ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 11:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed segfault because wrong order in args

Browse Source
This commit is contained in:
Edznux
2020-10-06 23:23:45 +02:00
parent 3d7bdc9f0b
commit 17abe7d36e
2 changed files with 83 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/afl-fuzz.h
View File

@ -642,6 +642,7 @@ typedef struct afl_state {
char * statsd_tags_flavor; char * statsd_tags_flavor;
char * statsd_tags_format; char * statsd_tags_format;
char * statsd_metric_format; char * statsd_metric_format;
int statsd_metric_format_type;
double stats_avg_exec; double stats_avg_exec;

137
src/afl-fuzz-statsd.c
View File

@ -36,70 +36,74 @@
#define SIGNALFX_TAGS_FORMAT "[banner=%s,afl_version=%s]" #define SIGNALFX_TAGS_FORMAT "[banner=%s,afl_version=%s]"
// For DogstatsD // For DogstatsD
#define STATSD_TAGS_AFTER_METRICS \ #define STATSD_TAGS_TYPE_SUFFIX 1
METRIC_PREFIX \ #define STATSD_TAGS_SUFFIX_METRICS \
".cycle_done:%llu|g%s\n" METRIC_PREFIX \ METRIC_PREFIX \
".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX \ ".cycle_done:%llu|g%s\n" METRIC_PREFIX \
".execs_done:%llu|g%s\n" METRIC_PREFIX \ ".cycles_wo_finds:%llu|g%s\n" METRIC_PREFIX \
".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX \ ".execs_done:%llu|g%s\n" METRIC_PREFIX \
".paths_total:%u|g%s\n" METRIC_PREFIX \ ".execs_per_sec:%0.02f|g%s\n" METRIC_PREFIX \
".paths_favored:%u|g%s\n" METRIC_PREFIX \ ".paths_total:%u|g%s\n" METRIC_PREFIX \
".paths_found:%u|g%s\n" METRIC_PREFIX \ ".paths_favored:%u|g%s\n" METRIC_PREFIX \
".paths_imported:%u|g%s\n" METRIC_PREFIX \ ".paths_found:%u|g%s\n" METRIC_PREFIX \
".max_depth:%u|g%s\n" METRIC_PREFIX ".cur_path:%u|g%s\n" METRIC_PREFIX \ ".paths_imported:%u|g%s\n" METRIC_PREFIX ".max_depth:%u|g%s\n" METRIC_PREFIX \
".pending_favs:%u|g%s\n" METRIC_PREFIX \ ".cur_path:%u|g%s\n" METRIC_PREFIX ".pending_favs:%u|g%s\n" METRIC_PREFIX \
".pending_total:%u|g%s\n" METRIC_PREFIX \ ".pending_total:%u|g%s\n" METRIC_PREFIX \
".variable_paths:%u|g%s\n" METRIC_PREFIX \ ".variable_paths:%u|g%s\n" METRIC_PREFIX \
".unique_crashes:%llu|g%s\n" METRIC_PREFIX \ ".unique_crashes:%llu|g%s\n" METRIC_PREFIX \
".unique_hangs:%llu|g%s\n" METRIC_PREFIX \ ".unique_hangs:%llu|g%s\n" METRIC_PREFIX \
".total_crashes:%llu|g%s\n" METRIC_PREFIX \ ".total_crashes:%llu|g%s\n" METRIC_PREFIX \
".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX \ ".slowest_exec_ms:%u|g%s\n" METRIC_PREFIX \
".edges_found:%u|g%s\n" METRIC_PREFIX \ ".edges_found:%u|g%s\n" METRIC_PREFIX \
".var_byte_count:%u|g%s\n" METRIC_PREFIX ".havoc_expansion:%u|g%s\n" ".var_byte_count:%u|g%s\n" METRIC_PREFIX ".havoc_expansion:%u|g%s\n"
// For Librato, InfluxDB, SignalFX // For Librato, InfluxDB, SignalFX
#define STATSD_TAGS_MID_METRICS \ #define STATSD_TAGS_TYPE_MID 2
METRIC_PREFIX \ #define STATSD_TAGS_MID_METRICS \
".cycle_done%s:%llu|g\n" METRIC_PREFIX \ METRIC_PREFIX \
".cycles_wo_finds%s:%llu|g\n" METRIC_PREFIX \ ".cycle_done%s:%llu|g\n" METRIC_PREFIX \
".execs_done%s:%llu|g\n" METRIC_PREFIX \ ".cycles_wo_finds%s:%llu|g\n" METRIC_PREFIX \
