mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-15 03:18:07 +00:00
fix shared memory leaks in afl-showmap, initialize cmplog_mode
This commit is contained in:
hexcoder-
@ -1049,6 +1049,9 @@ int main(int argc, char **argv, char **envp) {
|
|||||||
check_environment_vars(envp);
|
check_environment_vars(envp);
|
||||||
|
|
||||||
sharedmem_t shm = {0};
|
sharedmem_t shm = {0};
|
||||||
|
|
||||||
|
/* initialize cmplog_mode */
|
||||||
|
shm.cmplog_mode = 0;
|
||||||
trace_bits = afl_shm_init(&shm, map_size, 0);
|
trace_bits = afl_shm_init(&shm, map_size, 0);
|
||||||
atexit(at_exit_handler);
|
atexit(at_exit_handler);
|
||||||
setup_signal_handlers();
|
setup_signal_handlers();
|
||||||
|
|||||||
@ -101,7 +101,7 @@ void afl_shm_deinit(sharedmem_t *shm) {
|
|||||||
u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
|
u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
|
||||||
unsigned char non_instrumented_mode) {
|
unsigned char non_instrumented_mode) {
|
||||||
|
|
||||||
shm->map_size = map_size;
|
shm->map_size = 0;
|
||||||
|
|
||||||
shm->map = NULL;
|
shm->map = NULL;
|
||||||
|
|
||||||
@ -153,7 +153,6 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
|
|||||||
u8 *shm_str;
|
u8 *shm_str;
|
||||||
|
|
||||||
shm->shm_id = shmget(IPC_PRIVATE, map_size, IPC_CREAT | IPC_EXCL | 0600);
|
shm->shm_id = shmget(IPC_PRIVATE, map_size, IPC_CREAT | IPC_EXCL | 0600);
|
||||||
|
|
||||||
if (shm->shm_id < 0) { PFATAL("shmget() failed"); }
|
if (shm->shm_id < 0) { PFATAL("shmget() failed"); }
|
||||||
|
|
||||||
if (shm->cmplog_mode) {
|
if (shm->cmplog_mode) {
|
||||||
@ -204,6 +203,7 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
|
|||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
shm->map_size = map_size;
|
||||||
list_append(&shm_list, shm);
|
list_append(&shm_list, shm);
|
||||||
|
|
||||||
return shm->map;
|
return shm->map;
|
||||||
|
|||||||
@ -151,6 +151,7 @@ static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv,
|
|||||||
|
|
||||||
afl_shm_deinit(shm_fuzz);
|
afl_shm_deinit(shm_fuzz);
|
||||||
fsrv->support_shmem_fuzz = 0;
|
fsrv->support_shmem_fuzz = 0;
|
||||||
|
fsrv->shmem_fuzz_len = NULL;
|
||||||
fsrv->shmem_fuzz = NULL;
|
fsrv->shmem_fuzz = NULL;
|
||||||
ck_free(shm_fuzz);
|
ck_free(shm_fuzz);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -811,6 +812,8 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
|
|
||||||
// if (afl->shmem_testcase_mode) { setup_testcase_shmem(afl); }
|
// if (afl->shmem_testcase_mode) { setup_testcase_shmem(afl); }
|
||||||
|
|
||||||
|
/* initialize cmplog_mode */
|
||||||
|
shm.cmplog_mode = 0;
|
||||||
fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
|
fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
|
||||||
setup_signal_handlers();
|
setup_signal_handlers();
|
||||||
|
|
||||||
@ -865,6 +868,9 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
shm_fuzz = ck_alloc(sizeof(sharedmem_t));
|
shm_fuzz = ck_alloc(sizeof(sharedmem_t));
|
||||||
|
|
||||||
|
/* initialize cmplog_mode */
|
||||||
|
shm_fuzz->cmplog_mode = 0;
|
||||||
u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1);
|
u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1);
|
||||||
if (!map) { FATAL("BUG: Zero return from afl_shm_init."); }
|
if (!map) { FATAL("BUG: Zero return from afl_shm_init."); }
|
||||||
#ifdef USEMMAP
|
#ifdef USEMMAP
|
||||||
@ -991,6 +997,9 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz)
|
||||||
|
shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
|
||||||
|
|
||||||
showmap_run_target(fsrv, use_argv);
|
showmap_run_target(fsrv, use_argv);
|
||||||
tcnt = write_results_to_file(fsrv, out_file);
|
tcnt = write_results_to_file(fsrv, out_file);
|
||||||
|
|
||||||
|
|||||||
@ -116,6 +116,7 @@ static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv,
|
|||||||
|
|
||||||
afl_shm_deinit(shm_fuzz);
|
afl_shm_deinit(shm_fuzz);
|
||||||
fsrv->support_shmem_fuzz = 0;
|
fsrv->support_shmem_fuzz = 0;
|
||||||
|
fsrv->shmem_fuzz_len = NULL;
|
||||||
fsrv->shmem_fuzz = NULL;
|
fsrv->shmem_fuzz = NULL;
|
||||||
ck_free(shm_fuzz);
|
ck_free(shm_fuzz);
|
||||||
return NULL;
|
return NULL;
|
||||||
@ -1036,6 +1037,8 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
|
|
||||||
check_environment_vars(envp);
|
check_environment_vars(envp);
|
||||||
|
|
||||||
|
/* initialize cmplog_mode */
|
||||||
|
shm.cmplog_mode = 0;
|
||||||
fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
|
fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
|
||||||
|
|
||||||
atexit(at_exit_handler);
|
atexit(at_exit_handler);
|
||||||
@ -1078,6 +1081,9 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
SAYF("\n");
|
SAYF("\n");
|
||||||
|
|
||||||
shm_fuzz = ck_alloc(sizeof(sharedmem_t));
|
shm_fuzz = ck_alloc(sizeof(sharedmem_t));
|
||||||
|
|
||||||
|
/* initialize cmplog_mode */
|
||||||
|
shm_fuzz->cmplog_mode = 0;
|
||||||
u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1);
|
u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1);
|
||||||
if (!map) { FATAL("BUG: Zero return from afl_shm_init."); }
|
if (!map) { FATAL("BUG: Zero return from afl_shm_init."); }
|
||||||
#ifdef USEMMAP
|
#ifdef USEMMAP
|
||||||
|
|||||||
Reference in New Issue
Block a user