ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 20:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

better handling of -fsanitize=..,...,.. lists

Browse Source
This commit is contained in:
vanhauser-thc
2022-08-14 14:40:26 +02:00
parent 1a3b463c4c
commit 4e98071385
2 changed files with 98 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Changelog.md
View File

@ -14,6 +14,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead - added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead
of calibrating all initial seeds first. Good for large queues of calibrating all initial seeds first. Good for large queues
and long execution times, especially in CIs. and long execution times, especially in CIs.
- afl-cc:
- better handling of -fsanitize=..,...,.. lists
- qemu_mode: - qemu_mode:
- added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable - added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable
edges (together with AFL_DEBUG=1 afl-fuzz). thanks to edges (together with AFL_DEBUG=1 afl-fuzz). thanks to

109
src/afl-cc.c
View File

@ -51,7 +51,7 @@ static u32 cc_par_cnt = 1; /* Param count, including argv0 */
static u8 clang_mode; /* Invoked as afl-clang*? */ static u8 clang_mode; /* Invoked as afl-clang*? */
static u8 llvm_fullpath[PATH_MAX]; static u8 llvm_fullpath[PATH_MAX];
static u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k, lto_mode; static u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k, lto_mode;
static u8 compiler_mode, plusplus_mode, have_instr_env = 0; static u8 compiler_mode, plusplus_mode, have_instr_env = 0, need_aflpplib = 0;
static u8 have_gcc, have_llvm, have_gcc_plugin, have_lto, have_instr_list = 0; static u8 have_gcc, have_llvm, have_gcc_plugin, have_lto, have_instr_list = 0;
static u8 *lto_flag = AFL_CLANG_FLTO, *argvnull; static u8 *lto_flag = AFL_CLANG_FLTO, *argvnull;
static u8 debug; static u8 debug;
@ -310,6 +310,69 @@ static u8 *find_object(u8 *obj, u8 *argv0) {
} }
void parse_fsanitize(char *string) {
char *p, *ptr = string + strlen("-fsanitize=");
char *new = malloc(strlen(string) + 1);
char *tmp = malloc(strlen(ptr));
u32 count = 0, len, ende = 0;
strcpy(new, "-fsanitize=");
do {
p = strchr(ptr, ',');
if (!p) {
p = ptr + strlen(ptr) + 1;
ende = 1;
}
len = p - ptr;
if (len) {
strncpy(tmp, ptr, len);
tmp[len] = 0;
// fprintf(stderr, "Found: %s\n", tmp);
ptr += len + 1;
if (*tmp) {
u32 copy = 1;
if (!strcmp(tmp, "fuzzer")) {
need_aflpplib = 1;
copy = 0;
} else if (!strncmp(tmp, "fuzzer", 6)) {
copy = 0;
}
if (copy) {
if (count) { strcat(new, ","); }
strcat(new, tmp);
++count;
}
}
} else {
ptr++; /*fprintf(stderr, "NO!\n"); */
}
} while (!ende);
strcpy(string, new);
// fprintf(stderr, "string: %s\n", string);
// fprintf(stderr, "new: %s\n", new);
}
/* Copy argv to cc_params, making the necessary edits. */ /* Copy argv to cc_params, making the necessary edits. */
static void edit_params(u32 argc, char **argv, char **envp) { static void edit_params(u32 argc, char **argv, char **envp) {
@ -779,20 +842,35 @@ static void edit_params(u32 argc, char **argv, char **envp) {
} }
if ((!strncmp(cur, "-fsanitize=fuzzer-", strlen("-fsanitize=fuzzer-")) || if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list=")) {
!strncmp(cur, "-fsanitize-coverage", strlen("-fsanitize-coverage"))) &&
(strncmp(cur, "sanitize-coverage-allow", have_instr_list = 1;
strlen("sanitize-coverage-allow")) &&
strncmp(cur, "sanitize-coverage-deny", }
strlen("sanitize-coverage-deny")) &&
instrument_mode != INSTRUMENT_LLVMNATIVE)) { if (!strncmp(cur, "-fsanitize=", strlen("-fsanitize=")) &&
strchr(cur, ',')) {
parse_fsanitize(cur);
if (!cur || strlen(cur) <= strlen("-fsanitize=")) { continue; }
} else if ((!strncmp(cur, "-fsanitize=fuzzer-",
strlen("-fsanitize=fuzzer-")) ||
!strncmp(cur, "-fsanitize-coverage",
strlen("-fsanitize-coverage"))) &&
(strncmp(cur, "sanitize-coverage-allow",
strlen("sanitize-coverage-allow")) &&
strncmp(cur, "sanitize-coverage-deny",
strlen("sanitize-coverage-deny")) &&
instrument_mode != INSTRUMENT_LLVMNATIVE)) {
if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); } if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); }
continue; continue;
} }
if (!strcmp(cur, "-fsanitize=fuzzer")) { if (need_aflpplib || !strcmp(cur, "-fsanitize=fuzzer")) {
u8 *afllib = find_object("libAFLDriver.a", argv[0]); u8 *afllib = find_object("libAFLDriver.a", argv[0]);
@ -823,7 +901,15 @@ static void edit_params(u32 argc, char **argv, char **envp) {
} }
continue; if (need_aflpplib) {
need_aflpplib = 0;
} else {
continue;
}
} }
@ -831,9 +917,6 @@ static void edit_params(u32 argc, char **argv, char **envp) {
if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32; if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32;
if (!strcmp(cur, "-m64")) bit_mode = 64; if (!strcmp(cur, "-m64")) bit_mode = 64;
if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list="))
have_instr_list = 1;
if (!strcmp(cur, "-fsanitize=address") || !strcmp(cur, "-fsanitize=memory")) if (!strcmp(cur, "-fsanitize=address") || !strcmp(cur, "-fsanitize=memory"))
asan_set = 1; asan_set = 1;