From 64fa11d204c13ad32f9fe0dbb9abbfedc00ebb3d Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 28 Oct 2019 11:52:31 +0100 Subject: [PATCH 01/29] updated changelog, afl-analyze AFL_SKIP_BIN_CHECK support --- docs/ChangeLog | 13 +++++++++++++ src/afl-analyze.c | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/docs/ChangeLog b/docs/ChangeLog index c2d46e4d..4c51502b 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -13,6 +13,19 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . +---------------------- +Version ++2.58d (dev): +---------------------- + + - afl-analyze: added AFL_SKIP_BIN_CHECK support + - better random numbers for gcc_plugin and llvm_mode (thanks to devnexen) + - afl-fuzz: CPU affinity support for DragonFly + - llvm_mode: float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS + - libtokencap: support for *BSD/OSX added + - libcompcov floating point splitting support for qemu and unicorn + - removed unnecessary warnings + + -------------------------- Version ++2.58c (release): -------------------------- diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 5555a262..ee281af8 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -987,7 +987,7 @@ int main(int argc, char** argv) { if (child_timed_out) FATAL("Target binary times out (adjusting -t may help)."); - if (!anything_set()) FATAL("No instrumentation detected."); + if (getenv("AFL_SKIP_BIN_CHECK") == NULL && !anything_set()) FATAL("No instrumentation detected."); analyze(use_argv); From 942f8d0ec9bed45c9038112aef7cd9b8a05f6f30 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Mon, 28 Oct 2019 11:01:37 +0000 Subject: [PATCH 02/29] Fix proposal for libtokencap Avoiding fopen API seems buggy on NetBSD. --- libtokencap/Makefile | 3 +++ libtokencap/libtokencap.so.c | 18 +++++++++++++----- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/libtokencap/Makefile b/libtokencap/Makefile index 441412c7..df2426ed 100644 --- a/libtokencap/Makefile +++ b/libtokencap/Makefile @@ -33,6 +33,9 @@ endif ifeq "$(shell uname)" "OpenBSD" TARGETS = libtokencap.so endif +ifeq "$(shell uname)" "NetBSD" + TARGETS = libtokencap.so +endif all: $(TARGETS) libtokencap.so: libtokencap.so.c ../config.h diff --git a/libtokencap/libtokencap.so.c b/libtokencap/libtokencap.so.c index 7ed231fe..e1977127 100644 --- a/libtokencap/libtokencap.so.c +++ b/libtokencap/libtokencap.so.c @@ -23,6 +23,7 @@ #include #include #include +#include #include "../types.h" #include "../config.h" @@ -49,7 +50,7 @@ static struct mapping { void *st, *en; } __tokencap_ro[MAX_MAPPINGS]; static u32 __tokencap_ro_cnt; static u8 __tokencap_ro_loaded; -static FILE* __tokencap_out_file; +static int __tokencap_out_file = -1; /* Identify read-only regions in memory. Only parameters that fall into these ranges are worth dumping when passed to strcmp() and so on. Read-write @@ -211,7 +212,7 @@ static void __tokencap_dump(const u8* ptr, size_t len, u8 is_text) { u32 i; u32 pos = 0; - if (len < MIN_AUTO_EXTRA || len > MAX_AUTO_EXTRA || !__tokencap_out_file) + if (len < MIN_AUTO_EXTRA || len > MAX_AUTO_EXTRA || __tokencap_out_file == -1) return; for (i = 0; i < len; i++) { @@ -237,7 +238,9 @@ static void __tokencap_dump(const u8* ptr, size_t len, u8 is_text) { buf[pos] = 0; - fprintf(__tokencap_out_file, "\"%s\"\n", buf); + write(__tokencap_out_file, "\"", 1); + write(__tokencap_out_file, buf, pos); + write(__tokencap_out_file, "\"\n", 2); } @@ -403,8 +406,13 @@ char* strcasestr(const char* haystack, const char* needle) { __attribute__((constructor)) void __tokencap_init(void) { u8* fn = getenv("AFL_TOKEN_FILE"); - if (fn) __tokencap_out_file = fopen(fn, "a"); - if (!__tokencap_out_file) __tokencap_out_file = stderr; + if (fn) __tokencap_out_file = open(fn, O_RDWR | O_CREAT | O_APPEND, 0655); + if (__tokencap_out_file == -1) __tokencap_out_file = STDERR_FILENO; } +/* closing as best as we can the tokens file */ +__attribute__((destructor)) void __tokencap_shutdown(void) { + if (__tokencap_out_file != STDERR_FILENO) close(__tokencap_out_file); +} + From fbb131da737fdabe4908558bd839c468410ab3fc Mon Sep 17 00:00:00 2001 From: David Carlier Date: Mon, 28 Oct 2019 14:44:28 +0000 Subject: [PATCH 03/29] memalign/posix_memalign proposal for libdislocator --- libdislocator/libdislocator.so.