ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-18 04:38:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

code format (contributors, do it!)

Browse Source
This commit is contained in:
Andrea Fioraldi
2019-12-02 14:34:21 +01:00
parent e9ed056913
commit 124ec8d297
25 changed files with 258 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -236,7 +236,7 @@ code-format:
./.custom-format.py -i llvm_mode/*.h
./.custom-format.py -i llvm_mode/*.cc
./.custom-format.py -i gcc_plugin/*.c
./.custom-format.py -i gcc_plugin/*.h
#./.custom-format.py -i gcc_plugin/*.h
./.custom-format.py -i gcc_plugin/*.cc
./.custom-format.py -i qemu_mode/patches/*.h
./.custom-format.py -i qemu_mode/libcompcov/*.c

5
gcc_plugin/afl-gcc-pass.so.cc
View File

@ -205,7 +205,6 @@ static unsigned int inline_instrument(function *fun) {
tree one = build_int_cst(unsigned_char_type_node, 1);
// tree zero = build_int_cst(unsigned_char_type_node, 0);
/* Set up global type declarations */
tree map_type = build_pointer_type(unsigned_char_type_node);
tree map_ptr_g =
@ -467,13 +466,17 @@ class afl_pass : public gimple_opt_pass {
if (!instrumentBlock) {
if (!be_quiet) {
if (!instFilename.empty())
SAYF(cYEL "[!] " cBRI "Not in whitelist, skipping %s line %u...\n",
instFilename.c_str(), instLine);
else
SAYF(cYEL "[!] " cBRI "No filename information found, skipping it");
}
return 0;
}
}

4
gcc_plugin/afl-gcc-rt.o.c
View File

@ -56,8 +56,8 @@ __thread u32 __afl_prev_loc;
void __afl_trace(const u32 x) {
#if 1 /* enable for neverZero feature. */
__afl_area_ptr[__afl_prev_loc ^ x] += 1
+ ((u8)(1 + __afl_area_ptr[__afl_prev_loc ^ x]) == 0);
__afl_area_ptr[__afl_prev_loc ^ x] +=
1 + ((u8)(1 + __afl_area_ptr[__afl_prev_loc ^ x]) == 0);
#else
++__afl_area_ptr[__afl_prev_loc ^ x];
#endif

2
include/android-ashmem.h
View File

@ -63,6 +63,7 @@ static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) {
}
static inline int shmget(key_t __key, size_t __size, int __shmflg) {
(void)__shmflg;
int fd, ret;
char ourkey[11];
@ -86,6 +87,7 @@ error:
}
static inline void *shmat(int __shmid, const void *__shmaddr, int __shmflg) {
(void)__shmflg;
int size;
void *ptr;

49
libdislocator/libdislocator.so.c
View File

@ -34,10 +34,27 @@
#include <unistd.h>
#include <sys/syscall.h>
#ifdef __NR_getrandom
#define arc4random_buf(p, l) do { ssize_t rd = syscall(__NR_getrandom, p, l, 0); if (rd != l) DEBUGF("getrandom failed"); } while(0)
#define arc4random_buf(p, l) \
do { \
\
ssize_t rd = syscall(__NR_getrandom, p, l, 0); \
if (rd != l) DEBUGF("getrandom failed"); \
\
} while (0)
#else
#include <time.h>
#define arc4random_buf(p, l) do { srand(time(NULL)); u32 i; u8 *ptr = (u8 *)p; for(i = 0; i < l; i++) ptr[i] = rand() % INT_MAX; } while(0)
#define arc4random_buf(p, l) \
do { \
\
srand(time(NULL)); \
u32 i; \
u8* ptr = (u8*)p; \
for (i = 0; i < l; i++) \
ptr[i] = rand() % INT_MAX; \
\
} while (0)
#endif
#endif
@ -156,11 +173,11 @@ static void* __dislocator_alloc(size_t len) {
/* We will also store buffer length and a canary below the actual buffer, so
let's add 8 bytes for that. */
ret = mmap(NULL, tlen, PROT_READ | PROT_WRITE,
flags, fd, 0);
ret = mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0);
#if defined(USEHUGEPAGE)
/* We try one more time with regular call */
if (ret == MAP_FAILED) {
#if defined(__APPLE__)
fd = -1;
#elif defined(__linux__)
@ -168,9 +185,10 @@ static void* __dislocator_alloc(size_t len) {
#elif defined(__FreeBSD__)
flags &= -MAP_ALIGNED_SUPER;
#endif
ret = mmap(NULL, tlen, PROT_READ | PROT_WRITE,
flags, fd, 0);
ret = mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0);
}
#endif
if (ret == MAP_FAILED) {
@ -321,14 +339,16 @@ void* realloc(void* ptr, size_t len) {
a normal request */
int posix_memalign(void** ptr, size_t align, size_t len) {
if (*ptr == NULL)
return EINVAL;
if ((align % 2) || (align % sizeof(void *)))
return EINVAL;
if (*ptr == NULL) return EINVAL;
if ((align % 2) || (align % sizeof(void*))) return EINVAL;
if (len == 0) {
*ptr = NULL;
return 0;
}
if (align >= 4 * sizeof(size_t)) len += align - 1;
*ptr = malloc(len);
@ -336,32 +356,41 @@ int posix_memalign(void** ptr, size_t align, size_t len) {
DEBUGF("posix_memalign(%p %zu, %zu)", ptr, align, len);
return 0;
}
/* just the non-posix fashion */
void* memalign(size_t align, size_t len) {
void* ret = NULL;
if (posix_memalign(&ret, align, len)) {
DEBUGF("memalign(%zu, %zu) failed", align, len);
}
return ret;
}
/* sort of C11 alias of memalign only more severe, alignment-wise */
void* aligned_alloc(size_t align, size_t len) {
void* ret = NULL;
if ((len % align)) return NULL;
if (posix_memalign(&ret, align, len)) {
DEBUGF("aligned_alloc(%zu, %zu) failed", align, len);
}
return ret;
}
__attribute__((constructor)) void __dislocator_init(void) {

