ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

enhancements

Browse Source
This commit is contained in:
van Hauser
2020-08-11 10:24:45 +02:00
parent 67dac15226
commit 0ba09ee85a
6 changed files with 39 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
examples/aflpp_driver/aflpp_driver.c
View File

@ -306,10 +306,13 @@ int main(int argc, char **argv) {
else if (argc > 1) { else if (argc > 1) {
if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) { if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) {
munmap(__afl_area_ptr, MAX_DUMMY_SIZE); // we need to free 0x10000 munmap(__afl_area_ptr, MAX_DUMMY_SIZE); // we need to free 0x10000
__afl_area_ptr = NULL; __afl_area_ptr = NULL;
__afl_manual_init(); __afl_manual_init();
} }
return ExecuteFilesOnyByOne(argc, argv); return ExecuteFilesOnyByOne(argc, argv);
} }
@ -317,11 +320,14 @@ int main(int argc, char **argv) {
assert(N > 0); assert(N > 0);
if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) { if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) {
munmap(__afl_area_ptr, MAX_DUMMY_SIZE); munmap(__afl_area_ptr, MAX_DUMMY_SIZE);
__afl_area_ptr = NULL; __afl_area_ptr = NULL;
fprintf(stderr, "performing manual init\n"); fprintf(stderr, "performing manual init\n");
__afl_manual_init(); __afl_manual_init();
} }
fprintf(stderr, "map is now at %p\n", __afl_area_ptr); fprintf(stderr, "map is now at %p\n", __afl_area_ptr);
// Call LLVMFuzzerTestOneInput here so that coverage caused by initialization // Call LLVMFuzzerTestOneInput here so that coverage caused by initialization
@ -333,11 +339,7 @@ int main(int argc, char **argv) {
ssize_t r = read(0, buf, sizeof(buf)); ssize_t r = read(0, buf, sizeof(buf));
if (r > 0) { if (r > 0) { LLVMFuzzerTestOneInput(buf, r); }
LLVMFuzzerTestOneInput(buf, r);
}
} }

2
include/common.h
View File

@ -55,7 +55,7 @@ extern u8 *doc_path; /* path to documentation dir */
@returns the path, allocating the string */ @returns the path, allocating the string */
u8 *find_binary(u8 *fname); u8 *find_binary(u8 *fname);
u8 *find_binary_own_loc(u8 *fname, u8 *own_loc); u8 *find_afl_binary(u8 *fname, u8 *own_loc);
/* Read a bitmap from file fname to memory /* Read a bitmap from file fname to memory
This is for the -B option again. */ This is for the -B option again. */

7
llvm_mode/afl-llvm-rt.o.c
View File

@ -847,9 +847,8 @@ void __afl_manual_init(void) {
init_done = 1; init_done = 1;
is_persistent = 0; is_persistent = 0;
__afl_sharedmem_fuzzing = 0; __afl_sharedmem_fuzzing = 0;
if (__afl_area_ptr == NULL) if (__afl_area_ptr == NULL) __afl_area_ptr = __afl_area_initial;
__afl_area_ptr = __afl_area_initial;
if (getenv("AFL_DEBUG")) if (getenv("AFL_DEBUG"))
fprintf(stderr, fprintf(stderr,
"DEBUG: disabled instrumenation because of " "DEBUG: disabled instrumenation because of "
@ -886,7 +885,7 @@ __attribute__((constructor(0))) void __afl_auto_early(void) {
is_persistent = !!getenv(PERSIST_ENV_VAR); is_persistent = !!getenv(PERSIST_ENV_VAR);
__afl_map_shm(); __afl_map_shm();
} }

30
src/afl-common.c
View File

@ -138,7 +138,7 @@ void argv_cpy_free(char **argv) {
} }
u8 *find_binary_own_loc(u8 *fname, u8 *own_loc) { u8 *find_afl_binary(u8 *fname, u8 *own_loc) {
u8 *tmp, *rsl, *own_copy, *cp; u8 *tmp, *rsl, *own_copy, *cp;
@ -154,21 +154,25 @@ u8 *find_binary_own_loc(u8 *fname, u8 *own_loc) {
} }
own_copy = ck_strdup(own_loc); if (own_loc) {
rsl = strrchr(own_copy, '/');
if (rsl) { own_copy = ck_strdup(own_loc);
rsl = strrchr(own_copy, '/');
*rsl = 0; if (rsl) {
cp = alloc_printf("%s/%s", own_copy, fname); *rsl = 0;
ck_free(own_copy);
if (!access(cp, X_OK)) { return cp; } cp = alloc_printf("%s/%s", own_copy, fname);
ck_free(own_copy);
} else { if (!access(cp, X_OK)) { return cp; }
ck_free(own_copy); } else {
ck_free(own_copy);
}
} }
@ -196,7 +200,7 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
/* Now we need to actually find the QEMU binary to put in argv[0]. */ /* Now we need to actually find the QEMU binary to put in argv[0]. */
cp = find_binary_own_loc("afl-qemu-trace", own_loc); cp = find_afl_binary("afl-qemu-trace", own_loc);
if (cp) { if (cp) {
@ -241,12 +245,12 @@ char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
/* Now we need to actually find the QEMU binary to put in argv[0]. */ /* Now we need to actually find the QEMU binary to put in argv[0]. */
cp = find_binary_own_loc("afl-qemu-trace", own_loc); cp = find_afl_binary("afl-qemu-trace", own_loc);
if (cp) { if (cp) {
ck_free(cp); ck_free(cp);
cp = find_binary_own_loc("afl-wine-trace", own_loc); cp = find_afl_binary("afl-wine-trace", own_loc);
if (cp) { if (cp) {

