ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

afl-showmap fix

Browse Source
This commit is contained in:
van Hauser
2020-02-05 17:33:02 +01:00
parent 599f78a4bd
commit 1edc392194
6 changed files with 91 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
afl-cmin
View File

@ -397,7 +397,7 @@ BEGIN {
system( "AFL_CMIN_ALLOW_ANY=1 \""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/"fn"\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"fn"\"") system( "AFL_CMIN_ALLOW_ANY=1 \""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/"fn"\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"fn"\"")
} }
} else { } else {
printf " Processing "in_count" files (forkserver mode)..." printf " Processing "in_count" files (forkserver mode)...\n"
system( "AFL_CMIN_ALLOW_ANY=1 \""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string" </dev/null") system( "AFL_CMIN_ALLOW_ANY=1 \""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string" </dev/null")
} }

8
libdislocator/libdislocator.so.c
View File

@ -66,7 +66,13 @@
#if __STDC_VERSION__ < 201112L #if __STDC_VERSION__ < 201112L
// use this hack if not C11 // use this hack if not C11
typedef struct { long long __ll; long double __ld; } max_align_t; typedef struct {
long long __ll;
long double __ld;
} max_align_t;
#endif #endif
#define ALLOC_ALIGN_SIZE (_Alignof(max_align_t)) #define ALLOC_ALIGN_SIZE (_Alignof(max_align_t))

6
llvm_mode/afl-clang-fast.c
View File

@ -299,13 +299,13 @@ static void edit_params(u32 argc, char** argv) {
cc_params[cc_par_cnt++] = "-fsanitize=memory"; cc_params[cc_par_cnt++] = "-fsanitize=memory";
} }
if (getenv("AFL_USE_UBSAN")) { if (getenv("AFL_USE_UBSAN")) {
cc_params[cc_par_cnt++] = "-fsanitize=undefined"; cc_params[cc_par_cnt++] = "-fsanitize=undefined";
cc_params[cc_par_cnt++] = "-fsanitize-undefined-trap-on-error"; cc_params[cc_par_cnt++] = "-fsanitize-undefined-trap-on-error";
cc_params[cc_par_cnt++] = "-fno-sanitize-recover=all"; cc_params[cc_par_cnt++] = "-fno-sanitize-recover=all";
} }
} }

30
src/afl-common.c
View File

@ -72,23 +72,27 @@ void detect_file_args(char** argv, u8* prog_in) {
if (!prog_in) FATAL("@@ syntax is not supported by this tool."); if (!prog_in) FATAL("@@ syntax is not supported by this tool.");
/* Be sure that we're always using fully-qualified paths. */
if (prog_in[0] == '/')
aa_subst = prog_in;
else
aa_subst = alloc_printf("%s/%s", cwd, prog_in);
use_stdin = 0; use_stdin = 0;
/* Construct a replacement argv value. */ if (prog_in[0] != 0) { // not afl-showmap special case
*aa_loc = 0; /* Be sure that we're always using fully-qualified paths. */
n_arg = alloc_printf("%s%s%s", argv[i], aa_subst, aa_loc + 2);
argv[i] = n_arg;
*aa_loc = '@';
if (prog_in[0] != '/') ck_free(aa_subst); if (prog_in[0] == '/')
aa_subst = prog_in;
else
aa_subst = alloc_printf("%s/%s", cwd, prog_in);
/* Construct a replacement argv value. */
*aa_loc = 0;
n_arg = alloc_printf("%s%s%s", argv[i], aa_subst, aa_loc + 2);
argv[i] = n_arg;
*aa_loc = '@';
if (prog_in[0] != '/') ck_free(aa_subst);
}
} }

18
src/afl-fuzz-stats.c
View File

@ -334,9 +334,9 @@ void show_stats(void) {
/* Lord, forgive me this. */ /* Lord, forgive me this. */
SAYF(SET_G1 bSTG bLT bH bSTOP cCYA SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
" overall results " bSTG bH2 bH2 bRT "\n"); " overall results " bSTG bH2 bH2 bRT "\n");
if (dumb_mode) { if (dumb_mode) {
@ -413,9 +413,9 @@ void show_stats(void) {
" uniq hangs : " cRST "%-6s" bSTG bV "\n", " uniq hangs : " cRST "%-6s" bSTG bV "\n",
DTD(cur_ms, last_hang_time), tmp); DTD(cur_ms, last_hang_time), tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
" map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
/* This gets funny because we want to print several variable-length variables /* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to together, but then cram them into a fixed-width field - so we need to
@ -443,9 +443,9 @@ void show_stats(void) {
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored), sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored),
((double)queued_favored) * 100 / queued_paths); ((double)queued_favored) * 100 / queued_paths);
@ -514,7 +514,7 @@ void show_stats(void) {
/* Aaaalmost there... hold on! */ /* Aaaalmost there... hold on! */
SAYF(bVR bH cCYA bSTOP SAYF(bVR bH cCYA bSTOP
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
" path geometry " bSTG bH5 bH2 bVL "\n"); " path geometry " bSTG bH5 bH2 bVL "\n");
@ -765,8 +765,8 @@ void show_init_stats(void) {
WARNF(cLRD "Some test cases are huge (%s) - see %s/perf_tips.md!", WARNF(cLRD "Some test cases are huge (%s) - see %s/perf_tips.md!",
DMS(max_len), doc_path); DMS(max_len), doc_path);
else if (max_len > 10 * 1024) else if (max_len > 10 * 1024)
WARNF("Some test cases are big (%s) - see %s/perf_tips.md.", WARNF("Some test cases are big (%s) - see %s/perf_tips.md.", DMS(max_len),
DMS(max_len), doc_path); doc_path);
if (useless_at_start && !in_bitmap) if (useless_at_start && !in_bitmap)
WARNF(cLRD "Some test cases look useless. Consider using a smaller set."); WARNF(cLRD "Some test cases look useless. Consider using a smaller set.");