".execs_per_sec%s:%0.02f|g\n" METRIC_PREFIX \ ".execs_done%s:%llu|g\n" METRIC_PREFIX \
".paths_total%s:%u|g\n" METRIC_PREFIX \ ".execs_per_sec%s:%0.02f|g\n" METRIC_PREFIX \
".paths_favored%s:%u|g\n" METRIC_PREFIX \ ".paths_total%s:%u|g\n" METRIC_PREFIX \
".paths_found%s:%u|g\n" METRIC_PREFIX \ ".paths_favored%s:%u|g\n" METRIC_PREFIX \
".paths_imported%s:%u|g\n" METRIC_PREFIX \ ".paths_found%s:%u|g\n" METRIC_PREFIX \
".max_depth%s:%u|g\n" METRIC_PREFIX ".cur_path%s:%u|g\n" METRIC_PREFIX \ ".paths_imported%s:%u|g\n" METRIC_PREFIX ".max_depth%s:%u|g\n" METRIC_PREFIX \
".pending_favs%s:%u|g\n" METRIC_PREFIX \ ".cur_path%s:%u|g\n" METRIC_PREFIX ".pending_favs%s:%u|g\n" METRIC_PREFIX \
".pending_total%s:%u|g\n" METRIC_PREFIX \ ".pending_total%s:%u|g\n" METRIC_PREFIX \
".variable_paths%s:%u|g\n" METRIC_PREFIX \ ".variable_paths%s:%u|g\n" METRIC_PREFIX \
".unique_crashes%s:%llu|g\n" METRIC_PREFIX \ ".unique_crashes%s:%llu|g\n" METRIC_PREFIX \
".unique_hangs%s:%llu|g\n" METRIC_PREFIX \ ".unique_hangs%s:%llu|g\n" METRIC_PREFIX \
".total_crashes%s:%llu|g\n" METRIC_PREFIX \ ".total_crashes%s:%llu|g\n" METRIC_PREFIX \
".slowest_exec_ms%s:%u|g\n" METRIC_PREFIX \ ".slowest_exec_ms%s:%u|g\n" METRIC_PREFIX \
".edges_found%s:%u|g\n" METRIC_PREFIX \ ".edges_found%s:%u|g\n" METRIC_PREFIX \
".var_byte_count%s:%u|g\n" METRIC_PREFIX ".havoc_expansion%s:%u|g\n" ".var_byte_count%s:%u|g\n" METRIC_PREFIX ".havoc_expansion%s:%u|g\n"
void statsd_setup_format(afl_state_t *afl) { void statsd_setup_format(afl_state_t *afl) {
if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "dogstatsd") == 0) { if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "dogstatsd") == 0) {
afl->statsd_tags_format = DOGSTATSD_TAGS_FORMAT; afl->statsd_tags_format = DOGSTATSD_TAGS_FORMAT;
afl->statsd_metric_format = STATSD_TAGS_AFTER_METRICS; afl->statsd_metric_format = STATSD_TAGS_SUFFIX_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_SUFFIX;
} else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "librato") == 0) { } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "librato") == 0) {
afl->statsd_tags_format = LIBRATO_TAGS_FORMAT; afl->statsd_tags_format = LIBRATO_TAGS_FORMAT;
afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID;
} else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "influxdb") == 0) { } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "influxdb") == 0) {
afl->statsd_tags_format = INFLUXDB_TAGS_FORMAT; afl->statsd_tags_format = INFLUXDB_TAGS_FORMAT;
afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID;
} else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "signalfx") == 0) { } else if (strcmp(afl->afl_env.afl_statsd_tags_flavor, "signalfx") == 0) {
afl->statsd_tags_format = SIGNALFX_TAGS_FORMAT; afl->statsd_tags_format = SIGNALFX_TAGS_FORMAT;
afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID;
} else { } else {
@ -108,6 +112,7 @@ void statsd_setup_format(afl_state_t *afl) {
// Still need to pick a format. Doesn't change anything since if will be // Still need to pick a format. Doesn't change anything since if will be
// replaced by the empty string anyway. // replaced by the empty string anyway.
