Merge pull request #2269 from AFLplusplus/dev

push to stable

GNUmakefile.llvm

@@ -28,7 +28,7 @@ MAN_PATH    ?= $(PREFIX)/share/man/man8
 
 BUILD_DATE  ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "+%Y-%m-%d" 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" "+%Y-%m-%d" 2>/dev/null || date -u "+%Y-%m-%d")
 
-VERSION     = $(shell grep '^$(HASH)define VERSION ' ./config.h | cut -d '"' -f2)
+VERSION     = $(shell grep '^ *$(HASH)define VERSION ' ./config.h | cut -d '"' -f2)
 
 SYS = $(shell uname -s)
 

docs/Changelog.md

@@ -5,7 +5,12 @@
 
 
 ### Version ++4.31a (dev)
-  - your PR?
+  - loose file and shared memory permissions on Android and iPhone
+  - afl-cc:
+    - -fsanitize=fuzzer now inserts libAFLDriver.a addtionally early to help
+      compiling if LLVMFuzzerTestOneOnput is in an .a archive
+    - added __sanitizer_weak_hook_* functions (in case that is helpful in
+      weird setups)
 
 
 ### Version ++4.30c (release)

include/config.h

@@ -52,6 +52,18 @@
   /* Default file permission umode when creating files (default: 0600) */
   #define DEFAULT_PERMISSION 0600
 
+  #ifdef __APPLE__
+    #include <TargetConditionals.h>
+    #if TARGET_OS_IOS
+      #undef DEFAULT_PERMISSION
+      #define 0666
+    #endif
+  #endif
+  #ifdef __ANDROID__
+    #undef DEFAULT_PERMISSION
+    #define 0666
+  #endif
+
 /* SkipDet's global configuration */
 
   #define MINIMAL_BLOCK_SIZE 64

instrumentation/afl-compiler-rt.o.c

@@ -2670,6 +2670,89 @@ void __cmplog_rtn_llvm_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) {
 
 }
 
+/* llvm weak hooks */
+
+void __sanitizer_weak_hook_memcmp(void *pc, const void *s1, const void *s2,
+                                  size_t n, int result) {
+
+  __cmplog_rtn_hook_n((u8 *)s1, (u8 *)s2, (u64)n);
+  (void)pc;
+  (void)result;
+
+}
+
+void __sanitizer_weak_hook_memmem(void *pc, const void *s1, size_t len1,
+                                  const void *s2, size_t len2, void *result) {
+
+  __cmplog_rtn_hook_n((u8 *)s1, (u8 *)s2, len1 < len2 ? (u64)len1 : (u64)len2);
+  (void)pc;
+  (void)result;
+
+}
+
+void __sanitizer_weak_hook_strncasecmp(void *pc, const void *s1, const void *s2,
+                                       size_t n, int result) {
+
+  __cmplog_rtn_hook_strn((u8 *)s1, (u8 *)s2, (u64)n);
+  (void)pc;
+  (void)result;
+
+}
+
+void __sanitizer_weak_hook_strncasestr(void *pc, const void *s1, const void *s2,
+                                       size_t n, char *result) {
+
+  __cmplog_rtn_hook_strn((u8 *)s1, (u8 *)s2, (u64)n);
+  (void)pc;
+  (void)result;
+
+}
+
+void __sanitizer_weak_hook_strncmp(void *pc, const void *s1, const void *s2,
+                                   size_t n, int result) {
+
+  __cmplog_rtn_hook_strn((u8 *)s1, (u8 *)s2, (u64)n);
+  (void)pc;
+  (void)result;
+
+}
+
+void __sanitizer_weak_hook_strcasecmp(void *pc, const void *s1, const void *s2,
+                                      int result) {
+
+  __cmplog_rtn_hook_str((u8 *)s1, (u8 *)s2);
+  (void)pc;
+  (void)result;
+
+}
+
+void __sanitizer_weak_hook_strcasestr(void *pc, const void *s1, const void *s2,
+                                      size_t n, char *result) {
+
+  __cmplog_rtn_hook_str((u8 *)s1, (u8 *)s2);
+  (void)pc;
+  (void)result;
+
+}
+
+void __sanitizer_weak_hook_strcmp(void *pc, const void *s1, const void *s2,
+                                  int result) {
+
+  __cmplog_rtn_hook_str((u8 *)s1, (u8 *)s2);
+  (void)pc;
+  (void)result;
+
+}
+
+void __sanitizer_weak_hook_strstr(void *pc, const void *s1, const void *s2,
+                                  char *result) {
+
+  __cmplog_rtn_hook_str((u8 *)s1, (u8 *)s2);
+  (void)pc;
+  (void)result;
+
+}
+
 /* COVERAGE manipulation features */
 
