ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 11:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
vanhauser-thc
2021-03-06 23:01:13 +01:00
parent 99b4c3f362
commit 7f062524c9
4 changed files with 36 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/envs.h
View File

@ -123,7 +123,7 @@ static char *afl_environment_variables[] = {
"AFL_MAX_DET_EXTRAS", "AFL_MAX_DET_EXTRAS",
"AFL_PATH", "AFL_PATH",
"AFL_PERFORMANCE_FILE", "AFL_PERFORMANCE_FILE",
"AFL_PERSISTEN_REPLAY", "AFL_PERSISTENT_RECORD",
"AFL_PRELOAD", "AFL_PRELOAD",
"AFL_PYTHON_MODULE", "AFL_PYTHON_MODULE",
"AFL_QEMU_COMPCOV", "AFL_QEMU_COMPCOV",

2
include/forkserver.h
View File

@ -100,7 +100,7 @@ typedef struct afl_forkserver {
u32 persistent_record_cnt; /* persistent replay counter */ u32 persistent_record_cnt; /* persistent replay counter */
u8 * persistent_record_dir; u8 * persistent_record_dir;
u8 ** persistent_record_data; u8 ** persistent_record_data;
u32 **persistent_record_len; u32 * persistent_record_len;
s32 persistent_record_pid; s32 persistent_record_pid;
/* Function to kick off the forkserver child */ /* Function to kick off the forkserver child */

14
src/afl-forkserver.c
View File

@ -370,7 +370,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
fsrv->persistent_record_data = fsrv->persistent_record_data =
(u8 **)ck_alloc(fsrv->persistent_record * sizeof(u8 *)); (u8 **)ck_alloc(fsrv->persistent_record * sizeof(u8 *));
fsrv->persistent_record_len = fsrv->persistent_record_len =
(u32 **)ck_alloc(fsrv->persistent_record * sizeof(u32)); (u32 *)ck_alloc(fsrv->persistent_record * sizeof(u32));
if (!fsrv->persistent_record_data || !fsrv->persistent_record_len) { if (!fsrv->persistent_record_data || !fsrv->persistent_record_len) {
@ -1016,7 +1016,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
if (unlikely(fsrv->persistent_record)) { if (unlikely(fsrv->persistent_record)) {
*fsrv->persistent_record_len[fsrv->persistent_record_idx] = len; fsrv->persistent_record_len[fsrv->persistent_record_idx] = len;
fsrv->persistent_record_data[fsrv->persistent_record_idx] = afl_realloc( fsrv->persistent_record_data[fsrv->persistent_record_idx] = afl_realloc(
(void **)&fsrv->persistent_record_data[fsrv->persistent_record_idx], (void **)&fsrv->persistent_record_data[fsrv->persistent_record_idx],
len); len);
@ -1159,10 +1159,10 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
idx = fsrv->persistent_record - 1; idx = fsrv->persistent_record - 1;
else else
idx = fsrv->persistent_record_idx - 1; idx = fsrv->persistent_record_idx - 1;
val = *fsrv->persistent_record_len[idx]; val = fsrv->persistent_record_len[idx];
memset((void *)fsrv->persistent_record_len, 0, memset((void *)fsrv->persistent_record_len, 0,
fsrv->persistent_record * sizeof(u32)); fsrv->persistent_record * sizeof(u32));
*fsrv->persistent_record_len[idx] = val; fsrv->persistent_record_len[idx] = val;
} }
@ -1272,8 +1272,8 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
u32 entry = (i + fsrv->persistent_record_idx) % fsrv->persistent_record; u32 entry = (i + fsrv->persistent_record_idx) % fsrv->persistent_record;
u8 *data = fsrv->persistent_record_data[entry]; u8 *data = fsrv->persistent_record_data[entry];
u32 *len = fsrv->persistent_record_len[entry]; u32 len = fsrv->persistent_record_len[entry];
if (likely(len && *len && data)) { if (likely(len && data)) {
snprintf(fn, sizeof(fn), "%s/RECORD:%06u,cnt:%06u", snprintf(fn, sizeof(fn), "%s/RECORD:%06u,cnt:%06u",
fsrv->persistent_record_dir, fsrv->persistent_record_cnt, fsrv->persistent_record_dir, fsrv->persistent_record_cnt,
@ -1281,7 +1281,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
int fd = open(fn, O_WRONLY, 0644); int fd = open(fn, O_WRONLY, 0644);
if (fd >= 0) { if (fd >= 0) {
ck_write(fd, data, *len, fn); ck_write(fd, data, len, fn);
close(fd); close(fd);
} }

50
src/afl-fuzz.c
View File

@ -986,6 +986,21 @@ int main(int argc, char **argv_orig, char **envp) {
} }
if (unlikely(afl->afl_env.afl_persistent_record)) {
afl->fsrv.persistent_record = atoi(afl->afl_env.afl_persistent_record);
afl->fsrv.persistent_record_dir = alloc_printf("%s/crashes", afl->out_dir);
if (afl->fsrv.persistent_record < 2) {
FATAL(
"AFL_PERSISTENT_RECORD value must be be at least 2, recommended is "
"100 or 1000.");
}
}
if (afl->fsrv.qemu_mode && getenv("AFL_USE_QASAN")) { if (afl->fsrv.qemu_mode && getenv("AFL_USE_QASAN")) {
u8 *preload = getenv("AFL_PRELOAD"); u8 *preload = getenv("AFL_PRELOAD");
@ -1239,29 +1254,6 @@ int main(int argc, char **argv_orig, char **envp) {
} }
if (unlikely(afl->afl_env.afl_persistent_record)) {
afl->fsrv.persistent_record = atoi(afl->afl_env.afl_persistent_record);
afl->fsrv.persistent_record_dir = alloc_printf("%s/crashes", afl->out_dir);
if (afl->fsrv.persistent_record < 2) {
FATAL(
"AFL_PERSISTENT_RECORD vallue must be be at least 2, recommended is "
"100 or 1000.");
}
if (!getenv(PERSIST_ENV_VAR)) {
FATAL(
"Target binary is not compiled in persistent mode, "
"AFL_PERSISTENT_RECORD makes no sense.");
}
}
if (afl->afl_env.afl_crash_exitcode) { if (afl->afl_env.afl_crash_exitcode) {
long exitcode = strtol(afl->afl_env.afl_crash_exitcode, NULL, 10); long exitcode = strtol(afl->afl_env.afl_crash_exitcode, NULL, 10);
@ -1531,6 +1523,18 @@ int main(int argc, char **argv_orig, char **envp) {
check_binary(afl, argv[optind]); check_binary(afl, argv[optind]);
if (unlikely(afl->fsrv.persistent_record)) {
if (!getenv(PERSIST_ENV_VAR)) {
FATAL(
"Target binary is not compiled in persistent mode, "
"AFL_PERSISTENT_RECORD makes no sense.");
}
}
if (afl->shmem_testcase_mode) { setup_testcase_shmem(afl); } if (afl->shmem_testcase_mode) { setup_testcase_shmem(afl); }
afl->start_time = get_cur_time(); afl->start_time = get_cur_time();