ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 11:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

unsafe memory speed toggle

Browse Source
This commit is contained in:
van Hauser
2020-02-17 08:25:27 +01:00
parent d41f413016
commit 220804714b
3 changed files with 53 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Changelog.md
View File

@ -13,6 +13,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- use -march=native if available - use -march=native if available
- most tools now check for mistyped environment variables - most tools now check for mistyped environment variables
- the memory safety checks are now disabled for a little more speed during
fuzzing (only affects creating queue entries), can be toggled in config.h
- afl-fuzz: - afl-fuzz:
- now prints the real python version support compiled in - now prints the real python version support compiled in
- set stronger performance compile options and little tweaks - set stronger performance compile options and little tweaks

47
include/alloc-inl.h
View File

@ -34,6 +34,14 @@
#include "types.h" #include "types.h"
#include "debug.h" #include "debug.h"
/* Disable speed hack in debug mode */
#ifdef UNSAFE_MEMORY
#ifdef DEBUG_BUILD
#undef UNSAFE_MEMORY
#endif
#endif
/* User-facing macro to sprintf() to a dynamically allocated buffer. */ /* User-facing macro to sprintf() to a dynamically allocated buffer. */
#define alloc_printf(_str...) \ #define alloc_printf(_str...) \
@ -75,12 +83,23 @@
/* Positions of guard tokens in relation to the user-visible pointer. */ /* Positions of guard tokens in relation to the user-visible pointer. */
#ifndef UNSAFE_MEMORY
#define ALLOC_C1(_ptr) (((u32*)(_ptr))[-2]) #define ALLOC_C1(_ptr) (((u32*)(_ptr))[-2])
#define ALLOC_S(_ptr) (((u32*)(_ptr))[-1]) #define ALLOC_S(_ptr) (((u32*)(_ptr))[-1])
#define ALLOC_C2(_ptr) (((u8*)(_ptr))[ALLOC_S(_ptr)]) #define ALLOC_C2(_ptr) (((u8*)(_ptr))[ALLOC_S(_ptr)])
#else
#define ALLOC_C1(_ptr) (((u32*)(_ptr))[0])
#define ALLOC_S(_ptr) (((u32*)(_ptr))[0])
#define ALLOC_C2(_ptr) (((u8*)(_ptr))[ALLOC_S(_ptr)])
#endif
#define ALLOC_OFF_HEAD 8 #ifndef UNSAFE_MEMORY
#define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1) #define ALLOC_OFF_HEAD 8
#define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1)
#else
#define ALLOC_OFF_HEAD 0
#define ALLOC_OFF_TOTAL 0
#endif
/* Allocator increments for ck_realloc_block(). */ /* Allocator increments for ck_realloc_block(). */
@ -88,6 +107,7 @@
/* Sanity-checking macros for pointers. */ /* Sanity-checking macros for pointers. */
#ifndef UNSAFE_MEMORY
#define CHECK_PTR(_p) \ #define CHECK_PTR(_p) \
do { \ do { \
\ \
@ -105,6 +125,11 @@
} \ } \
\ \
} while (0) } while (0)
#else
#define CHECK_PTR(_p) \
do { \
} while (0)
#endif
/* #define CHECK_PTR(_p) do { \ /* #define CHECK_PTR(_p) do { \
if (_p) { \ if (_p) { \
@ -146,11 +171,13 @@ static inline void* DFL_ck_alloc_nozero(u32 size) {
ret = malloc(size + ALLOC_OFF_TOTAL); ret = malloc(size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size); ALLOC_CHECK_RESULT(ret, size);
#ifndef UNSAFE_MEMORY
ret += ALLOC_OFF_HEAD; ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1; ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size; ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2; ALLOC_C2(ret) = ALLOC_MAGIC_C2;
#endif
return (void*)ret; return (void*)ret;
@ -185,7 +212,9 @@ static inline void DFL_ck_free(void* mem) {
#endif /* DEBUG_BUILD */ #endif /* DEBUG_BUILD */
#ifndef UNSAFE_MEMORY
ALLOC_C1(mem) = ALLOC_MAGIC_F; ALLOC_C1(mem) = ALLOC_MAGIC_F;
#endif
u8* realStart = mem; u8* realStart = mem;