9
llvm_mode/LLVMInsTrim.so.cc
View File

@ -222,12 +222,17 @@ struct InsTrim : public ModulePass {
if (!instrumentBlock) {
if (!be_quiet) {
if (!instFilename.str().empty())
SAYF(cYEL "[!] " cBRI "Not in whitelist, skipping %s line %u...\n",
SAYF(cYEL "[!] " cBRI
"Not in whitelist, skipping %s line %u...\n",
instFilename.str().c_str(), instLine);
else
SAYF(cYEL "[!] " cBRI "No filename information found, skipping it");
SAYF(cYEL "[!] " cBRI
"No filename information found, skipping it");
}
continue;
}

12
llvm_mode/afl-clang-fast.c
View File

@ -122,15 +122,19 @@ static void edit_params(u32 argc, char** argv) {
if (!strcmp(name, "afl-clang-fast++")) {
u8* alt_cxx = getenv("AFL_CXX");
if (has_llvm_config) snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", LLVM_BINDIR);
else sprintf(llvm_fullpath, "clang++");
if (has_llvm_config)
snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", LLVM_BINDIR);
else
sprintf(llvm_fullpath, "clang++");
cc_params[0] = alt_cxx ? alt_cxx : (u8*)llvm_fullpath;
} else {
u8* alt_cc = getenv("AFL_CC");
if (has_llvm_config) snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", LLVM_BINDIR);
else sprintf(llvm_fullpath, "clang");
if (has_llvm_config)
snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", LLVM_BINDIR);
else
sprintf(llvm_fullpath, "clang");
cc_params[0] = alt_cc ? alt_cc : (u8*)llvm_fullpath;
}

4
llvm_mode/split-compares-pass.so.cc
View File

@ -103,8 +103,8 @@ bool SplitComparesTransform::simplifyCompares(Module &M) {
}
if (enableFPSplit && (
selectcmpInst->getPredicate() == CmpInst::FCMP_OGE ||
if (enableFPSplit &&
(selectcmpInst->getPredicate() == CmpInst::FCMP_OGE ||
selectcmpInst->getPredicate() == CmpInst::FCMP_UGE ||
selectcmpInst->getPredicate() == CmpInst::FCMP_OLE ||
selectcmpInst->getPredicate() == CmpInst::FCMP_ULE)) {

1
qemu_mode/libcompcov/libcompcov.so.c
View File

@ -340,7 +340,6 @@ int memcmp(const void* mem1, const void* mem2, size_t len) {
// TODO bcmp
/* Common libraries wrappers (from honggfuzz) */
/*

10
qemu_mode/patches/afl-qemu-floats.h
View File

@ -35,24 +35,30 @@
#include "afl-qemu-common.h"
union afl_float32 {
float32 f;
struct {
u64 sign : 1;
u64 exp : 7;
u64 frac : 24;
};
};
};
union afl_float64 {
float64 f;
struct {
u64 sign : 1;
u64 exp : 11;
u64 frac : 52;
};
};
};
// TODO 16 and 128 bits floats
// TODO figure out why float*_unpack_canonical does not work

