMES64(x),TIMES64(x)
+#define TIMES4(x) x, x, x, x
+#define TIMES8(x) TIMES4(x), TIMES4(x)
+#define TIMES16(x) TIMES8(x), TIMES8(x)
+#define TIMES32(x) TIMES16(x), TIMES16(x)
+#define TIMES64(x) TIMES32(x), TIMES32(x)
+#define TIMES96(x) TIMES64(x), TIMES32(x)
+#define TIMES128(x) TIMES64(x), TIMES64(x)
 static const u8 count_class_human[256] = {

-    [0] = 0,          [1] = 1,        [2] = 2,         [3] = 3,
-    [4] = TIMES4(4),  [8] = TIMES8(5),[16] = TIMES16(6),[32] = TIMES96(7),
+    [0] = 0,
+    [1] = 1,
+    [2] = 2,
+    [3] = 3,
+    [4] = TIMES4(4),
+    [8] = TIMES8(5),
+    [16] = TIMES16(6),
+    [32] = TIMES96(7),
    [128] = TIMES128(8)

 };
@ -126,6 +132,7 @@ static const u8 count_class_binary[256] = {
    [128] = TIMES64(128)

 };
+
 #undef TIMES128
 #undef TIMES96
 #undef TIMES64
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@ -98,11 +98,11 @@ static sharedmem_t *     shm_fuzz;
 /* Classify tuple counts. This is a slow & naive version, but good enough here.
 */

-#define TIMES4(x) x,x,x,x
-#define TIMES8(x) TIMES4(x),TIMES4(x)
-#define TIMES16(x) TIMES8(x),TIMES8(x)
-#define TIMES32(x) TIMES16(x),TIMES16(x)
-#define TIMES64(x) TIMES32(x),TIMES32(x)
+#define TIMES4(x) x, x, x, x
+#define TIMES8(x) TIMES4(x), TIMES4(x)
+#define TIMES16(x) TIMES8(x), TIMES8(x)
+#define TIMES32(x) TIMES16(x), TIMES16(x)
+#define TIMES64(x) TIMES32(x), TIMES32(x)
 static const u8 count_class_lookup[256] = {

    [0] = 0,
@ -116,6 +116,7 @@ static const u8 count_class_lookup[256] = {
    [128] = TIMES64(128)

 };
+
 #undef TIMES64
 #undef TIMES32
 #undef TIMES16