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index d172f7a2..f1972797 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -264,6 +264,36 @@ void* realloc(void* ptr, size_t len) { } +/* posix_memalign we mainly check the proper alignment argument + if the requested size fits within the alignment we do + a normal request */ + +int posix_memalign(void** ptr, size_t align, size_t len) { + if (!ptr) FATAL("null pointer on posix_memalign()"); + if ((align % 2) || (align % sizeof(void *))) FATAL("bad alignment on posix_memalign()"); + if (align >= 4 * sizeof(size_t)) { + + len += align -1; + + } + + *ptr = malloc(len); + + DEBUGF("posix_memalign(%p %zu, %zu)", ptr, len, align); + + return 0; +} + +/* just the non-posix fashion */ + +void *memalign(size_t align, size_t len) { + void* ret; + + posix_memalign(&ret, align, len); + + return ret; +} + __attribute__((constructor)) void __dislocator_init(void) { u8* tmp = getenv("AFL_LD_LIMIT_MB"); From 80359685167309639562ece25a77782cb6ccfd54 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 28 Oct 2019 16:32:26 +0100 Subject: [PATCH 04/29] silence some compiler warnings --- libdislocator/libdislocator.so.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index f1972797..5246af40 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -279,7 +279,7 @@ int posix_memalign(void** ptr, size_t align, size_t len) { *ptr = malloc(len); - DEBUGF("posix_memalign(%p %zu, %zu)", ptr, len, align); + DEBUGF("posix_memalign(%p %zu, %zu)", ptr, align, len); return 0; } @@ -287,9 +287,11 @@ int posix_memalign(void** ptr, size_t align, size_t len) { /* just the non-posix fashion */ void *memalign(size_t align, size_t len) { - void* ret; + void* ret = NULL; - posix_memalign(&ret, align, len); + if (posix_memalign(&ret, align, len)) { + DEBUGF("memalign(%zu, %zu) failed", align, len); + } return ret; } From 25443918c4ab15c4c1f9ba0861f5d48daa29a412 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 28 Oct 2019 16:45:30 +0100 Subject: [PATCH 05/29] silence some compiler warnings --- libtokencap/libtokencap.so.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libtokencap/libtokencap.so.c b/libtokencap/libtokencap.so.c index e1977127..820f5bc4 100644 --- a/libtokencap/libtokencap.so.c +++ b/libtokencap/libtokencap.so.c @@ -238,9 +238,9 @@ static void __tokencap_dump(const u8* ptr, size_t len, u8 is_text) { buf[pos] = 0; - write(__tokencap_out_file, "\"", 1); - write(__tokencap_out_file, buf, pos); - write(__tokencap_out_file, "\"\n", 2); + int wrt_ok = ( 1 == write(__tokencap_out_file, "\"", 1)); + wrt_ok &= (pos == write(__tokencap_out_file, buf, pos)); + wrt_ok &= (2 == write(__tokencap_out_file, "\"\n", 2)); } From 38d74f0ad56a74cfed1eec04a8a46b4f8e4ec824 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 28 Oct 2019 20:48:45 +0100 Subject: [PATCH 06/29] second forgotten place, we need to filter out float vector types --- llvm_mode/split-compares-pass.so.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/llvm_mode/split-compares-pass.so.cc b/llvm_mode/split-compares-pass.so.cc index 06bdeb60..60420f77 100644 --- a/llvm_mode/split-compares-pass.so.cc +++ b/llvm_mode/split-compares-pass.so.cc @@ -118,6 +118,8 @@ bool SplitComparesTransform::simplifyCompares(Module &M) { /* this is probably not needed but we do it anyway */ if (TyOp0 != TyOp1) { continue; } + if (TyOp0->isArrayTy() || TyOp0->isVectorTy()) { continue; } + fcomps.push_back(selectcmpInst); } From 6238df88a26d8498b4a821897f030a866dafdc24 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 28 Oct 2019 22:36:29 +0100 Subject: [PATCH 07/29] fixed warning and return --- libdislocator/libdislocator.so.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index 5246af40..b3a90366 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -269,13 +269,11 @@ void* realloc(void* ptr, size_t len) { a normal request */ int posix_memalign(void** ptr, size_t align, size_t len) { - if (!ptr) FATAL("null pointer on posix_memalign()"); - if ((align % 2) || (align % sizeof(void *))) FATAL("bad alignment on posix_memalign()"); - if (align >= 4 * sizeof(size_t)) { - - len += align -1; - - } + if ((char*)ptr == NULL || *ptr == NULL) + return -1; // why would we do: FATAL("null pointer on posix_memalign()"); + if ((align % 2) || (align % sizeof(void *))) + return -1; // why would we do: FATAL("bad alignment on posix_memalign()"); + if (align >= 4 * sizeof(size_t)) len += align -1; *ptr = malloc(len); From 87b599f4a8b875c0ff8c81aff39ebecfd34e29fc Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 29 Oct 2019 08:09:43 +0000 Subject: [PATCH 08/29] adding aligned_alloc + little changes proposal for posix_memalign --- libdislocator/libdislocator.so.