100
src/afl-showmap.c
View File

@ -77,7 +77,7 @@ u8 uses_asan;
u8* trace_bits; /* SHM with instrumentation bitmap */ u8* trace_bits; /* SHM with instrumentation bitmap */
u8 *out_file, /* Trace output file */ u8 *out_file, /* Trace output file */
*stdin_file, /* stdin file */ *stdin_file, /* stdin file */
*in_dir, /* input folder */ *in_dir, /* input folder */
*doc_path, /* Path to docs */ *doc_path, /* Path to docs */
*at_file; /* Substitution string for @@ */ *at_file; /* Substitution string for @@ */
@ -89,8 +89,7 @@ u32 exec_tmout; /* Exec timeout (ms) */
static u32 total, highest; /* tuple content information */ static u32 total, highest; /* tuple content information */
static u32 in_len, /* Input data length */ static u32 in_len, /* Input data length */
arg_offset, arg_offset, total_execs; /* Total number of execs */
total_execs; /* Total number of execs */
u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */
@ -169,7 +168,7 @@ static void at_exit_handler(void) {
/* Write results. */ /* Write results. */
static u32 write_results_to_file(u8 *out_file) { static u32 write_results_to_file(u8* out_file) {
s32 fd; s32 fd;
u32 i, ret = 0; u32 i, ret = 0;
@ -243,7 +242,7 @@ static u32 write_results_to_file(u8 *out_file) {
static u32 write_results(void) { static u32 write_results(void) {
return write_results_to_file(out_file); return write_results_to_file(out_file);
} }
/* Write output file. */ /* Write output file. */
@ -272,16 +271,10 @@ static s32 write_to_file(u8* path, u8* mem, u32 len) {
static void write_to_testcase(void* mem, u32 len) { static void write_to_testcase(void* mem, u32 len) {
if (use_stdin) { lseek(out_fd, 0, SEEK_SET);
ck_write(out_fd, mem, len, out_file);
lseek(out_fd, 0, SEEK_SET); if (ftruncate(out_fd, len)) PFATAL("ftruncate() failed");
lseek(out_fd, 0, SEEK_SET);
ck_write(out_fd, mem, len, out_file);
if (ftruncate(out_fd, len)) PFATAL("ftruncate() failed");
lseek(out_fd, 0, SEEK_SET);
}
} }
@ -383,14 +376,15 @@ static u8 run_target_forkserver(char** argv, u8* mem, u32 len) {
/* Read initial file. */ /* Read initial file. */
u32 read_file(u8 *in_file) { u32 read_file(u8* in_file) {
struct stat st; struct stat st;
s32 fd = open(in_file, O_RDONLY); s32 fd = open(in_file, O_RDONLY);
if (fd < 0) WARNF("Unable to open '%s'", in_file); if (fd < 0) WARNF("Unable to open '%s'", in_file);
if (fstat(fd, &st) || !st.st_size) WARNF("Zero-sized input file '%s'.", in_file); if (fstat(fd, &st) || !st.st_size)
WARNF("Zero-sized input file '%s'.", in_file);
in_len = st.st_size; in_len = st.st_size;
in_data = ck_alloc_nozero(in_len); in_data = ck_alloc_nozero(in_len);
@ -399,9 +393,10 @@ u32 read_file(u8 *in_file) {
close(fd); close(fd);
//OKF("Read %u byte%s from '%s'.", in_len, in_len == 1 ? "" : "s", in_file); // OKF("Read %u byte%s from '%s'.", in_len, in_len == 1 ? "" : "s", in_file);
return in_len; return in_len;
} }
/* Execute target application. */ /* Execute target application. */
@ -643,7 +638,8 @@ static void usage(u8* argv0) {
"Other settings:\n\n" "Other settings:\n\n"
" -i dir - process all files in this directory, -o must be a directory\n" " -i dir - process all files in this directory, -o must be a "
"directory\n"
" and each bitmap will be written there individually.\n" " and each bitmap will be written there individually.\n"
" -q - sink program's output and don't show messages\n" " -q - sink program's output and don't show messages\n"
" -e - show edge coverage only, ignore hit counts\n" " -e - show edge coverage only, ignore hit counts\n"