3
src/afl-analyze.c
View File

@ -987,7 +987,8 @@ int main(int argc, char** argv) {
if (child_timed_out)
FATAL("Target binary times out (adjusting -t may help).");
if (getenv("AFL_SKIP_BIN_CHECK") == NULL && !anything_set()) FATAL("No instrumentation detected.");
if (getenv("AFL_SKIP_BIN_CHECK") == NULL && !anything_set())
FATAL("No instrumentation detected.");
analyze(use_argv);

18
src/afl-fuzz-init.c
View File

@ -142,7 +142,8 @@ void bind_to_free_cpu(void) {
if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 10)
cpu_used[procs[i].ki_oncpu] = 1;
#elif defined(__DragonFly__)
if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) && procs[i].kp_lwp.kl_pctcpu > 10)
if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) &&
procs[i].kp_lwp.kl_pctcpu > 10)
cpu_used[procs[i].kp_lwp.kl_cpuid] = 1;
#endif
@ -734,7 +735,8 @@ void pivot_inputs(void) {
use_name += 6;
else
use_name = rsl;
nfn = alloc_printf("%s/queue/id:%06u,time:0,orig:%s", out_dir, id, use_name);
nfn = alloc_printf("%s/queue/id:%06u,time:0,orig:%s", out_dir, id,
use_name);
#else
@ -1563,8 +1565,10 @@ void check_cpu_governor(void) {
" You can later go back to the original state by replacing "
"'performance'\n"
" with 'ondemand' or 'powersave'. If you don't want to change the settings,\n"
" set AFL_SKIP_CPUFREQ to make afl-fuzz skip this check - but expect some\n"
" with 'ondemand' or 'powersave'. If you don't want to change the "
"settings,\n"
" set AFL_SKIP_CPUFREQ to make afl-fuzz skip this check - but expect "
"some\n"
" performance drop.\n",
min / 1024, max / 1024);
FATAL("Suboptimal CPU scaling governor");
@ -1609,7 +1613,8 @@ void check_cpu_governor(void) {
void get_core_count(void) {
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
defined(__DragonFly__)
size_t s = sizeof(cpu_core_count);
@ -1655,7 +1660,8 @@ void get_core_count(void) {
cur_runnable = (u32)get_runnable_processes();
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__)
#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \
defined(__DragonFly__)
/* Add ourselves, since the 1-minute average doesn't include that yet. */

15
src/afl-fuzz-one.c
View File

@ -480,8 +480,7 @@ u8 fuzz_one_original(char** argv) {
if (perf_score == 0) goto abandon_entry;
if (use_radamsa > 1)
goto radamsa_stage;
if (use_radamsa > 1) goto radamsa_stage;
if (custom_mutator) {
@ -541,6 +540,7 @@ u8 fuzz_one_original(char** argv) {
? queue_cur->depth * 30
: havoc_max_mult * 100)) ||
queue_cur->passed_det) {
if (use_radamsa > 1)
goto radamsa_stage;
else
@ -549,12 +549,14 @@ u8 fuzz_one_original(char** argv) {
#else
goto havoc_stage;
#endif
}
/* Skip deterministic fuzzing if exec path checksum puts this out of scope
for this master instance. */
if (master_max && (queue_cur->exec_cksum % master_max) != master_id - 1) {
if (use_radamsa > 1)
goto radamsa_stage;
else
@ -563,6 +565,7 @@ u8 fuzz_one_original(char** argv) {
#else
goto havoc_stage;
#endif
}
doing_det = 1;
@ -2279,11 +2282,9 @@ retry_splicing:
ret_val = 0;
goto radamsa_stage;
radamsa_stage:
if (!use_radamsa || !radamsa_mutate_ptr)
goto abandon_entry;
if (!use_radamsa || !radamsa_mutate_ptr) goto abandon_entry;
stage_name = "radamsa";
stage_short = "radamsa";
@ -2302,7 +2303,9 @@ radamsa_stage:
u8* tmp_buf;
for (stage_cur = 0; stage_cur < stage_max; ++stage_cur) {
u32 new_len = radamsa_mutate_ptr(save_buf, len, new_buf, max_len, get_rand_seed());
u32 new_len =
radamsa_mutate_ptr(save_buf, len, new_buf, max_len, get_rand_seed());
if (new_len) {