afl->statsd_metric_format = STATSD_TAGS_MID_METRICS; afl->statsd_metric_format = STATSD_TAGS_MID_METRICS;
afl->statsd_metric_format_type = STATSD_TAGS_TYPE_MID;
} }
@ -188,7 +193,7 @@ int statsd_send_metric(afl_state_t *afl) {
(struct sockaddr *)&afl->statsd_server, (struct sockaddr *)&afl->statsd_server,
sizeof(afl->statsd_server)) == -1) { sizeof(afl->statsd_server)) == -1) {
if (!close(afl->statsd_sock)) { FATAL("Cannot close socket"); } if (!close(afl->statsd_sock)) { PFATAL("Cannot close socket"); }
afl->statsd_sock = 0; afl->statsd_sock = 0;
WARNF("Cannot sendto"); WARNF("Cannot sendto");
return -1; return -1;
@ -208,19 +213,41 @@ int statsd_format_metric(afl_state_t *afl, char *buff, size_t bufflen) {
/* Sends multiple metrics with one UDP Packet. /* Sends multiple metrics with one UDP Packet.
bufflen will limit to the max safe size. bufflen will limit to the max safe size.
*/ */
snprintf(buff, bufflen, afl->statsd_metric_format, if (afl->statsd_metric_format_type == STATSD_TAGS_TYPE_SUFFIX) {
afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags,
afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags, snprintf(buff, bufflen, afl->statsd_metric_format,
afl->fsrv.total_execs / afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags,
((double)(get_cur_time() - afl->start_time) / 1000), afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags,
tags, afl->queued_paths, tags, afl->queued_favored, tags, afl->fsrv.total_execs /
afl->queued_discovered, tags, afl->queued_imported, tags, ((double)(get_cur_time() - afl->start_time) / 1000),
afl->max_depth, tags, afl->current_entry, tags, afl->pending_favored, tags, afl->queued_paths, tags, afl->queued_favored, tags,
tags, afl->pending_not_fuzzed, tags, afl->queued_variable, tags, afl->queued_discovered, tags, afl->queued_imported, tags,
afl->unique_crashes, tags, afl->unique_hangs, tags, afl->max_depth, tags, afl->current_entry, tags,
afl->total_crashes, tags, afl->slowest_exec_ms, tags, afl->pending_favored, tags, afl->pending_not_fuzzed, tags,
count_non_255_bytes(afl, afl->virgin_bits), tags, afl->queued_variable, tags, afl->unique_crashes, tags,
afl->var_byte_count, tags, afl->expand_havoc, tags); afl->unique_hangs, tags, afl->total_crashes, tags,
afl->slowest_exec_ms, tags,
count_non_255_bytes(afl, afl->virgin_bits), tags,
afl->var_byte_count, tags, afl->expand_havoc, tags);
} else if (afl->statsd_metric_format_type == STATSD_TAGS_TYPE_MID) {
snprintf(buff, bufflen, afl->statsd_metric_format, tags,
afl->queue_cycle ? (afl->queue_cycle - 1) : 0, tags,
afl->cycles_wo_finds, tags, afl->fsrv.total_execs, tags,
afl->fsrv.total_execs /
((double)(get_cur_time() - afl->start_time) / 1000),
tags, afl->queued_paths, tags, afl->queued_favored, tags,
afl->queued_discovered, tags, afl->queued_imported, tags,
afl->max_depth, tags, afl->current_entry, tags,
afl->pending_favored, tags, afl->pending_not_fuzzed, tags,
afl->queued_variable, tags, afl->unique_crashes, tags,
afl->unique_hangs, tags, afl->total_crashes, tags,
afl->slowest_exec_ms, tags,
count_non_255_bytes(afl, afl->virgin_bits), tags,
afl->var_byte_count, tags, afl->expand_havoc);
}
return 0; return 0;