mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-09 08:41:32 +00:00
merge conflict
This commit is contained in:
Andrea Fioraldi
commit
2d650f8c22
@ -54,6 +54,6 @@ script:
|
||||
- sudo sysctl -w kernel.shmmax=10000000000
|
||||
- if [ "$TRAVIS_OS_NAME" = "osx" ]; then export LLVM_CONFIG=`pwd`/"$NAME" ; make source-only ASAN_BUILD=1 ; fi
|
||||
- if [ "$TRAVIS_OS_NAME" = "linux" -a "$TRAVIS_CPU_ARCH" = "amd64" ]; then make distrib ASAN_BUILD=1 ; fi
|
||||
- if [ "$TRAVIS_CPU_ARCH" = "arm64" ] ; then echo DEBUG ; find / -name llvm-config.h 2>/dev/null; apt-cache search clang | grep clang- ; apt-cache search llvm | grep llvm- ; dpkg -l | egrep 'clang|llvm'; echo DEBUG ; export LLVM_CONFIG=llvm-config-6.0 ; make ASAN_BUILD=1 ; cd qemu_mode && sh ./build_qemu_support.sh ; cd .. ; fi
|
||||
- if [ "$TRAVIS_CPU_ARCH" = "arm64" ] ; then export LLVM_CONFIG=llvm-config-6.0 ; make ASAN_BUILD=1 ; cd qemu_mode && sh ./build_qemu_support.sh ; cd .. ; fi
|
||||
- make tests
|
||||
# - travis_terminate 0
|
||||
|
||||
28
README.md
28
README.md
@ -39,19 +39,19 @@
|
||||
with laf-intel and redqueen, unicorn mode, gcc plugin, full *BSD, Solaris and
|
||||
Android support and much, much, much more.
|
||||
|
||||
| Feature/Instrumentation | afl-gcc | llvm_mode | gcc_plugin | qemu_mode | unicorn_mode |
|
||||
| ----------------------- |:-------:|:---------:|:----------:|:----------------:|:------------:|
|
||||
| NeverZero | x | x(1) | (2) | x | x |
|
||||
| Persistent mode | | x | x | x86[_64]/arm[64] | x |
|
||||
| LAF-Intel / CompCov | | x | | x86[_64]/arm[64] | x86[_64]/arm |
|
||||
| CmpLog | | x | | x86[_64]/arm[64] | |
|
||||
| Instrument file list | | x | x | (x)(3) | |
|
||||
| Non-colliding coverage | | x(4) | | (x)(5) | |
|
||||
| InsTrim | | x | | | |
|
||||
| Ngram prev_loc coverage | | x(6) | | | |
|
||||
| Context coverage | | x | | | |
|
||||
| Auto dictionary | | x(7) | | | |
|
||||
| Snapshot LKM support | | x | | (x)(5) | |
|
||||
| Feature/Instrumentation | afl-gcc | llvm_mode | gcc_plugin | qemu_mode | unicorn_mode |
|
||||
| ------------------------ |:-------:|:---------:|:----------:|:----------------:|:------------:|
|
||||
| NeverZero | x | x(1) | (2) | x | x |
|
||||
| Persistent mode | | x | x | x86[_64]/arm[64] | x |
|
||||
| LAF-Intel / CompCov | | x | | x86[_64]/arm[64] | x86[_64]/arm |
|
||||
| CmpLog | | x | | x86[_64]/arm[64] | |
|
||||
| Selective instrumentation| | x | x | (x)(3) | |
|
||||
| Non-colliding coverage | | x(4) | | (x)(5) | |
|
||||
| InsTrim | | x | | | |
|
||||
| Ngram prev_loc coverage | | x(6) | | | |
|
||||
| Context coverage | | x | | | |
|
||||
| Auto dictionary | | x(7) | | | |
|
||||
| Snapshot LKM support | | x | | (x)(5) | |
|
||||
|
||||
1. default for LLVM >= 9.0, env var for older version due an efficiency bug in llvm <= 8
|
||||
2. GCC creates non-performant code, hence it is disabled in gcc_plugin
|
||||
@ -72,7 +72,7 @@
|
||||
* The MOpt mutator: [https://github.com/puppet-meteor/MOpt-AFL](https://github.com/puppet-meteor/MOpt-AFL)
|
||||
* LLVM mode Ngram coverage by Adrian Herrera [https://github.com/adrianherrera/afl-ngram-pass](https://github.com/adrianherrera/afl-ngram-pass)
|
||||
* InsTrim, an effective CFG llvm_mode instrumentation implementation for large targets: [https://github.com/csienslab/instrim](https://github.com/csienslab/instrim)
|
||||
* C. Holler's afl-fuzz Python mutator module and llvm_mode instrument file support: [https://github.com/choller/afl](https://github.com/choller/afl)
|
||||
* C. Holler's afl-fuzz Python mutator module: [https://github.com/choller/afl](https://github.com/choller/afl)
|
||||
* Custom mutator by a library (instead of Python) by kyakdan
|
||||
* LAF-Intel/CompCov support for llvm_mode, qemu_mode and unicorn_mode (with enhanced capabilities)
|
||||
* Radamsa and hongfuzz mutators (as custom mutators).
