ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

shmem map size in config.h

Browse Source
This commit is contained in:
vanhauser-thc
2021-03-17 10:26:02 +01:00
parent a7797f0cb9
commit 5e2a5f1110
5 changed files with 60 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
include/config.h
View File

@ -34,6 +34,15 @@
* * * *
******************************************************/ ******************************************************/
/* Default shared memory map size. Most targets just need a coverage map
between 20-250kb. Plus there is an auto-detection feature in afl-fuzz.
However if a target has problematic constructors and init arrays then
this can fail. Hence afl-fuzz deploys a larger default map. The largest
map seen so far is the xlsx fuzzer for libreoffice which is 5MB.
At runtime this value can be overriden via AFL_MAP_SIZE.
Default: 8MB (defined in bytes) */
#define DEFAULT_SHMEM_SIZE (8 * 1024 * 1024)
/* CMPLOG/REDQUEEN TUNING /* CMPLOG/REDQUEEN TUNING
* *
* Here you can modify tuning and solving options for CMPLOG. * Here you can modify tuning and solving options for CMPLOG.

6
instrumentation/afl-compiler-rt.o.c
View File

@ -1774,14 +1774,14 @@ void __cmplog_rtn_hook(u8 *ptr1, u8 *ptr2) {
*/ */
if (unlikely(!__afl_cmp_map)) return; if (unlikely(!__afl_cmp_map)) return;
//fprintf(stderr, "RTN1 %p %p\n", ptr1, ptr2); // fprintf(stderr, "RTN1 %p %p\n", ptr1, ptr2);
int l1, l2; int l1, l2;
if ((l1 = area_is_valid(ptr1, 32)) <= 0 || if ((l1 = area_is_valid(ptr1, 32)) <= 0 ||
(l2 = area_is_valid(ptr2, 32)) <= 0) (l2 = area_is_valid(ptr2, 32)) <= 0)
return; return;
int len = MIN(l1, l2); int len = MIN(l1, l2);
//fprintf(stderr, "RTN2 %u\n", len); // fprintf(stderr, "RTN2 %u\n", len);
uintptr_t k = (uintptr_t)__builtin_return_address(0); uintptr_t k = (uintptr_t)__builtin_return_address(0);
k = (k >> 4) ^ (k << 8); k = (k >> 4) ^ (k << 8);
k &= CMP_MAP_W - 1; k &= CMP_MAP_W - 1;
@ -1812,7 +1812,7 @@ void __cmplog_rtn_hook(u8 *ptr1, u8 *ptr2) {
ptr1, len); ptr1, len);
__builtin_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1, __builtin_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1,
ptr2, len); ptr2, len);
//fprintf(stderr, "RTN3\n"); // fprintf(stderr, "RTN3\n");
} }

62
src/afl-cc.c
View File

@ -959,63 +959,63 @@ static void edit_params(u32 argc, char **argv, char **envp) {
if (compiler_mode != GCC && compiler_mode != CLANG) { if (compiler_mode != GCC && compiler_mode != CLANG) {
switch (bit_mode) { switch (bit_mode) {
case 0: case 0:
if (!shared_linking) if (!shared_linking)
cc_params[cc_par_cnt++] = cc_params[cc_par_cnt++] =
alloc_printf("%s/afl-compiler-rt.o", obj_path); alloc_printf("%s/afl-compiler-rt.o", obj_path);
if (lto_mode) if (lto_mode)
cc_params[cc_par_cnt++] = cc_params[cc_par_cnt++] =
alloc_printf("%s/afl-llvm-rt-lto.o", obj_path); alloc_printf("%s/afl-llvm-rt-lto.o", obj_path);
break; break;
case 32: case 32:
if (!shared_linking) if (!shared_linking)
cc_params[cc_par_cnt++] = cc_params[cc_par_cnt++] =
alloc_printf("%s/afl-compiler-rt-32.o", obj_path); alloc_printf("%s/afl-compiler-rt-32.o", obj_path);
if (access(cc_params[cc_par_cnt - 1], R_OK))
FATAL("-m32 is not supported by your compiler");
if (lto_mode) {
cc_params[cc_par_cnt++] =
alloc_printf("%s/afl-llvm-rt-lto-32.o", obj_path);
if (access(cc_params[cc_par_cnt - 1], R_OK)) if (access(cc_params[cc_par_cnt - 1], R_OK))
FATAL("-m32 is not supported by your compiler"); FATAL("-m32 is not supported by your compiler");
if (lto_mode) {
cc_params[cc_par_cnt++] = }
alloc_printf("%s/afl-llvm-rt-lto-32.o", obj_path);
if (access(cc_params[cc_par_cnt - 1], R_OK))
FATAL("-m32 is not supported by your compiler");
} break;
break; case 64:
if (!shared_linking)
case 64:
if (!shared_linking)
cc_params[cc_par_cnt++] = cc_params[cc_par_cnt++] =
alloc_printf("%s/afl-compiler-rt-64.o", obj_path); alloc_printf("%s/afl-compiler-rt-64.o", obj_path);
if (access(cc_params[cc_par_cnt - 1], R_OK))
FATAL("-m64 is not supported by your compiler");
if (lto_mode) {
cc_params[cc_par_cnt++] =
alloc_printf("%s/afl-llvm-rt-lto-64.o", obj_path);
if (access(cc_params[cc_par_cnt - 1], R_OK)) if (access(cc_params[cc_par_cnt - 1], R_OK))
FATAL("-m64 is not supported by your compiler"); FATAL("-m64 is not supported by your compiler");
if (lto_mode) {
cc_params[cc_par_cnt++] = }
alloc_printf("%s/afl-llvm-rt-lto-64.o", obj_path);
if (access(cc_params[cc_par_cnt - 1], R_OK))
FATAL("-m64 is not supported by your compiler");
} break;
break; }
}
#if !defined(__APPLE__) && !defined(__sun) #if !defined(__APPLE__) && !defined(__sun)
if (!shared_linking) if (!shared_linking)
cc_params[cc_par_cnt++] = cc_params[cc_par_cnt++] =
alloc_printf("-Wl,--dynamic-list=%s/dynamic_list.txt", obj_path); alloc_printf("-Wl,--dynamic-list=%s/dynamic_list.txt", obj_path);
#endif #endif
} }
#if defined(USEMMAP) && !defined(__HAIKU__) #if defined(USEMMAP) && !defined(__HAIKU__)
cc_params[cc_par_cnt++] = "-lrt"; cc_params[cc_par_cnt++] = "-lrt";
#endif #endif
#endif #endif

