ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 20:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

code format (contributors, do it!)

Browse Source
This commit is contained in:
Andrea Fioraldi
2019-12-02 14:34:21 +01:00
parent e9ed056913
commit 124ec8d297
25 changed files with 258 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -236,7 +236,7 @@ code-format:
./.custom-format.py -i llvm_mode/*.h ./.custom-format.py -i llvm_mode/*.h
./.custom-format.py -i llvm_mode/*.cc ./.custom-format.py -i llvm_mode/*.cc
./.custom-format.py -i gcc_plugin/*.c ./.custom-format.py -i gcc_plugin/*.c
./.custom-format.py -i gcc_plugin/*.h #./.custom-format.py -i gcc_plugin/*.h
./.custom-format.py -i gcc_plugin/*.cc ./.custom-format.py -i gcc_plugin/*.cc
./.custom-format.py -i qemu_mode/patches/*.h ./.custom-format.py -i qemu_mode/patches/*.h
./.custom-format.py -i qemu_mode/libcompcov/*.c ./.custom-format.py -i qemu_mode/libcompcov/*.c

23
gcc_plugin/afl-gcc-pass.so.cc
View File

@ -166,7 +166,7 @@ static unsigned int ext_call_instrument(function *fun) {
fcall = gimple_build_call( fcall = gimple_build_call(
fndecl, 1, fndecl, 1,
cur_loc); /* generate the function _call_ to above built reference, with cur_loc); /* generate the function _call_ to above built reference, with
*1* parameter -> the random const for the location */ *1* parameter -> the random const for the location */
gimple_seq_add_stmt(&seq, fcall); /* and insert into a sequence */ gimple_seq_add_stmt(&seq, fcall); /* and insert into a sequence */
/* Done - grab the entry to the block and insert sequence */ /* Done - grab the entry to the block and insert sequence */
@ -202,10 +202,9 @@ static unsigned int inline_instrument(function *fun) {
basic_block bb; basic_block bb;
unsigned finst_blocks = 0; unsigned finst_blocks = 0;
unsigned fcnt_blocks = 0; unsigned fcnt_blocks = 0;
tree one = build_int_cst(unsigned_char_type_node, 1); tree one = build_int_cst(unsigned_char_type_node, 1);
// tree zero = build_int_cst(unsigned_char_type_node, 0); // tree zero = build_int_cst(unsigned_char_type_node, 0);
/* Set up global type declarations */ /* Set up global type declarations */
tree map_type = build_pointer_type(unsigned_char_type_node); tree map_type = build_pointer_type(unsigned_char_type_node);
tree map_ptr_g = tree map_ptr_g =
@ -417,8 +416,8 @@ class afl_pass : public gimple_opt_pass {
if (!myWhitelist.empty()) { if (!myWhitelist.empty()) {
bool instrumentBlock = false; bool instrumentBlock = false;
std::string instFilename; std::string instFilename;
unsigned int instLine = 0; unsigned int instLine = 0;
/* EXPR_FILENAME /* EXPR_FILENAME
@ -467,13 +466,17 @@ class afl_pass : public gimple_opt_pass {
if (!instrumentBlock) { if (!instrumentBlock) {
if (!be_quiet) { if (!be_quiet) {
if (!instFilename.empty())
SAYF(cYEL "[!] " cBRI "Not in whitelist, skipping %s line %u...\n", if (!instFilename.empty())
instFilename.c_str(), instLine); SAYF(cYEL "[!] " cBRI "Not in whitelist, skipping %s line %u...\n",
else instFilename.c_str(), instLine);
SAYF(cYEL "[!] " cBRI "No filename information found, skipping it"); else
SAYF(cYEL "[!] " cBRI "No filename information found, skipping it");
} }
return 0; return 0;
} }
} }

12
gcc_plugin/afl-gcc-rt.o.c
View File

@ -55,9 +55,9 @@ __thread u32 __afl_prev_loc;
/* Trace a basic block with some ID */ /* Trace a basic block with some ID */
void __afl_trace(const u32 x) { void __afl_trace(const u32 x) {
#if 1 /* enable for neverZero feature. */ #if 1 /* enable for neverZero feature. */
__afl_area_ptr[__afl_prev_loc ^ x] += 1 __afl_area_ptr[__afl_prev_loc ^ x] +=
+ ((u8)(1 + __afl_area_ptr[__afl_prev_loc ^ x]) == 0); 1 + ((u8)(1 + __afl_area_ptr[__afl_prev_loc ^ x]) == 0);
#else #else
++__afl_area_ptr[__afl_prev_loc ^ x]; ++__afl_area_ptr[__afl_prev_loc ^ x];
#endif #endif
@ -84,9 +84,9 @@ static void __afl_map_shm(void) {
if (id_str) { if (id_str) {
#ifdef USEMMAP #ifdef USEMMAP
const char* shm_file_path = id_str; const char * shm_file_path = id_str;
int shm_fd = -1; int shm_fd = -1;
unsigned char* shm_base = NULL; unsigned char *shm_base = NULL;
/* create the shared memory segment as if it was a file */ /* create the shared memory segment as if it was a file */
shm_fd = shm_open(shm_file_path, O_RDWR, 0600); shm_fd = shm_open(shm_file_path, O_RDWR, 0600);
@ -265,7 +265,7 @@ int __afl_persistent_loop(unsigned int max_cnt) {
} }
return 0; return 0;
} }

2
include/afl-fuzz.h
View File

@ -409,7 +409,7 @@ extern u32 rand_cnt; /* Random number counter */
#endif #endif
extern u32 rand_seed[2]; extern u32 rand_seed[2];
extern s64 init_seed; extern s64 init_seed;
extern u64 total_cal_us, /* Total calibration time (us) */ extern u64 total_cal_us, /* Total calibration time (us) */
total_cal_cycles; /* Total calibration cycles */ total_cal_cycles; /* Total calibration cycles */

6
include/android-ashmem.h
View File

@ -63,7 +63,8 @@ static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) {
} }
static inline int shmget(key_t __key, size_t __size, int __shmflg) { static inline int shmget(key_t __key, size_t __size, int __shmflg) {
(void) __shmflg;
(void)__shmflg;
int fd, ret; int fd, ret;
char ourkey[11]; char ourkey[11];
@ -86,7 +87,8 @@ error:
} }
static inline void *shmat(int __shmid, const void *__shmaddr, int __shmflg) { static inline void *shmat(int __shmid, const void *__shmaddr, int __shmflg) {
(void) __shmflg;
(void)__shmflg;
int size; int size;
void *ptr; void *ptr;