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index b3a90366..e27efc0f 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include "config.h" @@ -272,7 +273,11 @@ int posix_memalign(void** ptr, size_t align, size_t len) { if ((char*)ptr == NULL || *ptr == NULL) return -1; // why would we do: FATAL("null pointer on posix_memalign()"); if ((align % 2) || (align % sizeof(void *))) - return -1; // why would we do: FATAL("bad alignment on posix_memalign()"); + return EINVAL; // why would we do: FATAL("bad alignment on posix_memalign()"); + if (len == 0) { + *ptr = NULL; + return 0; + } if (align >= 4 * sizeof(size_t)) len += align -1; *ptr = malloc(len); @@ -294,6 +299,20 @@ void *memalign(size_t align, size_t len) { return ret; } +/* sort of C11 alias of memalign only more severe, alignment-wise */ + +void *aligned_alloc(size_t align, size_t len) { + void *ret = NULL; + + if ((len % align)) return NULL; + + if (posix_memalign(&ret, align, len)) { + DEBUGF("aligned_alloc(%zu, %zu) failed", align, len); + } + + return ret; +} + __attribute__((constructor)) void __dislocator_init(void) { u8* tmp = getenv("AFL_LD_LIMIT_MB"); From ccbb0d37b33a83a0ea1bdb6128cb6c8900802944 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 29 Oct 2019 10:44:57 +0100 Subject: [PATCH 09/29] removed warning --- libdislocator/libdislocator.so.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index e27efc0f..7fe40afa 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -270,10 +270,10 @@ void* realloc(void* ptr, size_t len) { a normal request */ int posix_memalign(void** ptr, size_t align, size_t len) { - if ((char*)ptr == NULL || *ptr == NULL) - return -1; // why would we do: FATAL("null pointer on posix_memalign()"); + if (*ptr == NULL) + return EINVAL; if ((align % 2) || (align % sizeof(void *))) - return EINVAL; // why would we do: FATAL("bad alignment on posix_memalign()"); + return EINVAL; if (len == 0) { *ptr = NULL; return 0; From df5c7eef39ac20497d5b372033874c70bb7a47e9 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 29 Oct 2019 10:49:16 +0000 Subject: [PATCH 10/29] libtokencap, respect constness also considering pointer arithmetic is non C standard, some compilers might not have GNU extensions. --- libtokencap/libtokencap.so.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/libtokencap/libtokencap.so.c b/libtokencap/libtokencap.so.c index 820f5bc4..7e55963c 100644 --- a/libtokencap/libtokencap.so.c +++ b/libtokencap/libtokencap.so.c @@ -256,7 +256,7 @@ int strcmp(const char* str1, const char* str2) { while (1) { - unsigned char c1 = *str1, c2 = *str2; + const unsigned char c1 = *str1, c2 = *str2; if (c1 != c2) return (c1 > c2) ? 1 : -1; if (!c1) return 0; @@ -298,7 +298,7 @@ int strcasecmp(const char* str1, const char* str2) { while (1) { - unsigned char c1 = tolower(*str1), c2 = tolower(*str2); + const unsigned char c1 = tolower(*str1), c2 = tolower(*str2); if (c1 != c2) return (c1 > c2) ? 1 : -1; if (!c1) return 0; @@ -318,7 +318,7 @@ int strncasecmp(const char* str1, const char* str2, size_t len) { while (len--) { - unsigned char c1 = tolower(*str1), c2 = tolower(*str2); + const unsigned char c1 = tolower(*str1), c2 = tolower(*str2); if (!c1) return 0; if (c1 != c2) return (c1 > c2) ? 1 : -1; @@ -338,12 +338,15 @@ int memcmp(const void* mem1, const void* mem2, size_t len) { if (__tokencap_is_ro(mem1)) __tokencap_dump(mem1, len, 0); if (__tokencap_is_ro(mem2)) __tokencap_dump(mem2, len, 0); + const char *strmem1 = (const char *)mem1; + const char *strmem2 = (const char *)mem2; + while (len--) { - unsigned char c1 = *(const char*)mem1, c2 = *(const char*)mem2; + const unsigned char c1 = *strmem1, c2 = *strmem2; if (c1 != c2) return (c1 > c2) ? 1 : -1; - mem1++; - mem2++; + strmem1++; + strmem2++; } From c87210820c1566c74bf08ab4345679598cabd71b Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 29 Oct 2019 15:06:20 +0000 Subject: [PATCH 11/29] libtokencap update proposal - bcmp interception. - FreeBSD using default argument to get current pid for the mapping data gathering, getpid seems to cause some issues under certain conditions (getenv call). --- libtokencap/libtokencap.so.c | 28 ++++++++++++++++++++++++---- llvm_mode/afl-clang-fast.c | 3 +++ src/afl-gcc.c | 1 + 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/libtokencap/libtokencap.so.c b/libtokencap/libtokencap.so.c index 7e55963c..2fe9ae63 100644 --- a/libtokencap/libtokencap.so.c +++ b/libtokencap/libtokencap.so.c @@ -115,7 +115,7 @@ static void __tokencap_load_mappings(void) { #elif defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__ #if defined __FreeBSD__ - int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, getpid()}; + int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, -1}; #elif defined __OpenBSD__ int mib[] = {CTL_KERN, KERN_PROC_VMMAP, getpid()}; #elif defined __NetBSD__ @@ -134,9 +134,7 @@ static void __tokencap_load_mappings(void) { #endif buf = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0); - if (!buf) { - return; - } + if (buf == MAP_FAILED) return; if (sysctl(mib, miblen, buf, &len, NULL, 0) == -1) { @@ -354,6 +352,28 @@ int memcmp(const void* mem1, const void* mem2, size_t len) { } +#undef bcmp + +int bcmp(const void* mem1, const void* mem2, size_t len) { + + if (__tokencap_is_ro(mem1)) __tokencap_dump(mem1, len, 0); + if (__tokencap_is_ro(mem2)) __tokencap_dump(mem2, len, 0); + + const char *strmem1 = (const char *)mem1; + const char *strmem2 = (const char *)mem2; + + while (len--) { + + int diff = *strmem1 ^ *strmem2; + if (diff != 0) return 1; + strmem1++; + strmem2++; + + } + + return 0; +} + #undef strstr char* strstr(const char* haystack, const char* needle) { diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index a7f6acdc..1acf8856 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -273,6 +273,9 @@ static void edit_params(u32 argc, char** argv) { cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp"; cc_params[cc_par_cnt++] = "-fno-builtin-memcmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-bcmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-strstr"; + cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr"; } diff --git a/src/afl-gcc.c b/src/afl-gcc.c index 740442dc..e0706a5f 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -320,6 +320,7 @@ static void edit_params(u32 argc, char** argv) { cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp"; cc_params[cc_par_cnt++] = "-fno-builtin-memcmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-bcmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strstr"; cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr"; From 67533cf7c35c8e9e6cb8dfdde9c704187b1970da Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 29 Oct 2019 15:35:54 +0000 Subject: [PATCH 12/29] copying LLVM mode no builtins. --- gcc_plugin/afl-gcc-fast.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/gcc_plugin/afl-gcc-fast.c b/gcc_plugin/afl-gcc-fast.c index 093249a0..057b44cc 100644 --- a/gcc_plugin/afl-gcc-fast.c +++ b/gcc_plugin/afl-gcc-fast.c @@ -108,7 +108,7 @@ static void edit_params(u32 argc, char** argv) { u8 fortify_set = 0, asan_set = 0, x_set = 0, maybe_linking = 1; u8* name; - cc_params = ck_alloc((argc + 64) * sizeof(u8*)); + cc_params = ck_alloc((argc + 128) * sizeof(u8*)); name = strrchr(argv[0], '/'); if (!name) @@ -202,6 +202,19 @@ static void edit_params(u32 argc, char** argv) { } + if (getenv("AFL_NO_BUILTIN")) { + + cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-memcmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-bcmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-strstr"; + cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr"; + + } + #ifdef USEMMAP cc_params[cc_par_cnt++] = "-lrt"; #endif From 16953b5cfa040c886d0edfbf2f4da478c3e6014d Mon Sep 17 00:00:00 2001 From: David Carlier Date: Wed, 30 Oct 2019 17:04:43 +0000 Subject: [PATCH 13/29] LLVM mode passing the full path of the LLVM config bindir. On FreeBSD the system compiler does not have llvm-config however system packages provides several version of the LLVM toolchain thus forcing to pass AFL_CC/AFL_CXX to make it work fully. --- llvm_mode/Makefile | 2 +- llvm_mode/afl-clang-fast.c | 8 ++++++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/llvm_mode/Makefile b/llvm_mode/Makefile index 7cfbe92d..033babac 100644 --- a/llvm_mode/Makefile +++ b/llvm_mode/Makefile @@ -52,7 +52,7 @@ endif CFLAGS ?= -O3 -funroll-loops CFLAGS += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign -I ../include/ \ -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \ - -DVERSION=\"$(VERSION)\" + -DLLVM_BINDIR=\"$(LLVM_BINDIR)\" -DVERSION=\"$(VERSION)\" ifdef AFL_TRACE_PC CFLAGS += -DUSE_TRACE_PC=1 endif diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 1acf8856..e92fb76f 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -32,11 +32,13 @@ #include #include #include +#include #include static u8* obj_path; /* Path to runtime libraries */ static u8** cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ +static u8 llvm_fullpath[PATH_MAX]; /* Try to find the runtime libraries. If that fails, abort. */ @@ -117,12 +119,14 @@ static void edit_params(u32 argc, char** argv) { if (!strcmp(name, "afl-clang-fast++")) { u8* alt_cxx = getenv("AFL_CXX"); - cc_params[0] = alt_cxx ? alt_cxx : (u8*)"clang++"; + snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", LLVM_BINDIR); + cc_params[0] = alt_cxx ? alt_cxx : (u8*)llvm_fullpath; } else { u8* alt_cc = getenv("AFL_CC"); - cc_params[0] = alt_cc ? alt_cc : (u8*)"clang"; + snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", LLVM_BINDIR); + cc_params[0] = alt_cc ? alt_cc : (u8*)llvm_fullpath; } From 