Android PR integration

2025-06-13 18:48:08 +00:00 · 2019-11-11 23:50:31 +01:00
parent 613ab3ba2a
commit 760d4991f3
11 changed files with 33 additions and 26 deletions
--- a/2
+++ b/2
@ -61,7 +61,7 @@ fi
 CUR_TIME=`date +%s`
-TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1
+TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1
 ALIVE_CNT=0
 DEAD_CNT=0
--- a/docs/ChangeLog
+++ b/docs/ChangeLog
@ -27,6 +27,7 @@ Version ++2.58d (dev):
  - ripped regex.dictionary from Google afl PR
  - qemu and unicorn download scripts now try to download until the full
    download succeeded. f*ckin travis fails downloading 40% of the time!
  - added the few Android stuff we didnt have already from Google afl repository
  - removed unnecessary warnings
  - added the radamsa stage
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -552,7 +552,7 @@ u8   has_new_bits(u8*);
 u32  count_bits(u8*);
 u32  count_bytes(u8*);
 u32  count_non_255_bytes(u8*);
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
 void simplify_trace(u64*);
 void classify_counts(u64*);
 #else
--- a/include/android-ashmem.h
+++ b/include/android-ashmem.h
@ -63,7 +63,7 @@ static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) {
 }
 static inline int shmget(key_t __key, size_t __size, int __shmflg) {
-
+  (void) __shmflg;
  int  fd, ret;
  char ourkey[11];
@ -86,7 +86,7 @@ error:
 }
 static inline void *shmat(int __shmid, const void *__shmaddr, int __shmflg) {
-
+  (void) __shmflg;
  int   size;
  void *ptr;
--- a/include/config.h
+++ b/include/config.h
@ -52,13 +52,18 @@
 #define EXEC_TM_ROUND 20
 /* 64bit arch MACRO */
 #if (defined (__x86_64__) || defined (__arm64__) || defined (__aarch64__))
 #define WORD_SIZE_64 1
 #endif
 /* Default memory limit for child process (MB): */
-#ifndef __x86_64__
+#ifndef WORD_SIZE_64
 #define MEM_LIMIT 25
 #else
 #define MEM_LIMIT 50
-#endif                                                      /* ^!__x86_64__ */
+#endif                                                      /* ^!WORD_SIZE_64 */
 /* Default memory limit when running in QEMU mode (MB): */
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@ -205,6 +205,7 @@ static void edit_params(u32 argc, char** argv) {
    u8* cur = *(++argv);
    if (!strcmp(cur, "-m32")) bit_mode = 32;
    if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32;
    if (!strcmp(cur, "-m64")) bit_mode = 64;
    if (!strcmp(cur, "-x")) x_set = 1;
--- a/src/afl-as.c
+++ b/src/afl-as.c
@ -71,7 +71,7 @@ static u32 inst_ratio = 100,        /* Instrumentation probability (%)      */
   instrumentation for whichever mode we were compiled with. This is not
   perfect, but should do the trick for almost all use cases. */
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
 static u8 use_64bit = 1;
@ -83,7 +83,7 @@ static u8 use_64bit = 0;
 #error "Sorry, 32-bit Apple platforms are not supported."