6
include/config.h
View File

@ -41,7 +41,7 @@
/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */ /* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */
#ifndef ANDROID_DISABLE_FANCY // Fancy boxes are ugly from adb #ifndef ANDROID_DISABLE_FANCY // Fancy boxes are ugly from adb
#define FANCY_BOXES #define FANCY_BOXES
#endif #endif
@ -55,7 +55,7 @@
#define EXEC_TM_ROUND 20 #define EXEC_TM_ROUND 20
/* 64bit arch MACRO */ /* 64bit arch MACRO */
#if (defined (__x86_64__) || defined (__arm64__) || defined (__aarch64__)) #if (defined(__x86_64__) || defined(__arm64__) || defined(__aarch64__))
#define WORD_SIZE_64 1 #define WORD_SIZE_64 1
#endif #endif
@ -65,7 +65,7 @@
#define MEM_LIMIT 25 #define MEM_LIMIT 25
#else #else
#define MEM_LIMIT 50 #define MEM_LIMIT 50
#endif /* ^!WORD_SIZE_64 */ #endif /* ^!WORD_SIZE_64 */
/* Default memory limit when running in QEMU mode (MB): */ /* Default memory limit when running in QEMU mode (MB): */

113
libdislocator/libdislocator.so.c
View File

@ -34,10 +34,27 @@
#include <unistd.h> #include <unistd.h>
#include <sys/syscall.h> #include <sys/syscall.h>
#ifdef __NR_getrandom #ifdef __NR_getrandom
#define arc4random_buf(p, l) do { ssize_t rd = syscall(__NR_getrandom, p, l, 0); if (rd != l) DEBUGF("getrandom failed"); } while(0) #define arc4random_buf(p, l) \
do { \
\
ssize_t rd = syscall(__NR_getrandom, p, l, 0); \
if (rd != l) DEBUGF("getrandom failed"); \
\
} while (0)
#else #else
#include <time.h> #include <time.h>
#define arc4random_buf(p, l) do { srand(time(NULL)); u32 i; u8 *ptr = (u8 *)p; for(i = 0; i < l; i++) ptr[i] = rand() % INT_MAX; } while(0) #define arc4random_buf(p, l) \
do { \
\
srand(time(NULL)); \
u32 i; \
u8* ptr = (u8*)p; \
for (i = 0; i < l; i++) \
ptr[i] = rand() % INT_MAX; \
\
} while (0)
#endif #endif
#endif #endif
@ -52,7 +69,7 @@
#define MAP_ANONYMOUS MAP_ANON #define MAP_ANONYMOUS MAP_ANON
#endif /* !MAP_ANONYMOUS */ #endif /* !MAP_ANONYMOUS */
#define SUPER_PAGE_SIZE 1<<21 #define SUPER_PAGE_SIZE 1 << 21
/* Error / message handling: */ /* Error / message handling: */
@ -106,7 +123,7 @@ static u8 alloc_verbose, /* Additional debug messages */
hard_fail, /* abort() when max_mem exceeded? */ hard_fail, /* abort() when max_mem exceeded? */
no_calloc_over; /* abort() on calloc() overflows? */ no_calloc_over; /* abort() on calloc() overflows? */
#if defined __OpenBSD__ || defined __APPLE__ #if defined __OpenBSD__ || defined __APPLE__
#define __thread #define __thread
#warning no thread support available #warning no thread support available
#endif #endif
@ -122,9 +139,9 @@ static __thread u32 alloc_canary;
static void* __dislocator_alloc(size_t len) { static void* __dislocator_alloc(size_t len) {
void* ret; void* ret;
size_t tlen; size_t tlen;
int flags, fd, sp; int flags, fd, sp;
if (total_mem + len > max_mem || total_mem + len < total_mem) { if (total_mem + len > max_mem || total_mem + len < total_mem) {
@ -156,21 +173,22 @@ static void* __dislocator_alloc(size_t len) {
/* We will also store buffer length and a canary below the actual buffer, so /* We will also store buffer length and a canary below the actual buffer, so
let's add 8 bytes for that. */ let's add 8 bytes for that. */
ret = mmap(NULL, tlen, PROT_READ | PROT_WRITE, ret = mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0);
flags, fd, 0);
#if defined(USEHUGEPAGE) #if defined(USEHUGEPAGE)
/* We try one more time with regular call */ /* We try one more time with regular call */
if (ret == MAP_FAILED) { if (ret == MAP_FAILED) {
#if defined(__APPLE__) #if defined(__APPLE__)
fd = -1; fd = -1;
#elif defined(__linux__) #elif defined(__linux__)
flags &= -MAP_HUGETLB; flags &= -MAP_HUGETLB;
#elif defined(__FreeBSD__) #elif defined(__FreeBSD__)
flags &= -MAP_ALIGNED_SUPER; flags &= -MAP_ALIGNED_SUPER;
#endif #endif
ret = mmap(NULL, tlen, PROT_READ | PROT_WRITE, ret = mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0);
flags, fd, 0);
} }
#endif #endif
if (ret == MAP_FAILED) { if (ret == MAP_FAILED) {
@ -321,64 +339,75 @@ void* realloc(void* ptr, size_t len) {
a normal request */ a normal request */
int posix_memalign(void** ptr, size_t align, size_t len) { int posix_memalign(void** ptr, size_t align, size_t len) {
if (*ptr == NULL)
return EINVAL;
if ((align % 2) || (align % sizeof(void *)))
return EINVAL;
if (len == 0) {
*ptr = NULL;
return 0;
}
if (align >= 4 * sizeof(size_t)) len += align -1;
*ptr = malloc(len); if (*ptr == NULL) return EINVAL;
if ((align % 2) || (align % sizeof(void*))) return EINVAL;
if (len == 0) {
DEBUGF("posix_memalign(%p %zu, %zu)", ptr, align, len); *ptr = NULL;
return 0;
}
if (align >= 4 * sizeof(size_t)) len += align - 1;
*ptr = malloc(len);
DEBUGF("posix_memalign(%p %zu, %zu)", ptr, align, len);
return 0;
return 0;
} }
/* just the non-posix fashion */ /* just the non-posix fashion */
void *memalign(size_t align, size_t len) { void* memalign(size_t align, size_t len) {
void* ret = NULL;
if (posix_memalign(&ret, align, len)) { void* ret = NULL;
DEBUGF("memalign(%zu, %zu) failed", align, len);
} if (posix_memalign(&ret, align, len)) {
DEBUGF("memalign(%zu, %zu) failed", align, len);
}
return ret;
return ret;
} }
/* sort of C11 alias of memalign only more severe, alignment-wise */ /* sort of C11 alias of memalign only more severe, alignment-wise */
void *aligned_alloc(size_t align, size_t len) { void* aligned_alloc(size_t align, size_t len) {
void *ret = NULL;
if ((len % align)) return NULL; void* ret = NULL;
if (posix_memalign(&ret, align, len)) { if ((len % align)) return NULL;
DEBUGF("aligned_alloc(%zu, %zu) failed", align, len);
} if (posix_memalign(&ret, align, len)) {
DEBUGF("aligned_alloc(%zu, %zu) failed", align, len);
}
return ret;
return ret;
} }
__attribute__((constructor)) void __dislocator_init(void) { __attribute__((constructor)) void __dislocator_init(void) {
u8* tmp = (u8 *)getenv("AFL_LD_LIMIT_MB"); u8* tmp = (u8*)getenv("AFL_LD_LIMIT_MB");
if (tmp) { if (tmp) {
u8 *tok; u8* tok;
s32 mmem = (s32)strtol((char *)tmp, (char **)&tok, 10); s32 mmem = (s32)strtol((char*)tmp, (char**)&tok, 10);
if (*tok != '\0' || errno == ERANGE) FATAL("Bad value for AFL_LD_LIMIT_MB"); if (*tok != '\0' || errno == ERANGE) FATAL("Bad value for AFL_LD_LIMIT_MB");
max_mem = mmem * 1024 * 1024; max_mem = mmem * 1024 * 1024;
} }
alloc_canary = ALLOC_CANARY; alloc_canary = ALLOC_CANARY;
tmp = (u8 *)getenv("AFL_RANDOM_ALLOC_CANARY"); tmp = (u8*)getenv("AFL_RANDOM_ALLOC_CANARY");
if (tmp) arc4random_buf(&alloc_canary, sizeof(alloc_canary)); if (tmp) arc4random_buf(&alloc_canary, sizeof(alloc_canary));

