ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 20:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix afl-cmin* for old afl vanilla issue

Browse Source
This commit is contained in:
vanhauser-thc
2023-06-21 12:20:10 +02:00
parent 936b6dcb5d
commit 64b15a00f2
4 changed files with 39 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
afl-cmin
View File

@ -318,7 +318,9 @@ BEGIN {
if (!nyx_mode && target_bin && !exists_and_is_executable(target_bin)) { if (!nyx_mode && target_bin && !exists_and_is_executable(target_bin)) {
"command -v "target_bin" 2>/dev/null" | getline tnew cmd = "command -v "target_bin" 2>/dev/null"
cmd | getline tnew
close(cmd)
if (!tnew || !exists_and_is_executable(tnew)) { if (!tnew || !exists_and_is_executable(tnew)) {
print "[-] Error: binary '"target_bin"' not found or not executable." > "/dev/stderr" print "[-] Error: binary '"target_bin"' not found or not executable." > "/dev/stderr"
exit 1 exit 1
@ -330,6 +332,7 @@ BEGIN {
echo "[!] Trying to obtain the map size of the target ..." echo "[!] Trying to obtain the map size of the target ..."
get_map_size = "AFL_DUMP_MAP_SIZE=1 " target_bin get_map_size = "AFL_DUMP_MAP_SIZE=1 " target_bin
get_map_size | getline mapsize get_map_size | getline mapsize
close(get_map_size)
if (mapsize && mapsize > 65535 && mapsize < 100000000) { if (mapsize && mapsize > 65535 && mapsize < 100000000) {
AFL_MAP_SIZE = "AFL_MAP_SIZE="mapsize" " AFL_MAP_SIZE = "AFL_MAP_SIZE="mapsize" "
print "[+] Setting "AFL_MAP_SIZE print "[+] Setting "AFL_MAP_SIZE
@ -359,14 +362,18 @@ BEGIN {
system("rm -rf "trace_dir" 2>/dev/null"); system("rm -rf "trace_dir" 2>/dev/null");
system("rm "out_dir"/id[:_]* 2>/dev/null") system("rm "out_dir"/id[:_]* 2>/dev/null")
"ls "out_dir"/* 2>/dev/null | wc -l" | getline noofentries cmd = "ls "out_dir"/* 2>/dev/null | wc -l"
cmd | getline noofentries
close(cmd)
if (0 == system( "test -d "out_dir" -a "noofentries" -gt 0" )) { if (0 == system( "test -d "out_dir" -a "noofentries" -gt 0" )) {
print "[-] Error: directory '"out_dir"' exists and is not empty - delete it first." > "/dev/stderr" print "[-] Error: directory '"out_dir"' exists and is not empty - delete it first." > "/dev/stderr"
exit 1 exit 1
} }
if (threads) { if (threads) {
"nproc" | getline nproc cmd = "nproc"
cmd | getline nproc
close(cmd)
if (threads == "all") { if (threads == "all") {
threads = nproc threads = nproc
} else { } else {
@ -386,12 +393,14 @@ BEGIN {
if (stdin_file) { if (stdin_file) {
# truncate input file # truncate input file
printf "" > stdin_file printf "" > stdin_file
close( stdin_file ) close(stdin_file)
} }
# First we look in PATH # First we look in PATH
if (0 == system("command -v afl-showmap >/dev/null 2>&1")) { if (0 == system("command -v afl-showmap >/dev/null 2>&1")) {
"command -v afl-showmap 2>/dev/null" | getline showmap cmd = "command -v afl-showmap 2>/dev/null"
cmd | getline showmap
close(cmd)
} else { } else {
# then we look in the current directory # then we look in the current directory
if (0 == system("test -x ./afl-showmap")) { if (0 == system("test -x ./afl-showmap")) {
@ -413,7 +422,9 @@ BEGIN {
# yuck, gnu stat is option incompatible to bsd stat # yuck, gnu stat is option incompatible to bsd stat
# we use a heuristic to differentiate between # we use a heuristic to differentiate between
# GNU stat and other stats # GNU stat and other stats
"stat --version 2>/dev/null" | getline statversion cmd = "stat --version 2>/dev/null"
cmd | getline statversion
close(cmd)
if (statversion ~ /GNU coreutils/) { if (statversion ~ /GNU coreutils/) {
stat_format = "-c '%s %n'" # GNU stat_format = "-c '%s %n'" # GNU
} else { } else {
@ -432,6 +443,7 @@ BEGIN {
infilesSmallToBigFullMap[infilesSmallToBigFull[i]] = infilesSmallToBig[i] infilesSmallToBigFullMap[infilesSmallToBigFull[i]] = infilesSmallToBig[i]
i++ i++
} }
close(cmdline)
in_count = i in_count = i
first_file = infilesSmallToBigFull[0] first_file = infilesSmallToBigFull[0]
@ -468,6 +480,7 @@ BEGIN {
while ((getline < runtest) > 0) { while ((getline < runtest) > 0) {
++first_count ++first_count
} }
close(runtest)
if (first_count) { if (first_count) {
print "[+] OK, "first_count" tuples recorded." print "[+] OK, "first_count" tuples recorded."
@ -582,6 +595,15 @@ BEGIN {
else { print " Processing file "cur"/"in_count } else { print " Processing file "cur"/"in_count }
# create path for the trace file from afl-showmap # create path for the trace file from afl-showmap
tracefile_path = trace_dir"/"fn tracefile_path = trace_dir"/"fn
# ensure the file size is not zero
cmd = "du -b "tracefile_path
"ls -l "tracefile_path
cmd | getline output
close(cmd)
split(output, result, "\t")
if (result[1] == 0) {
print "[!] WARNING: file "fn" is crashing the target, ignoring..."
}
# gather all keys, and count them # gather all keys, and count them
while ((getline line < tracefile_path) > 0) { while ((getline line < tracefile_path) > 0) {
key = line key = line
@ -643,6 +665,7 @@ BEGIN {
} }
} }
close(sortedKeys) close(sortedKeys)
print ""
print "[+] Found "tuple_count" unique tuples across "in_count" files." print "[+] Found "tuple_count" unique tuples across "in_count" files."
if (out_count == 1) { if (out_count == 1) {