11
src/afl-fuzz-one.c
View File

@ -2236,8 +2236,8 @@ havoc_stage:
clone_to = rand_below(afl, temp_len); clone_to = rand_below(afl, temp_len);
new_buf = ck_maybe_grow(BUF_PARAMS(out_scratch), new_buf =
temp_len + clone_len); ck_maybe_grow(BUF_PARAMS(out_scratch), temp_len + clone_len);
/* Head */ /* Head */
@ -2403,8 +2403,7 @@ havoc_stage:
if (temp_len + extra_len >= MAX_FILE) { break; } if (temp_len + extra_len >= MAX_FILE) { break; }
out_buf = out_buf = ck_maybe_grow(BUF_PARAMS(out), temp_len + extra_len);
ck_maybe_grow(BUF_PARAMS(out), temp_len + extra_len);
/* Tail */ /* Tail */
memmove(out_buf + insert_at + extra_len, out_buf + insert_at, memmove(out_buf + insert_at + extra_len, out_buf + insert_at,
@ -2499,8 +2498,8 @@ havoc_stage:
clone_to = rand_below(afl, temp_len); clone_to = rand_below(afl, temp_len);
u8 *temp_buf = ck_maybe_grow(BUF_PARAMS(out_scratch), u8 *temp_buf =
temp_len + clone_len); ck_maybe_grow(BUF_PARAMS(out_scratch), temp_len + clone_len);
/* Head */ /* Head */

11
src/afl-fuzz.c
View File

@ -1274,9 +1274,8 @@ int main(int argc, char **argv_orig, char **envp) {
ck_free(afl->taint_fsrv.target_path); ck_free(afl->taint_fsrv.target_path);
afl->argv_taint = ck_alloc(sizeof(char *) * (argc + 4 - optind)); afl->argv_taint = ck_alloc(sizeof(char *) * (argc + 4 - optind));
afl->taint_fsrv.target_path = afl->taint_fsrv.target_path = find_afl_binary("afl-qemu-taint", argv[0]);
find_binary_own_loc("afl-qemu-taint", argv[0]); afl->argv_taint[0] = find_afl_binary("afl-qemu-taint", argv[0]);
afl->argv_taint[0] = find_binary_own_loc("afl-qemu-taint", argv[0]);
if (!afl->argv_taint[0]) if (!afl->argv_taint[0])
FATAL( FATAL(
"Cannot find 'afl-qemu-taint', read qemu_taint/README.md on how to " "Cannot find 'afl-qemu-taint', read qemu_taint/README.md on how to "
@ -1308,19 +1307,19 @@ int main(int argc, char **argv_orig, char **envp) {
OKF("Taint forkserver successfully started"); OKF("Taint forkserver successfully started");
const rlim_t kStackSize = 256L * 1024L * 1024L; // min stack size = 256 Mb const rlim_t kStackSize = 256L * 1024L * 1024L; // min stack size = 256 Mb
struct rlimit rl; struct rlimit rl;
rl.rlim_cur = kStackSize; rl.rlim_cur = kStackSize;
if (getrlimit(RLIMIT_STACK, &rl) != 0) if (getrlimit(RLIMIT_STACK, &rl) != 0)
WARNF("Setting a higher stack size failed!"); WARNF("Setting a higher stack size failed!");
#define BUF_PARAMS(name) (void **)&afl->name##_buf, &afl->name##_size #define BUF_PARAMS(name) (void **)&afl->name##_buf, &afl->name##_size
u8 *tmp1 = ck_maybe_grow(BUF_PARAMS(eff), MAX_FILE + 4096); u8 *tmp1 = ck_maybe_grow(BUF_PARAMS(eff), MAX_FILE + 4096);
u8 *tmp2 = ck_maybe_grow(BUF_PARAMS(ex), MAX_FILE + 4096); u8 *tmp2 = ck_maybe_grow(BUF_PARAMS(ex), MAX_FILE + 4096);
u8 *tmp3 = ck_maybe_grow(BUF_PARAMS(in_scratch), MAX_FILE + 4096); u8 *tmp3 = ck_maybe_grow(BUF_PARAMS(in_scratch), MAX_FILE + 4096);
u8 *tmp4 = ck_maybe_grow(BUF_PARAMS(out), MAX_FILE + 4096); u8 *tmp4 = ck_maybe_grow(BUF_PARAMS(out), MAX_FILE + 4096);
u8 *tmp5 = ck_maybe_grow(BUF_PARAMS(out_scratch), MAX_FILE + 4096); u8 *tmp5 = ck_maybe_grow(BUF_PARAMS(out_scratch), MAX_FILE + 4096);
#undef BUF_PARAMS #undef BUF_PARAMS
if (!tmp1 || !tmp2 || !tmp3 || !tmp4 || !tmp5) if (!tmp1 || !tmp2 || !tmp3 || !tmp4 || !tmp5)
FATAL("memory issues. me hungry, feed me!"); FATAL("memory issues. me hungry, feed me!");