21
llvm_mode/LLVMInsTrim.so.cc
View File

@ -158,9 +158,9 @@ struct InsTrim : public ModulePass {
if (!myWhitelist.empty()) { if (!myWhitelist.empty()) {
bool instrumentBlock = false; bool instrumentBlock = false;
DebugLoc Loc; DebugLoc Loc;
StringRef instFilename; StringRef instFilename;
unsigned int instLine = 0; unsigned int instLine = 0;
for (auto &BB : F) { for (auto &BB : F) {
@ -222,12 +222,17 @@ struct InsTrim : public ModulePass {
if (!instrumentBlock) { if (!instrumentBlock) {
if (!be_quiet) { if (!be_quiet) {
if (!instFilename.str().empty())
SAYF(cYEL "[!] " cBRI "Not in whitelist, skipping %s line %u...\n", if (!instFilename.str().empty())
instFilename.str().c_str(), instLine); SAYF(cYEL "[!] " cBRI
else "Not in whitelist, skipping %s line %u...\n",
SAYF(cYEL "[!] " cBRI "No filename information found, skipping it"); instFilename.str().c_str(), instLine);
else
SAYF(cYEL "[!] " cBRI
"No filename information found, skipping it");
} }
continue; continue;
} }

12
llvm_mode/afl-clang-fast.c
View File

@ -122,15 +122,19 @@ static void edit_params(u32 argc, char** argv) {
if (!strcmp(name, "afl-clang-fast++")) { if (!strcmp(name, "afl-clang-fast++")) {
u8* alt_cxx = getenv("AFL_CXX"); u8* alt_cxx = getenv("AFL_CXX");
if (has_llvm_config) snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", LLVM_BINDIR); if (has_llvm_config)
else sprintf(llvm_fullpath, "clang++"); snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", LLVM_BINDIR);
else
sprintf(llvm_fullpath, "clang++");
cc_params[0] = alt_cxx ? alt_cxx : (u8*)llvm_fullpath; cc_params[0] = alt_cxx ? alt_cxx : (u8*)llvm_fullpath;
} else { } else {
u8* alt_cc = getenv("AFL_CC"); u8* alt_cc = getenv("AFL_CC");
if (has_llvm_config) snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", LLVM_BINDIR); if (has_llvm_config)
else sprintf(llvm_fullpath, "clang"); snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", LLVM_BINDIR);
else
sprintf(llvm_fullpath, "clang");
cc_params[0] = alt_cc ? alt_cc : (u8*)llvm_fullpath; cc_params[0] = alt_cc ? alt_cc : (u8*)llvm_fullpath;
} }

12
llvm_mode/afl-llvm-pass.so.cc
View File

@ -94,12 +94,12 @@ bool AFLCoverage::runOnModule(Module &M) {
LLVMContext &C = M.getContext(); LLVMContext &C = M.getContext();
IntegerType *Int8Ty = IntegerType::getInt8Ty(C); IntegerType * Int8Ty = IntegerType::getInt8Ty(C);
IntegerType *Int32Ty = IntegerType::getInt32Ty(C); IntegerType * Int32Ty = IntegerType::getInt32Ty(C);
struct timeval tv; struct timeval tv;
struct timezone tz; struct timezone tz;
u32 rand_seed; u32 rand_seed;
unsigned int cur_loc = 0; unsigned int cur_loc = 0;
/* Setup random() so we get Actually Random(TM) outputs from AFL_R() */ /* Setup random() so we get Actually Random(TM) outputs from AFL_R() */
gettimeofday(&tv, &tz); gettimeofday(&tv, &tz);