 #endif                                                         /* __APPLE__ */
-#endif                                                       /* ^__x86_64__ */
+#endif                                                       /* ^WORD_SIZE_64 */
 /* Examine and modify parameters to pass to 'as'. Note that the file name
   is always the last parameter passed by GCC, so we exploit this property
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@ -73,7 +73,7 @@ void read_bitmap(u8* fname) {
 u8 has_new_bits(u8* virgin_map) {
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
  u64* current = (u64*)trace_bits;
  u64* virgin = (u64*)virgin_map;
@ -87,7 +87,7 @@ u8 has_new_bits(u8* virgin_map) {
  u32 i = (MAP_SIZE >> 2);
-#endif                                                       /* ^__x86_64__ */
+#endif                                                       /* ^WORD_SIZE_64 */
  u8 ret = 0;
@ -107,7 +107,7 @@ u8 has_new_bits(u8* virgin_map) {
        /* Looks like we have not found any new bytes yet; see if any non-zero
           bytes in current[] are pristine in virgin[]. */
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
        if ((cur[0] && vir[0] == 0xff) || (cur[1] && vir[1] == 0xff) ||
            (cur[2] && vir[2] == 0xff) || (cur[3] && vir[3] == 0xff) ||
@ -125,7 +125,7 @@ u8 has_new_bits(u8* virgin_map) {
        else
          ret = 1;
-#endif                                                       /* ^__x86_64__ */
+#endif                                                       /* ^WORD_SIZE_64 */
      }
@ -244,7 +244,7 @@ const u8 simplify_lookup[256] = {
 };
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
 void simplify_trace(u64* mem) {
@ -306,7 +306,7 @@ void simplify_trace(u32* mem) {
 }
-#endif                                                       /* ^__x86_64__ */
+#endif                                                       /* ^WORD_SIZE_64 */
 /* Destructively classify execution counts in a trace. This is used as a
   preprocessing step for any newly acquired traces. Called on every exec,
@ -339,7 +339,7 @@ void init_count_class16(void) {
 }
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
 void classify_counts(u64* mem) {
@ -391,7 +391,7 @@ void classify_counts(u32* mem) {
 }
-#endif                                                       /* ^__x86_64__ */
+#endif                                                       /* ^WORD_SIZE_64 */
 /* Compact trace bytes into a smaller bitmap. We effectively just drop the
   count information here. This is called only sporadically, for some
@ -595,11 +595,11 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) {
      if (!dumb_mode) {
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
        simplify_trace((u64*)trace_bits);
 #else
        simplify_trace((u32*)trace_bits);
-#endif                                                       /* ^__x86_64__ */
+#endif                                                       /* ^WORD_SIZE_64 */
        if (!has_new_bits(virgin_tmout)) return keeping;
@ -658,11 +658,11 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) {
      if (!dumb_mode) {
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
        simplify_trace((u64*)trace_bits);
 #else
        simplify_trace((u32*)trace_bits);
-#endif                                                       /* ^__x86_64__ */
+#endif                                                       /* ^WORD_SIZE_64 */
        if (!has_new_bits(virgin_crash)) return keeping;
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@ -221,11 +221,11 @@ u8 run_target(char** argv, u32 timeout) {
  tb4 = *(u32*)trace_bits;
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
  classify_counts((u64*)trace_bits);
 #else
  classify_counts((u32*)trace_bits);
-#endif                                                       /* ^__x86_64__ */
+#endif                                                       /* ^WORD_SIZE_64 */
  prev_timed_out = child_timed_out;
--- a/src/afl-gcc.c
+++ b/src/afl-gcc.c
@ -121,7 +121,7 @@ static void edit_params(u32 argc, char** argv) {
  u8  fortify_set = 0, asan_set = 0;
  u8* name;
-#if defined(__FreeBSD__) && defined(__x86_64__)
+#if defined(__FreeBSD__) && defined(WORD_SIZE_64)
  u8 m32_set = 0;
 #endif
@ -228,7 +228,7 @@ static void edit_params(u32 argc, char** argv) {
    if (!strcmp(cur, "-pipe")) continue;
-#if defined(__FreeBSD__) && defined(__x86_64__)
+#if defined(__FreeBSD__) && defined(WORD_SIZE_64)
    if (!strcmp(cur, "-m32")) m32_set = 1;
 #endif
@ -288,7 +288,7 @@ static void edit_params(u32 argc, char** argv) {
  if (!getenv("AFL_DONT_OPTIMIZE")) {
-#if defined(__FreeBSD__) && defined(__x86_64__)
+#if defined(__FreeBSD__) && defined(WORD_SIZE_64)
    /* On 64-bit FreeBSD systems, clang -g -m32 is broken, but -m32 itself
       works OK. This has nothing to do with us, but let's avoid triggering
--- a/src/afl-gotcpu.c
+++ b/src/afl-gotcpu.c
@ -204,7 +204,7 @@ int main(int argc, char** argv) {
 #if defined(__linux__)
      if (sched_setaffinity(0, sizeof(c), &c))
-        PFATAL("sched_setaffinity failed");
+        PFATAL("sched_setaffinity failed for cpu %d", i);
 #endif
      util_perc = measure_preemption(CTEST_CORE_TRG_MS);