ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

enhancements

Browse Source
This commit is contained in:
van Hauser
2020-08-11 10:24:45 +02:00
parent 67dac15226
commit 0ba09ee85a
6 changed files with 39 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
examples/aflpp_driver/aflpp_driver.c
View File

@ -306,10 +306,13 @@ int main(int argc, char **argv) {
else if (argc > 1) { else if (argc > 1) {
if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) { if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) {
munmap(__afl_area_ptr, MAX_DUMMY_SIZE); // we need to free 0x10000 munmap(__afl_area_ptr, MAX_DUMMY_SIZE); // we need to free 0x10000
__afl_area_ptr = NULL; __afl_area_ptr = NULL;
__afl_manual_init(); __afl_manual_init();
} }
return ExecuteFilesOnyByOne(argc, argv); return ExecuteFilesOnyByOne(argc, argv);
} }
@ -317,11 +320,14 @@ int main(int argc, char **argv) {
assert(N > 0); assert(N > 0);
if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) { if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) {
munmap(__afl_area_ptr, MAX_DUMMY_SIZE); munmap(__afl_area_ptr, MAX_DUMMY_SIZE);
__afl_area_ptr = NULL; __afl_area_ptr = NULL;
fprintf(stderr, "performing manual init\n"); fprintf(stderr, "performing manual init\n");
__afl_manual_init(); __afl_manual_init();
} }
fprintf(stderr, "map is now at %p\n", __afl_area_ptr); fprintf(stderr, "map is now at %p\n", __afl_area_ptr);
// Call LLVMFuzzerTestOneInput here so that coverage caused by initialization // Call LLVMFuzzerTestOneInput here so that coverage caused by initialization
@ -333,11 +339,7 @@ int main(int argc, char **argv) {
ssize_t r = read(0, buf, sizeof(buf)); ssize_t r = read(0, buf, sizeof(buf));
if (r > 0) { if (r > 0) { LLVMFuzzerTestOneInput(buf, r); }
LLVMFuzzerTestOneInput(buf, r);
}
} }

2
include/common.h
View File

@ -55,7 +55,7 @@ extern u8 *doc_path; /* path to documentation dir */
@returns the path, allocating the string */ @returns the path, allocating the string */
u8 *find_binary(u8 *fname); u8 *find_binary(u8 *fname);
u8 *find_binary_own_loc(u8 *fname, u8 *own_loc); u8 *find_afl_binary(u8 *fname, u8 *own_loc);
/* Read a bitmap from file fname to memory /* Read a bitmap from file fname to memory
This is for the -B option again. */ This is for the -B option again. */

3
llvm_mode/afl-llvm-rt.o.c
View File

@ -847,8 +847,7 @@ void __afl_manual_init(void) {
init_done = 1; init_done = 1;
is_persistent = 0; is_persistent = 0;
__afl_sharedmem_fuzzing = 0; __afl_sharedmem_fuzzing = 0;
if (__afl_area_ptr == NULL) if (__afl_area_ptr == NULL) __afl_area_ptr = __afl_area_initial;
__afl_area_ptr = __afl_area_initial;
if (getenv("AFL_DEBUG")) if (getenv("AFL_DEBUG"))
fprintf(stderr, fprintf(stderr,