12
llvm_mode/split-compares-pass.so.cc
View File

@ -103,11 +103,11 @@ bool SplitComparesTransform::simplifyCompares(Module &M) {
} }
if (enableFPSplit && ( if (enableFPSplit &&
selectcmpInst->getPredicate() == CmpInst::FCMP_OGE || (selectcmpInst->getPredicate() == CmpInst::FCMP_OGE ||
selectcmpInst->getPredicate() == CmpInst::FCMP_UGE || selectcmpInst->getPredicate() == CmpInst::FCMP_UGE ||
selectcmpInst->getPredicate() == CmpInst::FCMP_OLE || selectcmpInst->getPredicate() == CmpInst::FCMP_OLE ||
selectcmpInst->getPredicate() == CmpInst::FCMP_ULE)) { selectcmpInst->getPredicate() == CmpInst::FCMP_ULE)) {
auto op0 = selectcmpInst->getOperand(0); auto op0 = selectcmpInst->getOperand(0);
auto op1 = selectcmpInst->getOperand(1); auto op1 = selectcmpInst->getOperand(1);
@ -1046,7 +1046,7 @@ bool SplitComparesTransform::runOnModule(Module &M) {
char *bitw_env = getenv("LAF_SPLIT_COMPARES_BITW"); char *bitw_env = getenv("LAF_SPLIT_COMPARES_BITW");
if (!bitw_env) bitw_env = getenv("AFL_LLVM_LAF_SPLIT_COMPARES_BITW"); if (!bitw_env) bitw_env = getenv("AFL_LLVM_LAF_SPLIT_COMPARES_BITW");
if (bitw_env) { bitw = atoi(bitw_env); } if (bitw_env) { bitw = atoi(bitw_env); }
enableFPSplit = getenv("AFL_LLVM_LAF_SPLIT_FLOATS") != NULL; enableFPSplit = getenv("AFL_LLVM_LAF_SPLIT_FLOATS") != NULL;
simplifyCompares(M); simplifyCompares(M);

1
qemu_mode/libcompcov/libcompcov.so.c
View File

@ -340,7 +340,6 @@ int memcmp(const void* mem1, const void* mem2, size_t len) {
// TODO bcmp // TODO bcmp
/* Common libraries wrappers (from honggfuzz) */ /* Common libraries wrappers (from honggfuzz) */
/* /*

6
qemu_mode/patches/afl-qemu-cpu-inl.h
View File

@ -83,8 +83,8 @@ __thread abi_ulong afl_prev_loc;
/* Set in the child process in forkserver mode: */ /* Set in the child process in forkserver mode: */
static int forkserver_installed = 0; static int forkserver_installed = 0;
static int disable_caching = 0; static int disable_caching = 0;
unsigned char afl_fork_child; unsigned char afl_fork_child;
unsigned int afl_forksrv_pid; unsigned int afl_forksrv_pid;
@ -207,7 +207,7 @@ static void afl_setup(void) {
behaviour, and seems to work alright? */ behaviour, and seems to work alright? */
rcu_disable_atfork(); rcu_disable_atfork();
disable_caching = getenv("AFL_QEMU_DISABLE_CACHE") != NULL; disable_caching = getenv("AFL_QEMU_DISABLE_CACHE") != NULL;
is_persistent = getenv("AFL_QEMU_PERSISTENT_ADDR") != NULL; is_persistent = getenv("AFL_QEMU_PERSISTENT_ADDR") != NULL;

48
qemu_mode/patches/afl-qemu-floats.h
View File

@ -35,24 +35,30 @@
#include "afl-qemu-common.h" #include "afl-qemu-common.h"
union afl_float32 { union afl_float32 {
float32 f; float32 f;
struct { struct {
u64 sign : 1;
u64 exp : 7;
u64 frac : 24;
};
};
u64 sign : 1;
u64 exp : 7;
u64 frac : 24;
};
};
union afl_float64 { union afl_float64 {
float64 f; float64 f;
struct { struct {
u64 sign : 1;
u64 exp : 11;
u64 frac : 52;
};
};
u64 sign : 1;
u64 exp : 11;
u64 frac : 52;
};
};
// TODO 16 and 128 bits floats // TODO 16 and 128 bits floats
// TODO figure out why float*_unpack_canonical does not work // TODO figure out why float*_unpack_canonical does not work
@ -65,11 +71,11 @@ void afl_float_compcov_log_32(target_ulong cur_loc, float32 arg1, float32 arg2,
if (cur_loc >= afl_inst_rms) return; if (cur_loc >= afl_inst_rms) return;
//float_status* s = (float_status*)status; // float_status* s = (float_status*)status;
//FloatParts a = float32_unpack_canonical(arg1, s); // FloatParts a = float32_unpack_canonical(arg1, s);
//FloatParts b = float32_unpack_canonical(arg2, s); // FloatParts b = float32_unpack_canonical(arg2, s);
union afl_float32 a = { .f = arg1 }; union afl_float32 a = {.f = arg1};
union afl_float32 b = { .f = arg2 }; union afl_float32 b = {.f = arg2};
// if (is_nan(a.cls) || is_nan(b.cls)) return; // if (is_nan(a.cls) || is_nan(b.cls)) return;
@ -97,11 +103,11 @@ void afl_float_compcov_log_64(target_ulong cur_loc, float64 arg1, float64 arg2,
if (cur_loc >= afl_inst_rms) return; if (cur_loc >= afl_inst_rms) return;
//float_status* s = (float_status*)status; // float_status* s = (float_status*)status;
//FloatParts a = float64_unpack_canonical(arg1, s); // FloatParts a = float64_unpack_canonical(arg1, s);
//FloatParts b = float64_unpack_canonical(arg2, s); // FloatParts b = float64_unpack_canonical(arg2, s);
union afl_float64 a = { .f = arg1 }; union afl_float64 a = {.f = arg1};
union afl_float64 b = { .f = arg2 }; union afl_float64 b = {.f = arg2};
// if (is_nan(a.cls) || is_nan(b.cls)) return; // if (is_nan(a.cls) || is_nan(b.cls)) return;
@ -196,7 +202,7 @@ void afl_float_compcov_log_80(target_ulong cur_loc, floatx80 arg1,
if ((arg1.low & 0xff00) == (arg2.low & 0xff00)) { if ((arg1.low & 0xff00) == (arg2.low & 0xff00)) {
INC_AFL_AREA(idx + 9); INC_AFL_AREA(idx + 9);
//if ((arg1.low & 0xff) == (arg2.low & 0xff)) // if ((arg1.low & 0xff) == (arg2.low & 0xff))
// INC_AFL_AREA(idx + 10); // INC_AFL_AREA(idx + 10);
} }

