ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 02:28:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

shmem release fix

Browse Source
This commit is contained in:
van Hauser
2020-06-25 22:02:02 +02:00
parent 8d5eb9487d
commit 171b1923e9
7 changed files with 107 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
src/afl-tmin.c
View File

@ -80,10 +80,16 @@ static u8 crash_mode, /* Crash-centric mode? */
hang_mode, /* Minimize as long as it hangs */
exit_crash, /* Treat non-zero exit as crash? */
edges_only, /* Ignore hit counts? */
exact_mode; /* Require path match for crashes? */
exact_mode, /* Require path match for crashes? */
remove_out_file, /* remove out_file on exit? */
remove_shm = 1; /* remove shmem on exit? */
static volatile u8 stop_soon; /* Ctrl-C pressed? */
static afl_forkserver_t *fsrv;
static sharedmem_t shm;
static sharedmem_t * shm_fuzz;
/*
* forkserver section
*/
@ -105,6 +111,17 @@ static const u8 count_class_lookup[256] = {
};
static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv,
sharedmem_t * shm_fuzz) {
afl_shm_deinit(shm_fuzz);
fsrv->support_shmem_fuzz = 0;
fsrv->shmem_fuzz = NULL;
ck_free(shm_fuzz);
return NULL;
}
/* Apply mask to classified bitmap (if set). */
static void apply_mask(u32 *mem, u32 *mask) {
@ -169,7 +186,15 @@ static inline u8 anything_set(afl_forkserver_t *fsrv) {
static void at_exit_handler(void) {
if (remove_shm) {
if (shm.map) afl_shm_deinit(&shm);
if (fsrv->use_shmem_fuzz) deinit_shmem(fsrv, shm_fuzz);
}
afl_fsrv_killall();
if (remove_out_file) unlink(out_file);
}
@ -623,6 +648,7 @@ static void set_up_environment(afl_forkserver_t *fsrv) {
}
out_file = alloc_printf("%s/.afl-tmin-temp-%u", use_dir, (u32)getpid());
remove_out_file = 1;
}
@ -802,17 +828,6 @@ static void usage(u8 *argv0) {
}
static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv,
sharedmem_t * shm_fuzz) {
afl_shm_deinit(shm_fuzz);
fsrv->support_shmem_fuzz = 0;
fsrv->shmem_fuzz = NULL;
ck_free(shm_fuzz);
return NULL;
}
/* Main entry point */
int main(int argc, char **argv_orig, char **envp) {
@ -823,8 +838,8 @@ int main(int argc, char **argv_orig, char **envp) {
char **argv = argv_cpy_dup(argc, argv_orig);
afl_forkserver_t fsrv_var = {0};
afl_forkserver_t *fsrv = &fsrv_var;
afl_forkserver_t fsrv_var = {0};
fsrv = &fsrv_var;
afl_fsrv_init(fsrv);
map_size = get_map_size();
fsrv->map_size = map_size;
@ -1021,7 +1036,6 @@ int main(int argc, char **argv_orig, char **envp) {
check_environment_vars(envp);
sharedmem_t shm = {0};
fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
atexit(at_exit_handler);
@ -1063,8 +1077,8 @@ int main(int argc, char **argv_orig, char **envp) {
SAYF("\n");
sharedmem_t *shm_fuzz = ck_alloc(sizeof(sharedmem_t));
u8 * map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1);
shm_fuzz = ck_alloc(sizeof(sharedmem_t));
u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1);
if (!map) { FATAL("BUG: Zero return from afl_shm_init."); }
#ifdef USEMMAP
setenv(SHM_FUZZ_ENV_VAR, shm_fuzz->g_shm_file_path, 1);
@ -1138,6 +1152,7 @@ int main(int argc, char **argv_orig, char **envp) {
OKF("We're done here. Have a nice day!\n");
remove_shm = 0;
afl_shm_deinit(&shm);
if (fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
afl_fsrv_deinit(fsrv);