4620d31e2aaed11c8aacf0b499301a3154a2d390 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 10:10:15 +0100 Subject: [PATCH 14/29] travis --- .travis.yml | 59 ++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 54 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 9ef95bcf..b5684452 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,11 +1,60 @@ language: c env: - - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 + - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 AFL_STOP_MANUALLY=1 + - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 AFL_EXIT_WHEN_DONE=1 + # TODO: test AFL_BENCH_UNTIL_CRASH once we have a target that crashes + - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 AFL_NO_UI=1 AFL_BENCH_JUST_ONE=1 +before_install: + - sudo apt update + - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang + +# TODO: Look into splitting off some builds using a build matrix. +# TODO: Move this all into a bash script so we don't need to write bash in yaml. script: - - make - - ./afl-gcc ./test-instr.c -o test-instr - - mkdir seeds; mkdir out + - make distrib + - ./afl-gcc ./test-instr.c -o test-instr-gcc + - mkdir seeds - echo "" > seeds/nil_seed - - timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr + - if [ -z "$AFL_STOP_MANUALLY" ]; + then ./afl-fuzz -i seeds -o out/ -- ./test-instr-gcc; + else timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr-gcc; + fi + #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 1 -p 3 + - rm -r out/* + #- ./afl-clang ./test-instr.c -o test-instr-clang + #- if [ -z "$AFL_STOP_MANUALLY" ]; + # then ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang; + # else timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang; + # fi + #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 1 -p 2 + #- CC=clang CXX=clang++ make + #- cd llvm_mode + # TODO: Build with different versions of clang/LLVM since LLVM passes don't + # have a stable API. + #- CC=clang CXX=clang++ LLVM_CONFIG=llvm-config make + #- cd .. + #- rm -r out/* + - ./afl-clang-fast ./test-instr.c -o test-instr-clang-fast + - if [ -z "$AFL_STOP_MANUALLY" ]; + then ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang-fast; + else timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang-fast; + fi + #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 1 -p 3 + # Test fuzzing libFuzzer targets and trace-pc-guard instrumentation. + #- clang -g -fsanitize-coverage=trace-pc-guard ./test-libfuzzer-target.c -c + #- clang -c -w llvm_mode/afl-llvm-rt.o.c + #- wget https://raw.githubusercontent.com/llvm/llvm-project/master/compiler-rt/lib/fuzzer/afl/afl_driver.cpp + #- clang++ afl_driver.cpp afl-llvm-rt.o.o test-libfuzzer-target.o -o test-libfuzzer-target + #- timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-libfuzzer-target + #- cd qemu_mode + #- ./build_qemu_support.sh + #- cd .. + #- gcc ./test-instr.c -o test-no-instr + #- if [ -z "$AFL_STOP_MANUALLY" ]; + # then ./afl-fuzz -Q -i seeds -o out/ -- ./test-no-instr; + # else timeout --preserve-status 5s ./afl-fuzz -Q -i seeds -o out/ -- ./test-no-instr; + # fi + #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 12 -p 9 + - make clean From 070ccae4dd04c5315bf1daba8ee35202b4f30264 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Thu, 31 Oct 2019 09:25:43 +0000 Subject: [PATCH 15/29] Little tweaks --- llvm_mode/afl-clang-fast.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index e92fb76f..b2243492 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -38,7 +38,7 @@ static u8* obj_path; /* Path to runtime libraries */ static u8** cc_params; /* Parameters passed to the real CC */ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ -static u8 llvm_fullpath[PATH_MAX]; +static u8 llvm_fullpath[PATH_MAX]; /* Try to find the runtime libraries. If that fails, abort. */ @@ -106,6 +106,7 @@ static void find_obj(u8* argv0) { static void edit_params(u32 argc, char** argv) { u8 fortify_set = 0, asan_set = 0, x_set = 0, maybe_linking = 1, bit_mode = 0; + u8 has_llvm_config = 0; u8* name; cc_params = ck_alloc((argc + 128) * sizeof(u8*)); @@ -116,16 +117,20 @@ static void edit_params(u32 argc, char** argv) { else ++name; + has_llvm_config = (strlen(LLVM_BINDIR) > 0); + if (!strcmp(name, "afl-clang-fast++")) { u8* alt_cxx = getenv("AFL_CXX"); - snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", LLVM_BINDIR); + if (has_llvm_config) snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang++", LLVM_BINDIR); + else sprintf(llvm_fullpath, "clang++"); cc_params[0] = alt_cxx ? alt_cxx : (u8*)llvm_fullpath; } else { u8* alt_cc = getenv("AFL_CC"); - snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", LLVM_BINDIR); + if (has_llvm_config) snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", LLVM_BINDIR); + else sprintf(llvm_fullpath, "clang"); cc_params[0] = alt_cc ? alt_cc : (u8*)llvm_fullpath; } From 98b27d0c64c849318b36bc1f70851a53a8179057 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 11:01:00 +0100 Subject: [PATCH 16/29] travis: added make tests --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index b5684452..9f7ed920 100644 --- a/.travis.yml +++ b/.travis.yml @@ -57,4 +57,5 @@ script: # else timeout --preserve-status 5s ./afl-fuzz -Q -i seeds -o out/ -- ./test-no-instr; # fi #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 12 -p 9 + - make tests - make clean From fce7a0c78c3b1b54af288c9f94e65947d536d993 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 11:17:18 +0100 Subject: [PATCH 17/29] update travis --- .travis.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.travis.yml b/.travis.yml index 9f7ed920..b6e0f1d7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -57,5 +57,6 @@ script: # else timeout --preserve-status 5s ./afl-fuzz -Q -i seeds -o out/ -- ./test-no-instr; # fi #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 12 -p 9 + - ./afl-system-config - make tests - make clean From 94a7102d3ac1adc1518e652def412fb500382d95 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 11:21:41 +0100 Subject: [PATCH 18/29] travis updates --- .travis.yml | 46 ++-------------------------------------------- 1 file changed, 2 insertions(+), 44 deletions(-) diff --git a/.travis.yml b/.travis.yml index b6e0f1d7..b1f23032 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,55 +8,13 @@ env: before_install: - sudo apt update - - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang + - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-9 gcc-9-plugin-dev # TODO: Look into splitting off some builds using a build matrix. # TODO: Move this all into a bash script so we don't need to write bash in yaml. script: - make distrib - - ./afl-gcc ./test-instr.c -o test-instr-gcc - - mkdir seeds - - echo "" > seeds/nil_seed - - if [ -z "$AFL_STOP_MANUALLY" ]; - then ./afl-fuzz -i seeds -o out/ -- ./test-instr-gcc; - else timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr-gcc; - fi - #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 1 -p 3 - - rm -r out/* - #- ./afl-clang ./test-instr.c -o test-instr-clang - #- if [ -z "$AFL_STOP_MANUALLY" ]; - # then ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang; - # else timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang; - # fi - #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 1 -p 2 - #- CC=clang CXX=clang++ make - #- cd llvm_mode - # TODO: Build with different versions of clang/LLVM since LLVM passes don't - # have a stable API. - #- CC=clang CXX=clang++ LLVM_CONFIG=llvm-config make - #- cd .. - #- rm -r out/* - - ./afl-clang-fast ./test-instr.c -o test-instr-clang-fast - - if [ -z "$AFL_STOP_MANUALLY" ]; - then ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang-fast; - else timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-instr-clang-fast; - fi - #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 1 -p 3 - # Test fuzzing libFuzzer targets and trace-pc-guard instrumentation. - #- clang -g -fsanitize-coverage=trace-pc-guard ./test-libfuzzer-target.c -c - #- clang -c -w llvm_mode/afl-llvm-rt.o.c - #- wget https://raw.githubusercontent.com/llvm/llvm-project/master/compiler-rt/lib/fuzzer/afl/afl_driver.cpp - #- clang++ afl_driver.cpp afl-llvm-rt.o.o test-libfuzzer-target.o -o test-libfuzzer-target - #- timeout --preserve-status 5s ./afl-fuzz -i seeds -o out/ -- ./test-libfuzzer-target - #- cd qemu_mode - #- ./build_qemu_support.sh - #- cd .. - #- gcc ./test-instr.c -o test-no-instr - #- if [ -z "$AFL_STOP_MANUALLY" ]; - # then ./afl-fuzz -Q -i seeds -o out/ -- ./test-no-instr; - # else timeout --preserve-status 5s ./afl-fuzz -Q -i seeds -o out/ -- ./test-no-instr; - # fi - #- .travis/check_fuzzer_stats.sh -o out -k peak_rss_mb -v 12 -p 9 - ./afl-system-config + - sudo echo core > /proc/sys/kernel/core_pattern - make tests - make clean From c21b78b2979edbccf44b022d565eeddef9dd1d21 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 11:24:47 +0100 Subject: [PATCH 19/29] travis updates --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index b1f23032..ceb3f820 100644 --- a/.travis.yml +++ b/.travis.yml @@ -8,7 +8,7 @@ env: before_install: - sudo apt update - - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-9 gcc-9-plugin-dev + - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-5 gcc-5-plugin-dev # TODO: Look into splitting off some builds