more changes to fuzzer_setup

2025-06-16 03:48:08 +00:00 · 2020-09-04 17:04:42 +02:00
parent fc19aa96f7
commit 6c715f1a69
6 changed files with 86 additions and 38 deletions
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -15,7 +15,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
    https://github.com/AFLplusplus/Grammar-Mutator
  - a few QOL changes for Apple and its outdated gmake
  - afl-fuzz:
-    - Fix for auto dictionary entries found during fuzzing to not throw out
+    - fix for auto dictionary entries found during fuzzing to not throw out
      a -x dictionary
    - added total execs done to plot file
    - AFL_MAX_DET_EXTRAS env variable added to control the amount of
@ -25,11 +25,13 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
      timeout.
    - bugfix for cmplog that results in a heap overflow based on target data
      (thanks to the magma team for reporting!)
+    - write fuzzing setup into out/fuzzer_setup (environment variables and
+      command line)
  - custom mutators:
    - added afl_custom_fuzz_count/fuzz_count function to allow specifying
      the number of fuzz attempts for custom_fuzz
  - llvm_mode:
-    - Ported SanCov to LTO, and made it the default for LTO. better
+    - ported SanCov to LTO, and made it the default for LTO. better
      instrumentation locations
    - Further llvm 12 support (fast moving target like afl++ :-) )
    - deprecated LLVM SKIPSINGLEBLOCK env environment
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -945,7 +945,7 @@ void destroy_extras(afl_state_t *);

 /* Stats */

-void write_fuzzer_config_file(afl_state_t *);
+void write_setup_file(afl_state_t *, int, char **);
 void write_stats_file(afl_state_t *, double, double, double);
 void maybe_update_plot_file(afl_state_t *, double, double);
 void show_stats(afl_state_t *);
--- a/include/common.h
+++ b/include/common.h
@ -110,5 +110,11 @@ u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms);
 /* Reads the map size from ENV */
 u32 get_map_size(void);

+/* create a stream file */
+FILE *create_ffile(u8 *fn);
+
+/* create a file */
+s32 create_file(u8 *fn);
+
 #endif

--- a/src/afl-common.c
+++ b/src/afl-common.c
@ -877,3 +877,36 @@ u32 get_map_size(void) {

 }

+/* Create a stream file */
+
+FILE *create_ffile(u8 *fn) {
+
+  s32   fd;
+  FILE *f;
+
+  fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+
+  if (fd < 0) { PFATAL("Unable to create '%s'", fn); }
+
+  f = fdopen(fd, "w");
+
+  if (!f) { PFATAL("fdopen() failed"); }
+
+  return f;
+
+}
+
+/* Create a file */
+
+s32 create_file(u8 *fn) {
+
+  s32 fd;
+
+  fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+
+  if (fd < 0) { PFATAL("Unable to create '%s'", fn); }
+
+  return fd;
+
+}
+
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@ -27,41 +27,20 @@
 #include "envs.h"
 #include <limits.h>

-/* Open file for writing */
-
-inline FILE *open_file(const char *fn) {
-
-  s32   fd;
-  FILE *f;
-
-  fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600);
-
-  if (fd < 0) { PFATAL("Unable to create '%s'", fn); }
-
-  f = fdopen(fd, "w");
-
-  if (!f) { PFATAL("fdopen() failed"); }
-
-  return f;
-
-}
-
 /* Write fuzzer setup file */

-void write_fuzzer_config_file(afl_state_t *afl) {
-
-  u8    fn[PATH_MAX];
-  FILE *f;
-
-  snprintf(fn, PATH_MAX, "%s/fuzzer_config", afl->out_dir);
-  f = open_file(fn);
+void write_setup_file(afl_state_t *afl, int argc, char **argv) {

  char *val;
+  u8    fn[PATH_MAX];
+  snprintf(fn, PATH_MAX, "%s/fuzzer_setup", afl->out_dir);
+  FILE *f = create_ffile(fn);

-  uint32_t s_afl_env =
+  fprintf(f, "# environment variables:\n");
+  u32 s_afl_env =
      sizeof(afl_environment_variables) / sizeof(afl_environment_variables[0]) -
      1;
-  for (uint32_t i = 0; i < s_afl_env; i++) {
+  for (u32 i = 0; i < s_afl_env; i++) {

    if ((val = getenv(afl_environment_variables[i])) != NULL) {

@ -71,7 +50,34 @@ void write_fuzzer_config_file(afl_state_t *afl) {

  }

+  fprintf(f, "# command line:\n");
+
+  s32    i;
+  size_t j;
+  for (i = 0; i < argc; i++) {
+
+    if (i) fprintf(f, " ");
+    if (index(argv[i], '\'')) {
+
+      fprintf(f, "'");
+      for (j = 0; j < strlen(argv[i]); j++)
+        if (argv[i][j] == '\'')
+          fprintf(f, "'\"'\"'");
+        else
+          fprintf(f, "%c", argv[i][j]);
+      fprintf(f, "'");
+
+    } else {
+
+      fprintf(f, "'%s'", argv[i]);
+
+    }
+
+  }
+  fprintf(f, "\n");
+
  fclose(f);
+  (void)(afl_environment_deprecated);

 }

@ -84,13 +90,13 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
  struct rusage rus;
 #endif

-  unsigned long long int cur_time = get_cur_time();
+  u64   cur_time = get_cur_time();
  u32   t_bytes = count_non_255_bytes(afl, afl->virgin_bits);
  u8    fn[PATH_MAX];
  FILE *f;

  snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir);
-  f = open_file(fn);
+  f = create_ffile(fn);

  /* Keep last values in case we're called from another context
     where exec/sec stats and such are not readily available. */
@ -209,7 +215,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,

  if (afl->debug) {

-    uint32_t i = 0;
+    u32 i = 0;
    fprintf(f, "virgin_bytes     :");
    for (i = 0; i < afl->fsrv.map_size; i++) {

--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -1128,6 +1128,8 @@ int main(int argc, char **argv_orig, char **envp) {

  setup_custom_mutators(afl);

+  write_setup_file(afl, argc, argv);
+
  setup_cmdline_file(afl, argv + optind);

  read_testcases(afl);
@ -1274,7 +1276,6 @@ int main(int argc, char **argv_orig, char **envp) {

  seek_to = find_start_position(afl);

-  write_fuzzer_config_file(afl);
  write_stats_file(afl, 0, 0, 0);
  maybe_update_plot_file(afl, 0, 0);
  save_auto(afl);