3
src/afl-analyze.c
View File

@ -987,7 +987,8 @@ int main(int argc, char** argv) {
if (child_timed_out) if (child_timed_out)
FATAL("Target binary times out (adjusting -t may help)."); FATAL("Target binary times out (adjusting -t may help).");
if (getenv("AFL_SKIP_BIN_CHECK") == NULL && !anything_set()) FATAL("No instrumentation detected."); if (getenv("AFL_SKIP_BIN_CHECK") == NULL && !anything_set())
FATAL("No instrumentation detected.");
analyze(use_argv); analyze(use_argv);

2
src/afl-as.c
View File

@ -83,7 +83,7 @@ static u8 use_64bit = 0;
#error "Sorry, 32-bit Apple platforms are not supported." #error "Sorry, 32-bit Apple platforms are not supported."
#endif /* __APPLE__ */ #endif /* __APPLE__ */
#endif /* ^WORD_SIZE_64 */ #endif /* ^WORD_SIZE_64 */
/* Examine and modify parameters to pass to 'as'. Note that the file name /* Examine and modify parameters to pass to 'as'. Note that the file name
is always the last parameter passed by GCC, so we exploit this property is always the last parameter passed by GCC, so we exploit this property

12
src/afl-fuzz-bitmap.c
View File

@ -87,7 +87,7 @@ u8 has_new_bits(u8* virgin_map) {
u32 i = (MAP_SIZE >> 2); u32 i = (MAP_SIZE >> 2);
#endif /* ^WORD_SIZE_64 */ #endif /* ^WORD_SIZE_64 */
u8 ret = 0; u8 ret = 0;
@ -125,7 +125,7 @@ u8 has_new_bits(u8* virgin_map) {
else else
ret = 1; ret = 1;
#endif /* ^WORD_SIZE_64 */ #endif /* ^WORD_SIZE_64 */
} }
@ -306,7 +306,7 @@ void simplify_trace(u32* mem) {
} }
#endif /* ^WORD_SIZE_64 */ #endif /* ^WORD_SIZE_64 */
/* Destructively classify execution counts in a trace. This is used as a /* Destructively classify execution counts in a trace. This is used as a
preprocessing step for any newly acquired traces. Called on every exec, preprocessing step for any newly acquired traces. Called on every exec,
@ -391,7 +391,7 @@ void classify_counts(u32* mem) {
} }
#endif /* ^WORD_SIZE_64 */ #endif /* ^WORD_SIZE_64 */
/* Compact trace bytes into a smaller bitmap. We effectively just drop the /* Compact trace bytes into a smaller bitmap. We effectively just drop the
count information here. This is called only sporadically, for some count information here. This is called only sporadically, for some
@ -599,7 +599,7 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) {
simplify_trace((u64*)trace_bits); simplify_trace((u64*)trace_bits);
#else #else
simplify_trace((u32*)trace_bits); simplify_trace((u32*)trace_bits);
#endif /* ^WORD_SIZE_64 */ #endif /* ^WORD_SIZE_64 */
if (!has_new_bits(virgin_tmout)) return keeping; if (!has_new_bits(virgin_tmout)) return keeping;
@ -662,7 +662,7 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) {
simplify_trace((u64*)trace_bits); simplify_trace((u64*)trace_bits);
#else #else
simplify_trace((u32*)trace_bits); simplify_trace((u32*)trace_bits);
#endif /* ^WORD_SIZE_64 */ #endif /* ^WORD_SIZE_64 */
if (!has_new_bits(virgin_crash)) return keeping; if (!has_new_bits(virgin_crash)) return keeping;

4
src/afl-fuzz-globals.c
View File

@ -96,7 +96,7 @@ u8 schedule = EXPLORE; /* Power schedule (default: EXPLORE)*/
u8 havoc_max_mult = HAVOC_MAX_MULT; u8 havoc_max_mult = HAVOC_MAX_MULT;
u8 use_radamsa; u8 use_radamsa;
size_t (*radamsa_mutate_ptr)(u8*, size_t, u8*, size_t, u32); size_t (*radamsa_mutate_ptr)(u8 *, size_t, u8 *, size_t, u32);
u8 skip_deterministic, /* Skip deterministic stages? */ u8 skip_deterministic, /* Skip deterministic stages? */
force_deterministic, /* Force deterministic stages? */ force_deterministic, /* Force deterministic stages? */
@ -215,7 +215,7 @@ u32 rand_cnt; /* Random number counter */
#endif #endif
u32 rand_seed[2]; u32 rand_seed[2];
s64 init_seed; s64 init_seed;
u64 total_cal_us, /* Total calibration time (us) */ u64 total_cal_us, /* Total calibration time (us) */
total_cal_cycles; /* Total calibration cycles */ total_cal_cycles; /* Total calibration cycles */