using a build matrix. # TODO: Move this all into a bash script so we don't need to write bash in yaml. From 7ab2e1d184e51f38b5a26e54746d708787605b84 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 11:29:22 +0100 Subject: [PATCH 20/29] travis update --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index ceb3f820..d8f12483 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,3 +1,4 @@ +dist: bionic language: c env: @@ -8,7 +9,7 @@ env: before_install: - sudo apt update - - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-5 gcc-5-plugin-dev + - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev # TODO: Look into splitting off some builds using a build matrix. # TODO: Move this all into a bash script so we don't need to write bash in yaml. From ae990ce8dcf3074d770d2595a98d4c7706959dff Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 11:38:01 +0100 Subject: [PATCH 21/29] travis updates --- .travis.yml | 4 ---- test/test.sh | 7 ++++--- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/.travis.yml b/.travis.yml index d8f12483..f1d74952 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,11 +11,7 @@ before_install: - sudo apt update - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev -# TODO: Look into splitting off some builds using a build matrix. -# TODO: Move this all into a bash script so we don't need to write bash in yaml. script: - make distrib - - ./afl-system-config - - sudo echo core > /proc/sys/kernel/core_pattern - make tests - make clean diff --git a/test/test.sh b/test/test.sh index 42ddf70b..e75d9fc7 100755 --- a/test/test.sh +++ b/test/test.sh @@ -26,6 +26,7 @@ test -z "$ECHO" && { printf Error: printf command does not support octal charact export AFL_EXIT_WHEN_DONE=1 export AFL_SKIP_CPUFREQ=1 +export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 unset AFL_QUIET unset AFL_DEBUG unset AFL_HARDEN @@ -87,7 +88,7 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X @@ -143,7 +144,7 @@ test -e ../afl-clang-fast && { } || $ECHO "$RED[!] llvm_mode hardened mode compilation failed" # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X @@ -226,7 +227,7 @@ test -e ../afl-gcc-fast && { } || $ECHO "$RED[!] gcc_plugin hardened mode compilation failed" # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X From c7c622377af95990181d044adace73d877cbfdca Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 12:25:20 +0100 Subject: [PATCH 22/29] travis debug --- .travis.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.travis.yml b/.travis.yml index f1d74952..6640ddd4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,15 @@ before_install: - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev script: + - echo DEBUG + - uname -a + - which python + - ls -l /bin/python* /usr/bin/python* + - file /bin/python* /usr/bin/python* + - dpkg -l | grep -i python + - pwd + - id + - echo END DEBUG - make distrib - make tests - make clean From 7fdc7e01a5889fba365b8b841ba19602e26b5bd7 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Thu, 31 Oct 2019 11:39:08 +0000 Subject: [PATCH 23/29] Fix some silent warnings and put some var to some usage... --- llvm_mode/LLVMInsTrim.so.cc | 15 +++++++++------ llvm_mode/afl-llvm-pass.so.cc | 2 ++ llvm_mode/compare-transform-pass.so.cc | 4 ++++ 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/llvm_mode/LLVMInsTrim.so.cc b/llvm_mode/LLVMInsTrim.so.cc index 4b5597e2..89738812 100644 --- a/llvm_mode/LLVMInsTrim.so.cc +++ b/llvm_mode/LLVMInsTrim.so.cc @@ -158,6 +158,7 @@ struct InsTrim : public ModulePass { bool instrumentBlock = false; DebugLoc Loc; StringRef instFilename; + unsigned int instLine = 0; for (auto &BB : F) { @@ -171,7 +172,7 @@ struct InsTrim : public ModulePass { DILocation *cDILoc = dyn_cast(Loc.getAsMDNode()); - unsigned int instLine = cDILoc->getLine(); + instLine = cDILoc->getLine(); instFilename = cDILoc->getFilename(); if (instFilename.str().empty()) { @@ -217,11 +218,13 @@ struct InsTrim : public ModulePass { * not whitelisted, so we skip instrumentation. */ if (!instrumentBlock) { - if (!instFilename.str().empty()) - SAYF(cYEL "[!] " cBRI "Not in whitelist, skipping %s ...\n", - instFilename.str().c_str()); - else - SAYF(cYEL "[!] " cBRI "No filename information found, skipping it"); + if (!be_quiet) { + if (!instFilename.str().empty()) + SAYF(cYEL "[!] " cBRI "Not in whitelist, skipping %s line %u...