2
src/afl-common.c
View File

@ -1072,7 +1072,7 @@ u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms) {
/* Reads the map size from ENV */ /* Reads the map size from ENV */
u32 get_map_size(void) { u32 get_map_size(void) {
uint32_t map_size = 8000000; // a very large default map uint32_t map_size = DEFAULT_SHMEM_SIZE;
char * ptr; char * ptr;
if ((ptr = getenv("AFL_MAP_SIZE")) || (ptr = getenv("AFL_MAPSIZE"))) { if ((ptr = getenv("AFL_MAP_SIZE")) || (ptr = getenv("AFL_MAPSIZE"))) {

24
src/afl-fuzz.c
View File

@ -1527,11 +1527,13 @@ int main(int argc, char **argv_orig, char **envp) {
if (!afl->non_instrumented_mode && !afl->fsrv.qemu_mode && if (!afl->non_instrumented_mode && !afl->fsrv.qemu_mode &&
!afl->unicorn_mode) { !afl->unicorn_mode) {
if (map_size <= 8000000 && !afl->non_instrumented_mode && if (map_size <= DEFAULT_SHMEM_SIZE && !afl->non_instrumented_mode &&
!afl->fsrv.qemu_mode && !afl->unicorn_mode) { !afl->fsrv.qemu_mode && !afl->unicorn_mode) {
afl->fsrv.map_size = 8000000; // dummy temporary value afl->fsrv.map_size = DEFAULT_SHMEM_SIZE; // dummy temporary value
setenv("AFL_MAP_SIZE", "8000000", 1); char vbuf[16];
snprintf(vbuf, sizeof(vbuf), "%u", DEFAULT_SHMEM_SIZE);
setenv("AFL_MAP_SIZE", vbuf, 1);
} }
@ -1582,11 +1584,13 @@ int main(int argc, char **argv_orig, char **envp) {
afl->cmplog_fsrv.cmplog_binary = afl->cmplog_binary; afl->cmplog_fsrv.cmplog_binary = afl->cmplog_binary;
afl->cmplog_fsrv.init_child_func = cmplog_exec_child; afl->cmplog_fsrv.init_child_func = cmplog_exec_child;
if (map_size <= 8000000 && !afl->non_instrumented_mode && if (map_size <= DEFAULT_SHMEM_SIZE && !afl->non_instrumented_mode &&
!afl->fsrv.qemu_mode && !afl->unicorn_mode) { !afl->fsrv.qemu_mode && !afl->unicorn_mode) {
afl->cmplog_fsrv.map_size = 8000000; // dummy temporary value afl->fsrv.map_size = DEFAULT_SHMEM_SIZE; // dummy temporary value
setenv("AFL_MAP_SIZE", "8000000", 1); char vbuf[16];
snprintf(vbuf, sizeof(vbuf), "%u", DEFAULT_SHMEM_SIZE);
setenv("AFL_MAP_SIZE", vbuf, 1);
} }
@ -1634,8 +1638,12 @@ int main(int argc, char **argv_orig, char **envp) {
} }
if (afl->debug) { if (afl->debug) {
printf("NORMAL %u, CMPLOG %u\n", afl->fsrv.map_size, afl->cmplog_fsrv.map_size);
fprintf(stderr, "NORMAL %u, CMPLOG %u\n", afl->fsrv.map_size, afl->cmplog_fsrv.map_size); printf("NORMAL %u, CMPLOG %u\n", afl->fsrv.map_size,
afl->cmplog_fsrv.map_size);
fprintf(stderr, "NORMAL %u, CMPLOG %u\n", afl->fsrv.map_size,
afl->cmplog_fsrv.map_size);
} }
load_auto(afl); load_auto(afl);