18
src/afl-fuzz-init.c
View File

@ -142,7 +142,8 @@ void bind_to_free_cpu(void) {
if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 10) if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 10)
cpu_used[procs[i].ki_oncpu] = 1; cpu_used[procs[i].ki_oncpu] = 1;
#elif defined(__DragonFly__) #elif defined(__DragonFly__)
if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) && procs[i].kp_lwp.kl_pctcpu > 10) if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) &&
procs[i].kp_lwp.kl_pctcpu > 10)
cpu_used[procs[i].kp_lwp.kl_cpuid] = 1; cpu_used[procs[i].kp_lwp.kl_cpuid] = 1;
#endif #endif
@ -734,7 +735,8 @@ void pivot_inputs(void) {
use_name += 6; use_name += 6;
else else
use_name = rsl; use_name = rsl;
nfn = alloc_printf("%s/queue/id:%06u,time:0,orig:%s", out_dir, id, use_name); nfn = alloc_printf("%s/queue/id:%06u,time:0,orig:%s", out_dir, id,
use_name);
#else #else
@ -1563,8 +1565,10 @@ void check_cpu_governor(void) {
" You can later go back to the original state by replacing " " You can later go back to the original state by replacing "
"'performance'\n" "'performance'\n"
" with 'ondemand' or 'powersave'. If you don't want to change the settings,\n" " with 'ondemand' or 'powersave'. If you don't want to change the "
" set AFL_SKIP_CPUFREQ to make afl-fuzz skip this check - but expect some\n" "settings,\n"
" set AFL_SKIP_CPUFREQ to make afl-fuzz skip this check - but expect "
"some\n"
" performance drop.\n", " performance drop.\n",
min / 1024, max / 1024); min / 1024, max / 1024);
FATAL("Suboptimal CPU scaling governor"); FATAL("Suboptimal CPU scaling governor");
@ -1609,7 +1613,8 @@ void check_cpu_governor(void) {
void get_core_count(void) { void get_core_count(void) {
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
defined(__DragonFly__)
size_t s = sizeof(cpu_core_count); size_t s = sizeof(cpu_core_count);
@ -1655,7 +1660,8 @@ void get_core_count(void) {
cur_runnable = (u32)get_runnable_processes(); cur_runnable = (u32)get_runnable_processes();
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
defined(__DragonFly__)
/* Add ourselves, since the 1-minute average doesn't include that yet. */ /* Add ourselves, since the 1-minute average doesn't include that yet. */

39
src/afl-fuzz-one.c
View File

@ -480,8 +480,7 @@ u8 fuzz_one_original(char** argv) {
if (perf_score == 0) goto abandon_entry; if (perf_score == 0) goto abandon_entry;
if (use_radamsa > 1) if (use_radamsa > 1) goto radamsa_stage;
goto radamsa_stage;
if (custom_mutator) { if (custom_mutator) {
@ -541,6 +540,7 @@ u8 fuzz_one_original(char** argv) {
? queue_cur->depth * 30 ? queue_cur->depth * 30
: havoc_max_mult * 100)) || : havoc_max_mult * 100)) ||
queue_cur->passed_det) { queue_cur->passed_det) {
if (use_radamsa > 1) if (use_radamsa > 1)
goto radamsa_stage; goto radamsa_stage;
else else
@ -549,12 +549,14 @@ u8 fuzz_one_original(char** argv) {
#else #else
goto havoc_stage; goto havoc_stage;
#endif #endif
} }
/* Skip deterministic fuzzing if exec path checksum puts this out of scope /* Skip deterministic fuzzing if exec path checksum puts this out of scope
for this master instance. */ for this master instance. */
if (master_max && (queue_cur->exec_cksum % master_max) != master_id - 1) { if (master_max && (queue_cur->exec_cksum % master_max) != master_id - 1) {
if (use_radamsa > 1) if (use_radamsa > 1)
goto radamsa_stage; goto radamsa_stage;
else else
@ -563,6 +565,7 @@ u8 fuzz_one_original(char** argv) {
#else #else
goto havoc_stage; goto havoc_stage;
#endif #endif
} }
doing_det = 1; doing_det = 1;
@ -2279,39 +2282,39 @@ retry_splicing:
ret_val = 0; ret_val = 0;
goto radamsa_stage; goto radamsa_stage;
radamsa_stage: radamsa_stage:
if (!use_radamsa || !radamsa_mutate_ptr) if (!use_radamsa || !radamsa_mutate_ptr) goto abandon_entry;
goto abandon_entry;
stage_name = "radamsa"; stage_name = "radamsa";
stage_short = "radamsa"; stage_short = "radamsa";
stage_max = (HAVOC_CYCLES * perf_score / havoc_div / 100) << use_radamsa; stage_max = (HAVOC_CYCLES * perf_score / havoc_div / 100) << use_radamsa;
if (stage_max < HAVOC_MIN) stage_max = HAVOC_MIN; if (stage_max < HAVOC_MIN) stage_max = HAVOC_MIN;
orig_hit_cnt = queued_paths + unique_crashes; orig_hit_cnt = queued_paths + unique_crashes;
/* Read the additional testcase into a new buffer. */ /* Read the additional testcase into a new buffer. */
u8 *save_buf = ck_alloc_nozero(len); u8* save_buf = ck_alloc_nozero(len);
memcpy(save_buf, out_buf, len); memcpy(save_buf, out_buf, len);
u32 max_len = len + choose_block_len(HAVOC_BLK_XL); u32 max_len = len + choose_block_len(HAVOC_BLK_XL);
u8* new_buf = ck_alloc_nozero(max_len); u8* new_buf = ck_alloc_nozero(max_len);
u8 *tmp_buf; u8* tmp_buf;
for (stage_cur = 0; stage_cur < stage_max; ++stage_cur) { for (stage_cur = 0; stage_cur < stage_max; ++stage_cur) {
u32 new_len = radamsa_mutate_ptr(save_buf, len, new_buf, max_len, get_rand_seed());
u32 new_len =
radamsa_mutate_ptr(save_buf, len, new_buf, max_len, get_rand_seed());
if (new_len) { if (new_len) {
temp_len = new_len; temp_len = new_len;
tmp_buf = new_buf; tmp_buf = new_buf;
} else { } else {
tmp_buf = save_buf; // nope but I dont care tmp_buf = save_buf; // nope but I dont care
temp_len = len; temp_len = len;
} }
@ -2323,14 +2326,14 @@ radamsa_stage:
goto abandon_entry; goto abandon_entry;
} }
} }
ck_free(save_buf); ck_free(save_buf);
ck_free(new_buf); ck_free(new_buf);
new_hit_cnt = queued_paths + unique_crashes; new_hit_cnt = queued_paths + unique_crashes;
stage_finds[STAGE_RADAMSA] += new_hit_cnt - orig_hit_cnt; stage_finds[STAGE_RADAMSA] += new_hit_cnt - orig_hit_cnt;
stage_cycles[STAGE_RADAMSA] += stage_max; stage_cycles[STAGE_RADAMSA] += stage_max;