11
src/afl-fuzz-stats.c
View File

@ -576,11 +576,12 @@ void show_stats(void) {
" imported : " cRST "%-10s" bSTG bV "\n",
tmp, sync_id ? DI(queued_imported) : (u8*)"n/a");
sprintf(tmp, "%s/%s, %s/%s, %s/%s, %s/%s, %s/%s", DI(stage_finds[STAGE_HAVOC]),
DI(stage_cycles[STAGE_HAVOC]), DI(stage_finds[STAGE_SPLICE]),
DI(stage_cycles[STAGE_SPLICE]), DI(stage_finds[STAGE_PYTHON]),
DI(stage_cycles[STAGE_PYTHON]), DI(stage_finds[STAGE_RADAMSA]),
DI(stage_cycles[STAGE_RADAMSA]), DI(stage_finds[STAGE_CUSTOM_MUTATOR]),
sprintf(tmp, "%s/%s, %s/%s, %s/%s, %s/%s, %s/%s",
DI(stage_finds[STAGE_HAVOC]), DI(stage_cycles[STAGE_HAVOC]),
DI(stage_finds[STAGE_SPLICE]), DI(stage_cycles[STAGE_SPLICE]),
DI(stage_finds[STAGE_PYTHON]), DI(stage_cycles[STAGE_PYTHON]),
DI(stage_finds[STAGE_RADAMSA]), DI(stage_cycles[STAGE_RADAMSA]),
DI(stage_finds[STAGE_CUSTOM_MUTATOR]),
DI(stage_cycles[STAGE_CUSTOM_MUTATOR]));
SAYF(bV bSTOP "havoc/custom : " cRST "%-36s " bSTG bV bSTOP, tmp);

26
src/afl-fuzz.c
View File

@ -51,8 +51,7 @@ static u8* get_libradamsa_path(u8* own_loc) {
cp = alloc_printf("%s/libradamsa.so", own_copy);
ck_free(own_copy);
if (!access(cp, X_OK))
return cp;
if (!access(cp, X_OK)) return cp;
} else
@ -70,7 +69,8 @@ static u8* get_libradamsa_path(u8* own_loc) {
}
SAYF("\n" cLRD "[-] " cRST
SAYF(
"\n" cLRD "[-] " cRST
"Oops, unable to find the 'libradamsa.so' binary. The binary must be "
"built\n"
" separately using 'make radamsa'. If you already have the binary "
@ -109,10 +109,12 @@ static void usage(u8* argv0) {
" -m megs - memory limit for child process (%d MB)\n"
" -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine mode)\n\n"
" -W - use qemu-based instrumentation with Wine (Wine "
"mode)\n\n"
"Mutator settings:\n"
" -R[R] - add Radamsa as mutator, add another -R to exclusivly run it\n"
" -R[R] - add Radamsa as mutator, add another -R to exclusivly "
"run it\n"
" -L minutes - use MOpt(imize) mode and set the limit time for "
"entering the\n"
" pacemaker mode (minutes of no new paths, 0 = "
@ -184,8 +186,7 @@ int main(int argc, char** argv) {
struct timeval tv;
struct timezone tz;
SAYF(cCYA
"afl-fuzz" VERSION cRST
SAYF(cCYA "afl-fuzz" VERSION cRST
" based on afl by Michal Zalewski and a big online community\n");
doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
@ -609,10 +610,12 @@ int main(int argc, char** argv) {
void (*radamsa_init_ptr)(void) = dlsym(handle, "radamsa_init");
radamsa_mutate_ptr = dlsym(handle, "radamsa");
if (!radamsa_init_ptr || !radamsa_mutate_ptr) FATAL("Failed to dlsym() libradamsa");
if (!radamsa_init_ptr || !radamsa_mutate_ptr)
FATAL("Failed to dlsym() libradamsa");
/* randamsa_init installs some signal hadlers, call it before setup_signal_handlers
so that AFL++ can then replace those signal handlers */
/* randamsa_init installs some signal hadlers, call it before
setup_signal_handlers so that AFL++ can then replace those signal
handlers */
radamsa_init_ptr();
}
@ -648,8 +651,7 @@ int main(int argc, char** argv) {
}
if (getenv("AFL_DISABLE_TRIM"))
disable_trim = 1;
if (getenv("AFL_DISABLE_TRIM")) disable_trim = 1;
if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI"))
FATAL("AFL_NO_UI and AFL_FORCE_UI are mutually exclusive");

3
src/afl-gotcpu.c
View File

@ -52,7 +52,8 @@
#include "types.h"
#include "debug.h"
#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__) || defined(__DragonFly__)
#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || \
defined(__APPLE__) || defined(__DragonFly__)
#define HAVE_AFFINITY 1
#if defined(__FreeBSD__) || defined(__DragonFly__)
#include <pthread.h>

2
unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h
View File

@ -171,4 +171,6 @@ void HELPER(afl_compcov_log_64)(void* uc_ptr, uint64_t cur_loc, uint64_t arg1,
}
}
*/