ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

enhancements

Browse Source
This commit is contained in:
van Hauser
2020-08-11 10:24:45 +02:00
parent 67dac15226
commit 0ba09ee85a
6 changed files with 39 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
examples/aflpp_driver/aflpp_driver.c
View File

@ -306,10 +306,13 @@ int main(int argc, char **argv) {
else if (argc > 1) {
if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) {
munmap(__afl_area_ptr, MAX_DUMMY_SIZE); // we need to free 0x10000
__afl_area_ptr = NULL;
__afl_manual_init();
}
return ExecuteFilesOnyByOne(argc, argv);
}
@ -317,11 +320,14 @@ int main(int argc, char **argv) {
assert(N > 0);
if (!getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) {
munmap(__afl_area_ptr, MAX_DUMMY_SIZE);
__afl_area_ptr = NULL;
fprintf(stderr, "performing manual init\n");
__afl_manual_init();
__afl_manual_init();
}
fprintf(stderr, "map is now at %p\n", __afl_area_ptr);
// Call LLVMFuzzerTestOneInput here so that coverage caused by initialization
@ -333,11 +339,7 @@ int main(int argc, char **argv) {
ssize_t r = read(0, buf, sizeof(buf));
if (r > 0) {
LLVMFuzzerTestOneInput(buf, r);
}
if (r > 0) { LLVMFuzzerTestOneInput(buf, r); }
}

2
include/common.h
View File

@ -55,7 +55,7 @@ extern u8 *doc_path; /* path to documentation dir */
@returns the path, allocating the string */
u8 *find_binary(u8 *fname);
u8 *find_binary_own_loc(u8 *fname, u8 *own_loc);
u8 *find_afl_binary(u8 *fname, u8 *own_loc);
/* Read a bitmap from file fname to memory
This is for the -B option again. */

7
llvm_mode/afl-llvm-rt.o.c
View File

@ -847,9 +847,8 @@ void __afl_manual_init(void) {
init_done = 1;
is_persistent = 0;
__afl_sharedmem_fuzzing = 0;
if (__afl_area_ptr == NULL)
__afl_area_ptr = __afl_area_initial;
if (__afl_area_ptr == NULL) __afl_area_ptr = __afl_area_initial;
if (getenv("AFL_DEBUG"))
fprintf(stderr,
"DEBUG: disabled instrumenation because of "
@ -886,7 +885,7 @@ __attribute__((constructor(0))) void __afl_auto_early(void) {
is_persistent = !!getenv(PERSIST_ENV_VAR);
__afl_map_shm();
__afl_map_shm();
}

30
src/afl-common.c
View File

@ -138,7 +138,7 @@ void argv_cpy_free(char **argv) {
}
u8 *find_binary_own_loc(u8 *fname, u8 *own_loc) {
u8 *find_afl_binary(u8 *fname, u8 *own_loc) {
u8 *tmp, *rsl, *own_copy, *cp;
@ -154,21 +154,25 @@ u8 *find_binary_own_loc(u8 *fname, u8 *own_loc) {
}
own_copy = ck_strdup(own_loc);
rsl = strrchr(own_copy, '/');
if (own_loc) {
if (rsl) {
own_copy = ck_strdup(own_loc);
rsl = strrchr(own_copy, '/');
*rsl = 0;
if (rsl) {
cp = alloc_printf("%s/%s", own_copy, fname);
ck_free(own_copy);
*rsl = 0;
if (!access(cp, X_OK)) { return cp; }
cp = alloc_printf("%s/%s", own_copy, fname);
ck_free(own_copy);
} else {
if (!access(cp, X_OK)) { return cp; }
ck_free(own_copy);
} else {
ck_free(own_copy);
}
}
@ -196,7 +200,7 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
/* Now we need to actually find the QEMU binary to put in argv[0]. */
cp = find_binary_own_loc("afl-qemu-trace", own_loc);
cp = find_afl_binary("afl-qemu-trace", own_loc);
if (cp) {
@ -241,12 +245,12 @@ char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
/* Now we need to actually find the QEMU binary to put in argv[0]. */
cp = find_binary_own_loc("afl-qemu-trace", own_loc);
cp = find_afl_binary("afl-qemu-trace", own_loc);
if (cp) {
ck_free(cp);
cp = find_binary_own_loc("afl-wine-trace", own_loc);
cp = find_afl_binary("afl-wine-trace", own_loc);
if (cp) {