2
src/afl-fuzz-run.c
View File

@ -225,7 +225,7 @@ u8 run_target(char** argv, u32 timeout) {
classify_counts((u64*)trace_bits); classify_counts((u64*)trace_bits);
#else #else
classify_counts((u32*)trace_bits); classify_counts((u32*)trace_bits);
#endif /* ^WORD_SIZE_64 */ #endif /* ^WORD_SIZE_64 */
prev_timed_out = child_timed_out; prev_timed_out = child_timed_out;

29
src/afl-fuzz-stats.c
View File

@ -334,9 +334,9 @@ void show_stats(void) {
/* Lord, forgive me this. */ /* Lord, forgive me this. */
SAYF(SET_G1 bSTG bLT bH bSTOP cCYA SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
" overall results " bSTG bH2 bH2 bRT "\n"); " overall results " bSTG bH2 bH2 bRT "\n");
if (dumb_mode) { if (dumb_mode) {
@ -413,9 +413,9 @@ void show_stats(void) {
" uniq hangs : " cRST "%-6s" bSTG bV "\n", " uniq hangs : " cRST "%-6s" bSTG bV "\n",
DTD(cur_ms, last_hang_time), tmp); DTD(cur_ms, last_hang_time), tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
" map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
/* This gets funny because we want to print several variable-length variables /* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to together, but then cram them into a fixed-width field - so we need to
@ -443,9 +443,9 @@ void show_stats(void) {
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored), sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored),
((double)queued_favored) * 100 / queued_paths); ((double)queued_favored) * 100 / queued_paths);
@ -514,7 +514,7 @@ void show_stats(void) {
/* Aaaalmost there... hold on! */ /* Aaaalmost there... hold on! */
SAYF(bVR bH cCYA bSTOP SAYF(bVR bH cCYA bSTOP
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
" path geometry " bSTG bH5 bH2 bVL "\n"); " path geometry " bSTG bH5 bH2 bVL "\n");
@ -576,11 +576,12 @@ void show_stats(void) {
" imported : " cRST "%-10s" bSTG bV "\n", " imported : " cRST "%-10s" bSTG bV "\n",
tmp, sync_id ? DI(queued_imported) : (u8*)"n/a"); tmp, sync_id ? DI(queued_imported) : (u8*)"n/a");
sprintf(tmp, "%s/%s, %s/%s, %s/%s, %s/%s, %s/%s", DI(stage_finds[STAGE_HAVOC]), sprintf(tmp, "%s/%s, %s/%s, %s/%s, %s/%s, %s/%s",
DI(stage_cycles[STAGE_HAVOC]), DI(stage_finds[STAGE_SPLICE]), DI(stage_finds[STAGE_HAVOC]), DI(stage_cycles[STAGE_HAVOC]),
DI(stage_cycles[STAGE_SPLICE]), DI(stage_finds[STAGE_PYTHON]), DI(stage_finds[STAGE_SPLICE]), DI(stage_cycles[STAGE_SPLICE]),
DI(stage_cycles[STAGE_PYTHON]), DI(stage_finds[STAGE_RADAMSA]), DI(stage_finds[STAGE_PYTHON]), DI(stage_cycles[STAGE_PYTHON]),
DI(stage_cycles[STAGE_RADAMSA]), DI(stage_finds[STAGE_CUSTOM_MUTATOR]), DI(stage_finds[STAGE_RADAMSA]), DI(stage_cycles[STAGE_RADAMSA]),
DI(stage_finds[STAGE_CUSTOM_MUTATOR]),
DI(stage_cycles[STAGE_CUSTOM_MUTATOR])); DI(stage_cycles[STAGE_CUSTOM_MUTATOR]));
SAYF(bV bSTOP "havoc/custom : " cRST "%-36s " bSTG bV bSTOP, tmp); SAYF(bV bSTOP "havoc/custom : " cRST "%-36s " bSTG bV bSTOP, tmp);
@ -634,13 +635,13 @@ void show_stats(void) {
sprintf(tmp, "%s/%s", DI(stage_finds[STAGE_CUSTOM_MUTATOR]), sprintf(tmp, "%s/%s", DI(stage_finds[STAGE_CUSTOM_MUTATOR]),
DI(stage_cycles[STAGE_CUSTOM_MUTATOR])); DI(stage_cycles[STAGE_CUSTOM_MUTATOR]));
SAYF(bV bSTOP " custom mut. : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB SAYF(bV bSTOP " custom mut. : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB
"\n" bLB bH30 bH20 bH2 bH bRB bSTOP cRST RESET_G1, "\n" bLB bH30 bH20 bH2 bH bRB bSTOP cRST RESET_G1,
tmp); tmp);
} else { } else {
SAYF(bV bSTOP " trim : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB SAYF(bV bSTOP " trim : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB
"\n" bLB bH30 bH20 bH2 bRB bSTOP cRST RESET_G1, "\n" bLB bH30 bH20 bH2 bRB bSTOP cRST RESET_G1,
tmp); tmp);
} }