@ -900,18 +896,17 @@ int main(int argc, char** argv) {
} }
if (in_dir) { if (in_dir) {
if (at_file) PFATAL("Options -A and -i are mutually exclusive"); if (at_file) PFATAL("Options -A and -i are mutually exclusive");
at_file = "@@"; at_file = "@@";
} }
detect_file_args(argv + optind, at_file); detect_file_args(argv + optind, "");
for (i = optind; i < argc; i++) for (i = optind; i < argc; i++)
if (strcmp(argv[i], "@@") == 0) if (strcmp(argv[i], "@@") == 0) arg_offset = i;
arg_offset = i;
if (qemu_mode) { if (qemu_mode) {
@ -926,10 +921,10 @@ int main(int argc, char** argv) {
if (in_dir) { if (in_dir) {
DIR *dir_in, *dir_out; DIR * dir_in, *dir_out;
struct dirent* dir_ent; struct dirent* dir_ent;
int done = 0; int done = 0;
u8 infile[4096], outfile[4096]; u8 infile[4096], outfile[4096];
dev_null_fd = open("/dev/null", O_RDWR); dev_null_fd = open("/dev/null", O_RDWR);
if (dev_null_fd < 0) PFATAL("Unable to open /dev/null"); if (dev_null_fd < 0) PFATAL("Unable to open /dev/null");
@ -940,44 +935,56 @@ int main(int argc, char** argv) {
if (mkdir(out_file, 0700)) if (mkdir(out_file, 0700))
PFATAL("cannot create output directory %s", out_file); PFATAL("cannot create output directory %s", out_file);
if (arg_offset) argv[arg_offset] = infile; u8* use_dir = ".";
else {
u8* use_dir = ".";
if (access(use_dir, R_OK | W_OK | X_OK)) { if (access(use_dir, R_OK | W_OK | X_OK)) {
use_dir = getenv("TMPDIR"); use_dir = getenv("TMPDIR");
if (!use_dir) use_dir = "/tmp"; if (!use_dir) use_dir = "/tmp";
} }
stdin_file = alloc_printf("%s/.afl-tmin-temp-%u", use_dir, getpid());
unlink(stdin_file);
atexit(at_exit_handler);
out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600);
if (out_fd < 0) PFATAL("Unable to create '%s'", out_file);
if (arg_offset) argv[arg_offset] = stdin_file;
if (getenv("AFL_DEBUG")) {
int i = optind;
SAYF(cMGN "[D]" cRST " %s:", target_path);
while (argv[i] != NULL)
SAYF(" \"%s\"", argv[i++]);
SAYF("\n");
SAYF(cMGN "[D]" cRST " %d - %d = %d, %s\n", arg_offset, optind,
arg_offset - optind, infile);
stdin_file = alloc_printf("%s/.afl-tmin-temp-%u", use_dir, getpid());
unlink(stdin_file);
atexit(at_exit_handler);
out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600);
if (out_fd < 0) PFATAL("Unable to create '%s'", out_file);
} }
init_forkserver(use_argv); init_forkserver(use_argv);
while (done == 0 && (dir_ent = readdir(dir_in))) { while (done == 0 && (dir_ent = readdir(dir_in))) {
if (dir_ent->d_name[0] == '.') continue; // skip anything that starts with '.' if (dir_ent->d_name[0] == '.')
if (dir_ent->d_type != DT_REG) continue; // only regular files continue; // skip anything that starts with '.'
if (dir_ent->d_type != DT_REG) continue; // only regular files
snprintf(infile, sizeof(infile), "%s/%s", in_dir, dir_ent->d_name); snprintf(infile, sizeof(infile), "%s/%s", in_dir, dir_ent->d_name);
snprintf(outfile, sizeof(outfile), "%s/%s", out_file, dir_ent->d_name); snprintf(outfile, sizeof(outfile), "%s/%s", out_file, dir_ent->d_name);
if (read_file(infile)) { if (read_file(infile)) {
run_target_forkserver(use_argv, in_data, in_len); run_target_forkserver(use_argv, in_data, in_len);
ck_free(in_data); ck_free(in_data);
tcnt = write_results_to_file(outfile); tcnt = write_results_to_file(outfile);
} }
} }
if (!quiet_mode) OKF("Processed %u input files.", total_execs); if (!quiet_mode) OKF("Processed %u input files.", total_execs);
} else { } else {
@ -998,3 +1005,4 @@ int main(int argc, char** argv) {
exit(child_crashed * 2 + child_timed_out); exit(child_crashed * 2 + child_timed_out);
} }