 // this variable is then used in the shm setup to create an additional map

src/afl-cc.c

@@ -1764,6 +1764,41 @@ static u8 fsanitize_fuzzer_comma(char *string) {
 
 }
 
+/* Add params to link with libAFLDriver.a on request */
+static void add_aflpplib(aflcc_state_t *aflcc) {
+
+  if (!aflcc->need_aflpplib) return;
+
+  u8 *afllib = find_object(aflcc, "libAFLDriver.a");
+
+  if (!be_quiet) {
+
+    OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a");
+
+  }
+
+  if (!afllib) {
+
+    if (!be_quiet) {
+
+      WARNF(
+          "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in "
+          "the flags - this will fail!");
+
+    }
+
+  } else {
+
+    insert_param(aflcc, afllib);
+
+#ifdef __APPLE__
+    insert_param(aflcc, "-Wl,-undefined,dynamic_lookup");
+#endif
+
+  }
+
+}
+
 /*
   Parse and process possible -fsanitize related args, return PARAM_MISS
   if nothing matched. We have 3 main tasks here for these args:
@@ -1777,6 +1812,7 @@ static u8 fsanitize_fuzzer_comma(char *string) {
 param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
 
   param_st final_ = PARAM_MISS;
+  u8       insert = 0;
 
 // MACRO START
 #define HAVE_SANITIZER_SCAN_KEEP(v, k)        \
@@ -1822,6 +1858,7 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
     if (scan) {
 
       aflcc->need_aflpplib = 1;
+      insert = 1;
       final_ = PARAM_SCAN;
 
     } else {
@@ -1842,6 +1879,7 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
       if (fsanitize_fuzzer_comma(cur_argv_)) {
 
         aflcc->need_aflpplib = 1;
+        insert = 1;
         final_ = PARAM_SCAN;
 
       }
@@ -1882,7 +1920,8 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) {
 
   }
 
-  if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv);
+  if (final_ == PARAM_KEEP) { insert_param(aflcc, cur_argv); }
+  if (insert) { add_aflpplib(aflcc); }
 
   return final_;
 
@@ -2352,41 +2391,6 @@ void add_lto_passes(aflcc_state_t *aflcc) {
 
 }
 
-/* Add params to link with libAFLDriver.a on request */
-static void add_aflpplib(aflcc_state_t *aflcc) {
-
-  if (!aflcc->need_aflpplib) return;
-
-  u8 *afllib = find_object(aflcc, "libAFLDriver.a");
-
-  if (!be_quiet) {
-
-    OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a");
-
-  }
-
-  if (!afllib) {
-
-    if (!be_quiet) {
-
-      WARNF(
-          "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in "
-          "the flags - this will fail!");
-
-    }
-
-  } else {
-
-    insert_param(aflcc, afllib);
-
-#ifdef __APPLE__
-    insert_param(aflcc, "-Wl,-undefined,dynamic_lookup");
-#endif
-
-  }
-
-}
-
 /* Add params to link with runtimes depended by our instrumentation */
 void add_runtime(aflcc_state_t *aflcc) {
 
@@ -2479,7 +2483,7 @@ void add_runtime(aflcc_state_t *aflcc) {
 
 #endif
 
-  add_aflpplib(aflcc);
+  add_aflpplib(aflcc);  // double insertion helps compiling
 
 #if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__
   insert_param(aflcc, "-Wl,-lrt");
@@ -2614,6 +2618,7 @@ void add_misc_params(aflcc_state_t *aflcc) {
     insert_param(aflcc, "-fno-builtin-strcasecmp");
     insert_param(aflcc, "-fno-builtin-strncasecmp");
     insert_param(aflcc, "-fno-builtin-memcmp");
+    insert_param(aflcc, "-fno-builtin-memmem");
     insert_param(aflcc, "-fno-builtin-bcmp");
     insert_param(aflcc, "-fno-builtin-strstr");
     insert_param(aflcc, "-fno-builtin-strcasestr");

src/afl-fuzz.c

@@ -3430,7 +3430,7 @@ stop_fuzzing:
 
       ZLIBCLOSE(fr_fd);
       afl->var_byte_count = count_bytes(afl, afl->var_bytes);
-      OKF("Written fastresume.bin with %u bytes!", w);
+      OKF("fastresume.bin succesfully written with %u bytes.", w);
 
     } else {