12
src/afl-common.c
View File

@ -138,7 +138,7 @@ void argv_cpy_free(char **argv) {
} }
u8 *find_binary_own_loc(u8 *fname, u8 *own_loc) { u8 *find_afl_binary(u8 *fname, u8 *own_loc) {
u8 *tmp, *rsl, *own_copy, *cp; u8 *tmp, *rsl, *own_copy, *cp;
@ -154,6 +154,8 @@ u8 *find_binary_own_loc(u8 *fname, u8 *own_loc) {
} }
if (own_loc) {
own_copy = ck_strdup(own_loc); own_copy = ck_strdup(own_loc);
rsl = strrchr(own_copy, '/'); rsl = strrchr(own_copy, '/');
@ -172,6 +174,8 @@ u8 *find_binary_own_loc(u8 *fname, u8 *own_loc) {
} }
}
cp = alloc_printf("%s/%s", BIN_PATH, fname); cp = alloc_printf("%s/%s", BIN_PATH, fname);
if (!access(cp, X_OK)) { return cp; } if (!access(cp, X_OK)) { return cp; }
@ -196,7 +200,7 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
/* Now we need to actually find the QEMU binary to put in argv[0]. */ /* Now we need to actually find the QEMU binary to put in argv[0]. */
cp = find_binary_own_loc("afl-qemu-trace", own_loc); cp = find_afl_binary("afl-qemu-trace", own_loc);
if (cp) { if (cp) {
@ -241,12 +245,12 @@ char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
/* Now we need to actually find the QEMU binary to put in argv[0]. */ /* Now we need to actually find the QEMU binary to put in argv[0]. */
cp = find_binary_own_loc("afl-qemu-trace", own_loc); cp = find_afl_binary("afl-qemu-trace", own_loc);
if (cp) { if (cp) {
ck_free(cp); ck_free(cp);
cp = find_binary_own_loc("afl-wine-trace", own_loc); cp = find_afl_binary("afl-wine-trace", own_loc);
if (cp) { if (cp) {

11
src/afl-fuzz-one.c
View File

@ -2236,8 +2236,8 @@ havoc_stage:
clone_to = rand_below(afl, temp_len); clone_to = rand_below(afl, temp_len);
new_buf = ck_maybe_grow(BUF_PARAMS(out_scratch), new_buf =
temp_len + clone_len); ck_maybe_grow(BUF_PARAMS(out_scratch), temp_len + clone_len);
/* Head */ /* Head */
@ -2403,8 +2403,7 @@ havoc_stage:
if (temp_len + extra_len >= MAX_FILE) { break; } if (temp_len + extra_len >= MAX_FILE) { break; }
out_buf = out_buf = ck_maybe_grow(BUF_PARAMS(out), temp_len + extra_len);
ck_maybe_grow(BUF_PARAMS(out), temp_len + extra_len);
/* Tail */ /* Tail */
memmove(out_buf + insert_at + extra_len, out_buf + insert_at, memmove(out_buf + insert_at + extra_len, out_buf + insert_at,
@ -2499,8 +2498,8 @@ havoc_stage:
clone_to = rand_below(afl, temp_len); clone_to = rand_below(afl, temp_len);
u8 *temp_buf = ck_maybe_grow(BUF_PARAMS(out_scratch), u8 *temp_buf =
temp_len + clone_len); ck_maybe_grow(BUF_PARAMS(out_scratch), temp_len + clone_len);
/* Head */ /* Head */

5
src/afl-fuzz.c
View File

@ -1274,9 +1274,8 @@ int main(int argc, char **argv_orig, char **envp) {
ck_free(afl->taint_fsrv.target_path); ck_free(afl->taint_fsrv.target_path);
afl->argv_taint = ck_alloc(sizeof(char *) * (argc + 4 - optind)); afl->argv_taint = ck_alloc(sizeof(char *) * (argc + 4 - optind));
afl->taint_fsrv.target_path = afl->taint_fsrv.target_path = find_afl_binary("afl-qemu-taint", argv[0]);
find_binary_own_loc("afl-qemu-taint", argv[0]); afl->argv_taint[0] = find_afl_binary("afl-qemu-taint", argv[0]);
afl->argv_taint[0] = find_binary_own_loc("afl-qemu-taint", argv[0]);
if (!afl->argv_taint[0]) if (!afl->argv_taint[0])
FATAL( FATAL(
"Cannot find 'afl-qemu-taint', read qemu_taint/README.md on how to " "Cannot find 'afl-qemu-taint', read qemu_taint/README.md on how to "