|
||||
|
||||
@ -986,7 +986,7 @@ uint64_t rand_next(afl_state_t *afl);
|
||||
|
||||
static inline u32 rand_below(afl_state_t *afl, u32 limit) {
|
||||
|
||||
if (limit <= 1) return 0;
|
||||
if (limit <= 1) return 0;
|
||||
|
||||
/* The boundary not being necessarily a power of 2,
|
||||
we need to ensure the result uniformity. */
|
||||
@ -1008,7 +1008,7 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) {
|
||||
expand havoc mode */
|
||||
static inline u32 rand_below_datalen(afl_state_t *afl, u32 limit) {
|
||||
|
||||
if (limit <= 1) return 0;
|
||||
if (limit <= 1) return 0;
|
||||
|
||||
switch (rand_below(afl, 3)) {
|
||||
|
||||
|
||||
@ -400,7 +400,7 @@ static void edit_params(u32 argc, char **argv, char **envp) {
|
||||
|
||||
if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue;
|
||||
if (lto_mode && !strncmp(cur, "--ld-path=", 10)) continue;
|
||||
|
||||
|
||||
if (!strcmp(cur, "-E")) preprocessor_only = 1;
|
||||
if (!strcmp(cur, "-shared")) shared_linking = 1;
|
||||
|
||||
@ -582,6 +582,7 @@ static void edit_params(u32 argc, char **argv, char **envp) {
|
||||
runtime. We must hence avoid attaching the runtime to shared objects. */
|
||||
cc_params[cc_par_cnt] = NULL;
|
||||
return;
|
||||
|
||||
}
|
||||
|
||||
#ifndef __ANDROID__
|
||||
|
||||
@ -876,9 +876,13 @@ void __sanitizer_cov_trace_pc_guard(uint32_t *guard) {
|
||||
if (bt_size > 0) {
|
||||
|
||||
char **bt_syms = backtrace_symbols(bt, bt_size);
|
||||
if (bt_syms)
|
||||
if (bt_syms) {
|
||||
|
||||
fprintf(stderr, "DEBUG: edge=%u caller=%s\n", unstable[idx],
|
||||
bt_syms[0]);
|
||||
free(bt_syms);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -176,6 +176,7 @@ echo Building for CPU target $CPU_TARGET
|
||||
echo "[*] Applying patches..."
|
||||
|
||||
patch -p1 <../patches/elfload.diff || exit 1
|
||||
patch -p1 <../patches/mips-fpu.diff || exit 1
|
||||
patch -p1 <../patches/bsd-elfload.diff || exit 1
|
||||
patch -p1 <../patches/cpu-exec.diff || exit 1
|
||||
patch -p1 <../patches/syscall.diff || exit 1
|
||||
|
||||
15
qemu_mode/patches/mips-fpu.diff
Normal file
15
qemu_mode/patches/mips-fpu.diff
Normal file
@ -0,0 +1,15 @@
|
||||
--- a/linux-user/elfload.c 2020-07-13 20:10:37.776374566 -0700
|
||||
+++ b/linux-user/elfload.c 2020-07-13 20:11:51.794957015 -0700
|
||||
@@ -2667,6 +2667,11 @@
|
||||
char *elf_interpreter = NULL;
|
||||
char *scratch;
|
||||
|
||||
+ memset(&interp_info, 0, sizeof(interp_info));
|
||||
+#ifdef TARGET_MIPS
|
||||
+ interp_info.fp_abi = MIPS_ABI_FP_UNKNOWN;
|
||||
+#endif
|
||||
+
|
||||
info->start_mmap = (abi_ulong)ELF_START_MMAP;
|
||||
|
||||
load_elf_image(bprm->filename, bprm->fd, info,
|
||||
|
||||
@ -112,8 +112,10 @@ static u8 check_if_text(struct queue_entry *q) {
|
||||
u8 buf[MAX_FILE];
|
||||
s32 fd, len = q->len, offset = 0, ascii = 0, utf8 = 0, comp;
|
||||
|
||||
if (len >= MAX_FILE) len = MAX_FILE - 1;
|
||||
if ((fd = open(q->fname, O_RDONLY)) < 0) return 0;
|
||||
if ((comp = read(fd, buf, len)) != len) return 0;
|
||||
buf[len] = 0;
|
||||
close(fd);
|
||||
|
||||
while (offset < len) {
|
||||
|
||||
@ -819,16 +819,27 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
|
||||
|
||||
fd = open(q->fname, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
||||
|
||||
if (fd < 0) { PFATAL("Unable to create '%s'", q->fname); }
|
||||
|
||||
u32 written = 0;
|
||||
while (written < q->len) {
|
||||
|
||||
ssize_t result = write(fd, in_buf, q->len - written);
|
||||
if (result > 0) written += result;
|
||||
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
unlink(q->fname); /* ignore errors */
|
||||
fd = open(q->fname, O_WRONLY | O_CREAT | O_EXCL, 0600);
|
||||
|
||||
if (fd < 0) { PFATAL("Unable to create '%s'", q->fname); }
|
||||
|
||||
ck_write(fd, in_buf, q->len, q->fname);
|
||||
|
||||
}
|
||||
|
||||
if (fd < 0) { PFATAL("Unable to create '%s'", q->fname); }
|
||||
|
||||
ck_write(fd, in_buf, q->len, q->fname);
|
||||
close(fd);
|
||||
|
||||
memcpy(afl->fsrv.trace_bits, afl->clean_trace, afl->fsrv.map_size);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user