free(realStart - ALLOC_OFF_HEAD); free(realStart - ALLOC_OFF_HEAD);
@ -212,16 +241,20 @@ static inline void* DFL_ck_realloc(void* orig, u32 size) {
CHECK_PTR(orig); CHECK_PTR(orig);
#ifndef UNSAFE_MEMORY
#ifndef DEBUG_BUILD #ifndef DEBUG_BUILD
ALLOC_C1(orig) = ALLOC_MAGIC_F; ALLOC_C1(orig) = ALLOC_MAGIC_F;
#endif /* !DEBUG_BUILD */ #endif /* !DEBUG_BUILD */
#endif
#ifndef UNSAFE_MEMORY
old_size = ALLOC_S(orig); old_size = ALLOC_S(orig);
u8* origu8 = orig; u8* origu8 = orig;
origu8 -= ALLOC_OFF_HEAD; origu8 -= ALLOC_OFF_HEAD;
orig = origu8; orig = origu8;
ALLOC_CHECK_SIZE(old_size); ALLOC_CHECK_SIZE(old_size);
#endif
} }
@ -254,11 +287,13 @@ static inline void* DFL_ck_realloc(void* orig, u32 size) {
#endif /* ^!DEBUG_BUILD */ #endif /* ^!DEBUG_BUILD */
#ifdef UNSAFE_MEMORY
ret += ALLOC_OFF_HEAD; ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1; ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size; ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2; ALLOC_C2(ret) = ALLOC_MAGIC_C2;
#endif
if (size > old_size) memset(ret + old_size, 0, size - old_size); if (size > old_size) memset(ret + old_size, 0, size - old_size);
@ -277,7 +312,9 @@ static inline void* DFL_ck_realloc_block(void* orig, u32 size) {
CHECK_PTR(orig); CHECK_PTR(orig);
#ifndef UNSAFE_MEMORY
if (ALLOC_S(orig) >= size) return orig; if (ALLOC_S(orig) >= size) return orig;
#endif
size += ALLOC_BLK_INC; size += ALLOC_BLK_INC;
@ -304,11 +341,13 @@ static inline u8* DFL_ck_strdup(u8* str) {
ret = malloc(size + ALLOC_OFF_TOTAL); ret = malloc(size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size); ALLOC_CHECK_RESULT(ret, size);
#ifdef UNSAFE_MEMORY
ret += ALLOC_OFF_HEAD; ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1; ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size; ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2; ALLOC_C2(ret) = ALLOC_MAGIC_C2;
#endif
return memcpy(ret, str, size); return memcpy(ret, str, size);
@ -327,11 +366,13 @@ static inline void* DFL_ck_memdup(void* mem, u32 size) {
ret = malloc(size + ALLOC_OFF_TOTAL); ret = malloc(size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size); ALLOC_CHECK_RESULT(ret, size);
#ifdef UNSAFE_MEMORY
ret += ALLOC_OFF_HEAD; ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1; ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size; ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2; ALLOC_C2(ret) = ALLOC_MAGIC_C2;
#endif
return memcpy(ret, mem, size); return memcpy(ret, mem, size);
@ -350,11 +391,13 @@ static inline u8* DFL_ck_memdup_str(u8* mem, u32 size) {
ret = malloc(size + ALLOC_OFF_TOTAL + 1); ret = malloc(size + ALLOC_OFF_TOTAL + 1);
ALLOC_CHECK_RESULT(ret, size); ALLOC_CHECK_RESULT(ret, size);
#ifdef UNSAFE_MEMORY
ret += ALLOC_OFF_HEAD; ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1; ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size; ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2; ALLOC_C2(ret) = ALLOC_MAGIC_C2;
#endif
memcpy(ret, mem, size); memcpy(ret, mem, size);
ret[size] = 0; ret[size] = 0;

6
include/config.h
View File

@ -46,6 +46,12 @@
#define FANCY_BOXES #define FANCY_BOXES
#endif #endif
/* Comment out to have safe memory checks (security in ck_ functions).
This will cost a little speed, so disable when developing on how
the queue works */
#define UNSAFE_MEMORY
/* Default timeout for fuzzed code (milliseconds). This is the upper bound, /* Default timeout for fuzzed code (milliseconds). This is the upper bound,
also used for detecting hangs; the actual value is auto-scaled: */ also used for detecting hangs; the actual value is auto-scaled: */