add env info to afl-fuzz (please review!), small clarifications in docs/env_variables.md

2025-06-14 02:58:08 +00:00 · 2020-02-28 22:02:55 +01:00
parent 0b21441590
commit 6e08be1d0b
3 changed files with 53 additions and 8 deletions
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@ -223,12 +223,12 @@ checks or alter some of the more exotic semantics of the tool:
    for more.
  - Setting AFL_CUSTOM_MUTATOR_LIBRARY to a shared library with
-    afl_custom_mutator() export run additional mutations though this library.
+    afl_custom_mutator() creates additional mutations through this library.
    If AFL_CUSTOM_MUTATOR_ONLY is also set, all mutations will solely be
-    performed with/from the libary. see [custom_mutator.md](custom_mutator.md)
+    performed with/from the library. See [custom_mutator.md](custom_mutator.md)
-  - For AFL_PYTHON_MODULE and AFL_PYTHON_ONLY - they require to be compiled
+  - For AFL_PYTHON_MODULE and AFL_PYTHON_ONLY - they require afl-fuzz to
-    with -DUSE_PYTHON. Please see [python_mutators.md](python_mutators.md)
+    be compiled with -DUSE_PYTHON. Please see [python_mutators.md](python_mutators.md).
    This feature allows to configure custom mutators which can be very helpful
    in e.g. fuzzing XML or other highly flexible structured input.
@ -262,6 +262,12 @@ checks or alter some of the more exotic semantics of the tool:
  - Setting AFL_DEBUG_CHILD_OUTPUT will not suppress the child output.
    Not pretty but good for debugging purposes.
  - Setting AFL_NO_CPU_RED will not display very high cpu usages in red color.
  - Outdated environment variables are:
    AFL_DEFER_FORKSRV
    AFL_PERSISTENT
 ## 4) Settings for afl-qemu-trace
 The QEMU wrapper used to instrument binary-only code supports several settings:
@ -408,3 +414,4 @@ optimal values if not already present in the environment:
    Be sure to include the first one when customizing anything, since some
    MSAN versions don't call abort() on error, and we need a way to detect
    faults.
--- a/gcc_plugin/afl-gcc-pass.so.cc
+++ b/gcc_plugin/afl-gcc-pass.so.cc
@ -52,8 +52,8 @@
 #include "../config.h"
 #include "../include/debug.h"
-/* clear helper AFL types pulls in, which intervene with gcc-plugin geaders from
+/* clear helper macros AFL types pull in, which intervene with gcc-plugin 
- * GCC-8 */
+ * headers from GCC-8 */
 #ifdef likely
 #undef likely
 #endif
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -143,9 +143,47 @@ static void usage(u8* argv0) {
      "file\n"
      "  -C            - crash exploration mode (the peruvian rabbit thing)\n"
      "  -e ext        - File extension for the temporarily generated test "
-      "case\n\n",
+      "case\n\n"
-      argv0, EXEC_TIMEOUT, MEM_LIMIT);
+      "Environment variables used:\n"
      "AFL_PATH: path to AFL support binaries\n"
      "AFL_QUIET: suppress forkserver status messages\n"
      "AFL_DEBUG_CHILD_OUTPUT: do not suppress stdout/stderr from target\n"
      "LD_BIND_LAZY: do not set LD_BIND_NOW env var for target\n"
      "AFL_BENCH_JUST_ONE: run the target just once\n"
      "AFL_DUMB_FORKSRV: use fork server without feedback from target\n"
      "AFL_CUSTOM_MUTATOR_LIBRARY: lib with afl_custom_mutator() to mutate inputs\n"
      "AFL_CUSTOM_MUTATOR_ONLY: avoid AFL++'s internal mutators\n"
      "AFL_PYTHON_MODULE: mutate and trim inputs with the specified Python module\n"
      "AFL_PYTHON_ONLY: skip AFL++'s own mutators\n"
      "AFL_DEBUG: extra debugging output for Python mode trimming\n"
      "AFL_DISABLE_TRIM: disable the trimming of test cases\n"
      "AFL_NO_UI: switch status screen off\n"
      "AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n"
      "AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n"
      "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n"
      "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n"
      "AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n"
      "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n"
      "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n"
      "AFL_HANG_TMOUT: override timeout value (in milliseconds)\n"
      "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
      "AFL_TMPDIR: directory to use for input file generation (ramdisk recommended)\n"
      "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n"
      "AFL_NO_AFFINITY: do not check for an unused cpu core to use for fuzzing\n"
      "AFL_POST_LIBRARY: postprocess generated test cases before use as target input\n"
      "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n"
      "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: don't warn about core dump handlers\n"
      "ASAN_OPTIONS: custom settings for ASAN\n"
      "              (must contain abort_on_error=1 and symbolize=0)\n"
      "MSAN_OPTIONS: custom settings for MSAN\n"
      "              (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n"
      "AFL_SKIP_BIN_CHECK: skip the check, if the target is an excutable\n"
      "AFL_PERSISTENT: not supported anymore -> no effect, just a warning\n"
      "AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n"
      "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"
      "AFL_BENCH_UNTIL_CRASH: exit soon when the first crashing input has been found\n"
      , argv0, EXEC_TIMEOUT, MEM_LIMIT);
 #ifdef USE_PYTHON
  SAYF("Compiled with %s module support, see docs/python_mutators.md\n",