54
src/afl-fuzz.c
View File

@ -28,7 +28,7 @@
static u8* get_libradamsa_path(u8* own_loc) { static u8* get_libradamsa_path(u8* own_loc) {
u8 *tmp, *cp, *rsl, *own_copy; u8 *tmp, *cp, *rsl, *own_copy;
tmp = getenv("AFL_PATH"); tmp = getenv("AFL_PATH");
if (tmp) { if (tmp) {
@ -51,8 +51,7 @@ static u8* get_libradamsa_path(u8* own_loc) {
cp = alloc_printf("%s/libradamsa.so", own_copy); cp = alloc_printf("%s/libradamsa.so", own_copy);
ck_free(own_copy); ck_free(own_copy);
if (!access(cp, X_OK)) if (!access(cp, X_OK)) return cp;
return cp;
} else } else
@ -70,11 +69,12 @@ static u8* get_libradamsa_path(u8* own_loc) {
} }
SAYF("\n" cLRD "[-] " cRST SAYF(
"Oops, unable to find the 'libradamsa.so' binary. The binary must be " "\n" cLRD "[-] " cRST
"built\n" "Oops, unable to find the 'libradamsa.so' binary. The binary must be "
" separately using 'make radamsa'. If you already have the binary " "built\n"
"installed,\n you may need to specify AFL_PATH in the environment.\n"); " separately using 'make radamsa'. If you already have the binary "
"installed,\n you may need to specify AFL_PATH in the environment.\n");
FATAL("Failed to locate 'libradamsa.so'."); FATAL("Failed to locate 'libradamsa.so'.");
@ -109,10 +109,12 @@ static void usage(u8* argv0) {
" -m megs - memory limit for child process (%d MB)\n" " -m megs - memory limit for child process (%d MB)\n"
" -Q - use binary-only instrumentation (QEMU mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine mode)\n\n" " -W - use qemu-based instrumentation with Wine (Wine "
"mode)\n\n"
"Mutator settings:\n" "Mutator settings:\n"
" -R[R] - add Radamsa as mutator, add another -R to exclusivly run it\n" " -R[R] - add Radamsa as mutator, add another -R to exclusivly "
"run it\n"
" -L minutes - use MOpt(imize) mode and set the limit time for " " -L minutes - use MOpt(imize) mode and set the limit time for "
"entering the\n" "entering the\n"
" pacemaker mode (minutes of no new paths, 0 = " " pacemaker mode (minutes of no new paths, 0 = "
@ -184,9 +186,8 @@ int main(int argc, char** argv) {
struct timeval tv; struct timeval tv;
struct timezone tz; struct timezone tz;
SAYF(cCYA SAYF(cCYA "afl-fuzz" VERSION cRST
"afl-fuzz" VERSION cRST " based on afl by Michal Zalewski and a big online community\n");
" based on afl by Michal Zalewski and a big online community\n");
doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
@ -568,9 +569,9 @@ int main(int argc, char** argv) {
usage(argv[0]); usage(argv[0]);
return -1; return -1;
break; // not needed break; // not needed
case 'R': case 'R':
if (use_radamsa) if (use_radamsa)
use_radamsa = 2; use_radamsa = 2;
else else
@ -595,28 +596,30 @@ int main(int argc, char** argv) {
if (fixed_seed) OKF("Running with fixed seed: %u", (u32)init_seed); if (fixed_seed) OKF("Running with fixed seed: %u", (u32)init_seed);
srandom((u32)init_seed); srandom((u32)init_seed);
if (use_radamsa) { if (use_radamsa) {
OKF("Using Radamsa add-on"); OKF("Using Radamsa add-on");
u8* libradamsa_path = get_libradamsa_path(argv[0]); u8* libradamsa_path = get_libradamsa_path(argv[0]);
void* handle = dlopen(libradamsa_path, RTLD_NOW); void* handle = dlopen(libradamsa_path, RTLD_NOW);
ck_free(libradamsa_path); ck_free(libradamsa_path);
if (!handle) FATAL("Failed to dlopen() libradamsa"); if (!handle) FATAL("Failed to dlopen() libradamsa");
void (*radamsa_init_ptr)(void) = dlsym(handle, "radamsa_init"); void (*radamsa_init_ptr)(void) = dlsym(handle, "radamsa_init");
radamsa_mutate_ptr = dlsym(handle, "radamsa"); radamsa_mutate_ptr = dlsym(handle, "radamsa");
if (!radamsa_init_ptr || !radamsa_mutate_ptr) FATAL("Failed to dlsym() libradamsa"); if (!radamsa_init_ptr || !radamsa_mutate_ptr)
FATAL("Failed to dlsym() libradamsa");
/* randamsa_init installs some signal hadlers, call it before setup_signal_handlers /* randamsa_init installs some signal hadlers, call it before
so that AFL++ can then replace those signal handlers */ setup_signal_handlers so that AFL++ can then replace those signal
handlers */
radamsa_init_ptr(); radamsa_init_ptr();
} }
setup_signal_handlers(); setup_signal_handlers();
check_asan_opts(); check_asan_opts();
@ -648,8 +651,7 @@ int main(int argc, char** argv) {
} }
if (getenv("AFL_DISABLE_TRIM")) if (getenv("AFL_DISABLE_TRIM")) disable_trim = 1;
disable_trim = 1;
if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI")) if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI"))
FATAL("AFL_NO_UI and AFL_FORCE_UI are mutually exclusive"); FATAL("AFL_NO_UI and AFL_FORCE_UI are mutually exclusive");

11
src/afl-gotcpu.c
View File

@ -52,7 +52,8 @@
#include "types.h" #include "types.h"
#include "debug.h" #include "debug.h"
#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__) || defined(__DragonFly__) #if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || \
defined(__APPLE__) || defined(__DragonFly__)
#define HAVE_AFFINITY 1 #define HAVE_AFFINITY 1
#if defined(__FreeBSD__) || defined(__DragonFly__) #if defined(__FreeBSD__) || defined(__DragonFly__)
#include <pthread.h> #include <pthread.h>
@ -69,7 +70,7 @@
#include <mach/thread_act.h> #include <mach/thread_act.h>
#include <mach/thread_policy.h> #include <mach/thread_policy.h>
#endif #endif
#endif /* __linux__ || __FreeBSD__ || __NetBSD__ || __APPLE__ */ #endif /* __linux__ || __FreeBSD__ || __NetBSD__ || __APPLE__ */
/* Get unix time in microseconds. */ /* Get unix time in microseconds. */
@ -183,11 +184,11 @@ int main(int argc, char** argv) {
cpuset_set(i, c); cpuset_set(i, c);
#elif defined(__APPLE__) #elif defined(__APPLE__)
thread_affinity_policy_data_t c = { i }; thread_affinity_policy_data_t c = {i};
thread_port_t native_thread = pthread_mach_thread_np(pthread_self()); thread_port_t native_thread = pthread_mach_thread_np(pthread_self());
if (thread_policy_set(native_thread, THREAD_AFFINITY_POLICY, if (thread_policy_set(native_thread, THREAD_AFFINITY_POLICY,
(thread_policy_t)&c, 1) != KERN_SUCCESS) (thread_policy_t)&c, 1) != KERN_SUCCESS)
PFATAL("thread_policy_set failed"); PFATAL("thread_policy_set failed");
#endif #endif
#if defined(__FreeBSD__) || defined(__DragonFly__) #if defined(__FreeBSD__) || defined(__DragonFly__)

2
unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h
View File

@ -171,4 +171,6 @@ void HELPER(afl_compcov_log_64)(void* uc_ptr, uint64_t cur_loc, uint64_t arg1,
} }
} }
*/ */