4
afl-cmin.bash
View File

@ -479,7 +479,7 @@ else
echo "[+] all $THREADS running tasks completed." echo "[+] all $THREADS running tasks completed."
rm -f ${TMPFILE}* rm -f ${TMPFILE}*
echo trace dir files: $(ls $TRACE_DIR/*|wc -l) #echo trace dir files: $(ls $TRACE_DIR/*|wc -l)
fi fi
@ -523,6 +523,8 @@ ls -rS "$IN_DIR" | while read -r fn; do
sed "s#\$# $fn#" "$TRACE_DIR/$fn" >>"$TRACE_DIR/.candidate_list" sed "s#\$# $fn#" "$TRACE_DIR/$fn" >>"$TRACE_DIR/.candidate_list"
test -s "$TRACE_DIR/$fn" || echo Warning: $fn is ignored because of crashing the target
done done
echo echo

4
docs/Changelog.md
View File

@ -14,6 +14,10 @@
command line tool! See custom_mutators/aflpp/standalone/ command line tool! See custom_mutators/aflpp/standalone/
- display the state of the fuzzing run in the UI :-) - display the state of the fuzzing run in the UI :-)
- fix timeout setting if '+' is used or a session is restarted - fix timeout setting if '+' is used or a session is restarted
- afl-cmin/afl-cmin.bash:
- fixed a bug inherited from vanilla AFL where a coverage of
map[123] = 11 would be the same as map[1123] = 1
- warn on crashing inputs
### Version ++4.07c (release) ### Version ++4.07c (release)

5
src/afl-showmap.c
View File

@ -243,7 +243,8 @@ static void analyze_results(afl_forkserver_t *fsrv) {
total += fsrv->trace_bits[i]; total += fsrv->trace_bits[i];
if (fsrv->trace_bits[i] > highest) highest = fsrv->trace_bits[i]; if (fsrv->trace_bits[i] > highest) highest = fsrv->trace_bits[i];
if (!coverage_map[i]) { coverage_map[i] = 1; } // if (!coverage_map[i]) { coverage_map[i] = 1; }
coverage_map[i] |= fsrv->trace_bits[i];
} }
@ -328,7 +329,7 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) {
if (cmin_mode) { if (cmin_mode) {
fprintf(f, "%u%u\n", fsrv->trace_bits[i], i); fprintf(f, "%u%03u\n", i, fsrv->trace_bits[i]);
} else { } else {