From 2956b9cc4ca46631373b28fdb59c8ffa77538560 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 13 Dec 2024 11:05:17 +0100 Subject: [PATCH] support LLVMFuzzerTestOneInput archive targets --- docs/Changelog.md | 2 ++ src/afl-cc.c | 78 +++++++++++++++++++++++++---------------------- 2 files changed, 43 insertions(+), 37 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 8594d068..c8c817df 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -7,6 +7,8 @@ ### Version ++4.31a (dev) - loose file and shared memory permissions on Android and iPhone - afl-cc: + - -fsanitize=fuzzer now inserts libAFLDriver.a addtionally early to help + compiling if LLVMFuzzerTestOneOnput is in an .a archive - added __sanitizer_weak_hook_* functions (in case that is helpful in weird setups) diff --git a/src/afl-cc.c b/src/afl-cc.c index 83984e91..b793a6fc 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1764,6 +1764,41 @@ static u8 fsanitize_fuzzer_comma(char *string) { } +/* Add params to link with libAFLDriver.a on request */ +static void add_aflpplib(aflcc_state_t *aflcc) { + + if (!aflcc->need_aflpplib) return; + + u8 *afllib = find_object(aflcc, "libAFLDriver.a"); + + if (!be_quiet) { + + OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a"); + + } + + if (!afllib) { + + if (!be_quiet) { + + WARNF( + "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in " + "the flags - this will fail!"); + + } + + } else { + + insert_param(aflcc, afllib); + +#ifdef __APPLE__ + insert_param(aflcc, "-Wl,-undefined,dynamic_lookup"); +#endif + + } + +} + /* Parse and process possible -fsanitize related args, return PARAM_MISS if nothing matched. We have 3 main tasks here for these args: @@ -1777,6 +1812,7 @@ static u8 fsanitize_fuzzer_comma(char *string) { param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { param_st final_ = PARAM_MISS; + u8 insert = 0; // MACRO START #define HAVE_SANITIZER_SCAN_KEEP(v, k) \ @@ -1822,6 +1858,7 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { if (scan) { aflcc->need_aflpplib = 1; + insert = 1; final_ = PARAM_SCAN; } else { @@ -1842,6 +1879,7 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { if (fsanitize_fuzzer_comma(cur_argv_)) { aflcc->need_aflpplib = 1; + insert = 1; final_ = PARAM_SCAN; } @@ -1882,7 +1920,8 @@ param_st parse_fsanitize(aflcc_state_t *aflcc, u8 *cur_argv, u8 scan) { } - if (final_ == PARAM_KEEP) insert_param(aflcc, cur_argv); + if (final_ == PARAM_KEEP) { insert_param(aflcc, cur_argv); } + if (insert) { add_aflpplib(aflcc); } return final_; @@ -2352,41 +2391,6 @@ void add_lto_passes(aflcc_state_t *aflcc) { } -/* Add params to link with libAFLDriver.a on request */ -static void add_aflpplib(aflcc_state_t *aflcc) { - - if (!aflcc->need_aflpplib) return; - - u8 *afllib = find_object(aflcc, "libAFLDriver.a"); - - if (!be_quiet) { - - OKF("Found '-fsanitize=fuzzer', replacing with libAFLDriver.a"); - - } - - if (!afllib) { - - if (!be_quiet) { - - WARNF( - "Cannot find 'libAFLDriver.a' to replace '-fsanitize=fuzzer' in " - "the flags - this will fail!"); - - } - - } else { - - insert_param(aflcc, afllib); - -#ifdef __APPLE__ - insert_param(aflcc, "-Wl,-undefined,dynamic_lookup"); -#endif - - } - -} - /* Add params to link with runtimes depended by our instrumentation */ void add_runtime(aflcc_state_t *aflcc) { @@ -2479,7 +2483,7 @@ void add_runtime(aflcc_state_t *aflcc) { #endif - add_aflpplib(aflcc); + add_aflpplib(aflcc); // double insertion helps compiling #if defined(USEMMAP) && !defined(__HAIKU__) && !__APPLE__ insert_param(aflcc, "-Wl,-lrt");