test unicorn && AFL_DISABLE_TRIM env var

2025-06-14 02:58:08 +00:00 · 2019-11-05 18:39:16 +01:00
parent c11b8883e0
commit 73cb587266
8 changed files with 10 additions and 6 deletions
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -315,7 +315,8 @@ extern u8 skip_deterministic,           /* Skip deterministic stages?       */
    deferred_mode,                      /* Deferred forkserver mode?        */
    fixed_seed,                         /* do not reseed                    */
    fast_cal,                           /* Try to calibrate faster?         */
-    uses_asan;                          /* Target uses ASAN?                */
+    uses_asan,                          /* Target uses ASAN?                */
+    disable_trim;                       /* Never trim in fuzz_one           */

 extern s32 out_fd,                      /* Persistent fd for out_file       */
 #ifndef HAVE_ARC4RANDOM
--- a/src/afl-fuzz-globals.c
+++ b/src/afl-fuzz-globals.c
@ -122,7 +122,8 @@ u8 skip_deterministic,                  /* Skip deterministic stages?       */
    deferred_mode,                      /* Deferred forkserver mode?        */
    fixed_seed,                         /* do not reseed                    */
    fast_cal,                           /* Try to calibrate faster?         */
-    uses_asan;                          /* Target uses ASAN?                */
+    uses_asan,                          /* Target uses ASAN?                */
+    disable_trim;                       /* Never trim in fuzz_one           */

 s32 out_fd,                             /* Persistent fd for out_file       */
 #ifndef HAVE_ARC4RANDOM
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@ -449,7 +449,7 @@ u8 fuzz_one_original(char** argv) {
   * TRIMMING *
   ************/

-  if (!dumb_mode && !queue_cur->trim_done && !custom_mutator) {
+  if (!dumb_mode && !queue_cur->trim_done && !custom_mutator && !disable_trim) {

    u8 res = trim_case(argv, queue_cur, in_buf);

--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -551,6 +551,9 @@ int main(int argc, char** argv) {

  }

+  if (getenv("AFL_DISABLE_TRIM"))
+    disable_trim = 1;
+
  if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI"))
    FATAL("AFL_NO_UI and AFL_FORCE_UI are mutually exclusive");

--- a/test/test.sh
+++ b/test/test.sh
@ -485,6 +485,7 @@ test -d ../unicorn_mode/unicorn && {
      }
      rm -f errors

+      echo -e '\xbf' > in/in
      $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds"
      {
        export AFL_COMPCOV_LEVEL=2
--- a/unicorn_mode/samples/compcov_x64/compcov_target.bin
+++ b/unicorn_mode/samples/compcov_x64/compcov_target.bin
--- a/unicorn_mode/samples/compcov_x64/compcov_target.c
+++ b/unicorn_mode/samples/compcov_x64/compcov_target.c
@ -16,11 +16,9 @@
 int main(void) {
  unsigned int *data_buf = (unsigned int *) DATA_ADDRESS;

-  if (data_buf[0] == 0xabadcafe) {
-    // Cause an 'invalid read' crash if data[0..3] == '\x01\x02\x03\x04'
+  if (((unsigned short*)data_buf)[0] == 0xaabb) {
    unsigned char invalid_read = *(unsigned char *) 0x00000000;
  } else if (data_buf[1] == data_buf[2] + 0x4141) {
-    // Cause an 'invalid read' crash if (0x10 < data[0] < 0x20) and data[1] > data[2]
    unsigned char invalid_read = *(unsigned char *) 0x00000000;
  }

--- a/unicorn_mode/samples/compcov_x64/compcov_target.elf
+++ b/unicorn_mode/samples/compcov_x64/compcov_target.elf