11
src/afl-fuzz-one.c
View File

@ -2236,8 +2236,8 @@ havoc_stage:
clone_to = rand_below(afl, temp_len);
new_buf = ck_maybe_grow(BUF_PARAMS(out_scratch),
temp_len + clone_len);
new_buf =
ck_maybe_grow(BUF_PARAMS(out_scratch), temp_len + clone_len);
/* Head */
@ -2403,8 +2403,7 @@ havoc_stage:
if (temp_len + extra_len >= MAX_FILE) { break; }
out_buf =
ck_maybe_grow(BUF_PARAMS(out), temp_len + extra_len);
out_buf = ck_maybe_grow(BUF_PARAMS(out), temp_len + extra_len);
/* Tail */
memmove(out_buf + insert_at + extra_len, out_buf + insert_at,
@ -2499,8 +2498,8 @@ havoc_stage:
clone_to = rand_below(afl, temp_len);
u8 *temp_buf = ck_maybe_grow(BUF_PARAMS(out_scratch),
temp_len + clone_len);
u8 *temp_buf =
ck_maybe_grow(BUF_PARAMS(out_scratch), temp_len + clone_len);
/* Head */

11
src/afl-fuzz.c
View File

@ -1274,9 +1274,8 @@ int main(int argc, char **argv_orig, char **envp) {
ck_free(afl->taint_fsrv.target_path);
afl->argv_taint = ck_alloc(sizeof(char *) * (argc + 4 - optind));
afl->taint_fsrv.target_path =
find_binary_own_loc("afl-qemu-taint", argv[0]);
afl->argv_taint[0] = find_binary_own_loc("afl-qemu-taint", argv[0]);
afl->taint_fsrv.target_path = find_afl_binary("afl-qemu-taint", argv[0]);
afl->argv_taint[0] = find_afl_binary("afl-qemu-taint", argv[0]);
if (!afl->argv_taint[0])
FATAL(
"Cannot find 'afl-qemu-taint', read qemu_taint/README.md on how to "
@ -1308,19 +1307,19 @@ int main(int argc, char **argv_orig, char **envp) {
OKF("Taint forkserver successfully started");
const rlim_t kStackSize = 256L * 1024L * 1024L; // min stack size = 256 Mb
const rlim_t kStackSize = 256L * 1024L * 1024L; // min stack size = 256 Mb
struct rlimit rl;
rl.rlim_cur = kStackSize;
if (getrlimit(RLIMIT_STACK, &rl) != 0)
WARNF("Setting a higher stack size failed!");
#define BUF_PARAMS(name) (void **)&afl->name##_buf, &afl->name##_size
#define BUF_PARAMS(name) (void **)&afl->name##_buf, &afl->name##_size
u8 *tmp1 = ck_maybe_grow(BUF_PARAMS(eff), MAX_FILE + 4096);
u8 *tmp2 = ck_maybe_grow(BUF_PARAMS(ex), MAX_FILE + 4096);
u8 *tmp3 = ck_maybe_grow(BUF_PARAMS(in_scratch), MAX_FILE + 4096);
u8 *tmp4 = ck_maybe_grow(BUF_PARAMS(out), MAX_FILE + 4096);
u8 *tmp5 = ck_maybe_grow(BUF_PARAMS(out_scratch), MAX_FILE + 4096);
#undef BUF_PARAMS
#undef BUF_PARAMS
if (!tmp1 || !tmp2 || !tmp3 || !tmp4 || !tmp5)
FATAL("memory issues. me hungry, feed me!");