\n", + instFilename.str().c_str(), instLine); + else + SAYF(cYEL "[!] " cBRI "No filename information found, skipping it"); + } continue; } diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc index e094a0b2..0c68136b 100644 --- a/llvm_mode/afl-llvm-pass.so.cc +++ b/llvm_mode/afl-llvm-pass.so.cc @@ -190,6 +190,8 @@ bool AFLCoverage::runOnModule(Module &M) { } + (void)instLine; + /* Continue only if we know where we actually are */ if (!instFilename.str().empty()) { diff --git a/llvm_mode/compare-transform-pass.so.cc b/llvm_mode/compare-transform-pass.so.cc index e1b6e671..0ccce875 100644 --- a/llvm_mode/compare-transform-pass.so.cc +++ b/llvm_mode/compare-transform-pass.so.cc @@ -234,6 +234,10 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, ConstantInt *ilen = dyn_cast(op2); sizedLen = ilen->getZExtValue(); + } else { + + sizedLen = 0; + } if (HasStr1) { From 744910ad1b458e5e713fd4bd0c383cc019ab2c6e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 12:43:51 +0100 Subject: [PATCH 24/29] travis update --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/test.sh b/test/test.sh index e75d9fc7..02eea821 100755 --- a/test/test.sh +++ b/test/test.sh @@ -377,7 +377,7 @@ test -d ../unicorn_mode/unicorn && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" { - ../afl-fuzz -V20 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V20 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" @@ -392,7 +392,7 @@ test -d ../unicorn_mode/unicorn && { $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V25 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" From 7b0ab778e3850333c6cc2eef7a9db112cf09538b Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 12:46:55 +0100 Subject: [PATCH 25/29] travis update --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 6640ddd4..71c241ab 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,7 @@ env: before_install: - sudo apt update - - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev + - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev libc++-8-dev script: - echo DEBUG From 822a3e505a6f2fb8dd2524172d69c34d15a9c650 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 12:49:33 +0100 Subject: [PATCH 26/29] travis update --- .travis.yml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/.travis.yml b/.travis.yml index 71c241ab..6b718409 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,15 +12,7 @@ before_install: - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev libc++-8-dev script: - - echo DEBUG - - uname -a - - which python - - ls -l /bin/python* /usr/bin/python* - - file /bin/python* /usr/bin/python* - - dpkg -l | grep -i python - - pwd - - id - - echo END DEBUG + - which python2.7 - make distrib - make tests - make clean From e8d0ffa8b474532c0364128f42a76f5ed9578dfe Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 12:56:59 +0100 Subject: [PATCH 27/29] travis update --- test/test.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/test/test.sh b/test/test.sh index 02eea821..2d5c5e39 100755 --- a/test/test.sh +++ b/test/test.sh @@ -373,11 +373,15 @@ $ECHO "$BLUE[*] Testing: unicorn_mode" test -d ../unicorn_mode/unicorn && { test -e ../unicorn_mode/samples/simple/simple_target.bin -a -e ../unicorn_mode/samples/compcov_x64/compcov_target.bin && { { + # travis workaround + PY=`which python2.7` + test "$PY" = "/opt/pyenv/shims/python2.7" -a -x /usr/bin/python2.7 && PY=/usr/bin/python2.7 mkdir -p in echo 0 > in/in + $ECHO "$GREY[*] Using python binary $PY" $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" { - ../afl-fuzz -V20 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V20 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" @@ -392,7 +396,7 @@ test -d ../unicorn_mode/unicorn && { $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V25 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" From 74f7576313d49f47d003e653d1b13e6da250b6f0 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 13:24:15 +0100 Subject: [PATCH 28/29] travis update --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6b718409..1481bf49 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,10 +9,11 @@ env: before_install: - sudo apt update - - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev libc++-8-dev + - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev libc++-8-dev libc++-7-dev script: - - which python2.7 + - gcc -v + - clang -v - make distrib - make tests - make clean From b17afc10a23cf87b3a0b8290491de4edd80c9c71 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 13:27:48 +0100 Subject: [PATCH 29/29] travis update --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 1481bf49..87b3ef04 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,7 +9,8 @@ env: before_install: - sudo apt update - - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev libc++-8-dev libc++-7-dev + - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev libc++-8-dev +# libc++-7-dev script: - gcc -v