ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-09 00:31:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1798 from AFLplusplus/dev

Browse Source 
push to stable
This commit is contained in:
van Hauser 2023-07-15 09:42:04 +02:00 committed by GitHub
commit 7f17a94349
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
46 changed files with 214 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -42,7 +42,7 @@ RUN apt-get update && \
python3 python3-dev python3-pip python-is-python3 \ python3 python3-dev python3-pip python-is-python3 \
libtool libtool-bin libglib2.0-dev \ libtool libtool-bin libglib2.0-dev \
apt-transport-https gnupg dialog \ apt-transport-https gnupg dialog \
gnuplot-nox libpixman-1-dev \ gnuplot-nox libpixman-1-dev bc \
gcc-${GCC_VERSION} g++-${GCC_VERSION} gcc-${GCC_VERSION}-plugin-dev gdb lcov \ gcc-${GCC_VERSION} g++-${GCC_VERSION} gcc-${GCC_VERSION}-plugin-dev gdb lcov \
clang-${LLVM_VERSION} clang-tools-${LLVM_VERSION} libc++1-${LLVM_VERSION} \ clang-${LLVM_VERSION} clang-tools-${LLVM_VERSION} libc++1-${LLVM_VERSION} \
libc++-${LLVM_VERSION}-dev libc++abi1-${LLVM_VERSION} libc++abi-${LLVM_VERSION}-dev \ libc++-${LLVM_VERSION}-dev libc++abi1-${LLVM_VERSION} libc++abi-${LLVM_VERSION}-dev \

12
GNUmakefile.llvm
View File

@ -47,6 +47,7 @@ LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' )
LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' ) LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' )
LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 ) LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 )
LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[7-9]' && echo 1 || echo 0 ) LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[7-9]' && echo 1 || echo 0 )
LLVM_TOO_OLD = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[1-9]\.|^1[012]\.' && echo 1 || echo 0 )
LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 ) LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 )
LLVM_NEWER_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[6-9]' && echo 1 || echo 0 ) LLVM_NEWER_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[6-9]' && echo 1 || echo 0 )
LLVM_13_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[3-9]' && echo 1 || echo 0 ) LLVM_13_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[3-9]' && echo 1 || echo 0 )
@ -69,6 +70,12 @@ ifeq "$(LLVM_TOO_NEW)" "1"
$(warning you are using an in-development llvm version - this might break llvm_mode!) $(warning you are using an in-development llvm version - this might break llvm_mode!)
endif endif
ifeq "$(LLVM_TOO_OLD)" "1"
$(warning you are using an outdated LLVM version! Please use at least LLVM 13 or newer!)
$(shell sleep 2)
endif
# No switching the meaning of LLVM_TOO_OLD
LLVM_TOO_OLD=1 LLVM_TOO_OLD=1
ifeq "$(LLVM_MAJOR)" "9" ifeq "$(LLVM_MAJOR)" "9"
@ -87,11 +94,6 @@ ifeq "$(LLVM_NEWER_API)" "1"
LLVM_STDCXX = c++17 LLVM_STDCXX = c++17
endif endif
ifeq "$(LLVM_TOO_OLD)" "1"
$(info [!] llvm_mode detected an old version of llvm, upgrade to at least 9 or preferable 11!)
$(shell sleep 1)
endif
ifeq "$(LLVM_HAVE_LTO)" "1" ifeq "$(LLVM_HAVE_LTO)" "1"
$(info [+] llvm_mode detected llvm 11+, enabling afl-lto LTO implementation) $(info [+] llvm_mode detected llvm 11+, enabling afl-lto LTO implementation)
LLVM_LTO = 1 LLVM_LTO = 1

7
afl-cmin
View File

@ -425,7 +425,7 @@ BEGIN {
cmd = "stat --version 2>/dev/null" cmd = "stat --version 2>/dev/null"
cmd | getline statversion cmd | getline statversion
close(cmd) close(cmd)
if (statversion ~ /GNU coreutils/) { if (statversion ~ /GNU coreutils/ || statversion ~ /BusyBox/) {
stat_format = "-c '%s %n'" # GNU stat_format = "-c '%s %n'" # GNU
} else { } else {
stat_format = "-f '%z %N'" # *BSD, MacOS stat_format = "-f '%z %N'" # *BSD, MacOS
@ -493,6 +493,11 @@ BEGIN {
} }
} }
if (in_count < threads) {
threads = in_count
print "[!] WARNING: less inputs than threads, reducing threads to "threads" and likely the overhead of threading makes things slower..."
}
# Let's roll! # Let's roll!
############################# #############################

7
afl-cmin.bash
View File

@ -339,6 +339,13 @@ fi
echo "[*] Are you aware that afl-cmin is faster than this afl-cmin.bash script?" echo "[*] Are you aware that afl-cmin is faster than this afl-cmin.bash script?"
echo "[+] Found $IN_COUNT files for minimizing." echo "[+] Found $IN_COUNT files for minimizing."
if [ -n "$THREADS" ]; then
if [ "$IN_COUNT" -lt "$THREADS" ]; then
THREADS=$IN_COUNT
echo "[!] WARNING: less inputs than threads, reducing threads to $THREADS and likely the overhead of threading makes things slower..."
fi
fi
FIRST_FILE=`ls "$IN_DIR" | head -1` FIRST_FILE=`ls "$IN_DIR" | head -1`
# Make sure that we're not dealing with a directory. # Make sure that we're not dealing with a directory.

4
docs/Changelog.md
View File

@ -19,6 +19,7 @@
- fixed a bug inherited from vanilla AFL where a coverage of - fixed a bug inherited from vanilla AFL where a coverage of
map[123] = 11 would be the same as map[1123] = 1 map[123] = 11 would be the same as map[1123] = 1
- warn on crashing inputs - warn on crashing inputs
- adjust threads if less inputs than threads specified
- afl-cc: - afl-cc:
- fixed an off-by-one instrumentation of iselect, hurting coverage a bit. - fixed an off-by-one instrumentation of iselect, hurting coverage a bit.
Thanks to @amykweon for spotting and fixing! Thanks to @amykweon for spotting and fixing!
@ -27,6 +28,9 @@
- more LLVM compatability - more LLVM compatability
- frida_mode: - frida_mode:
- support for long form instrumentation on x86_x64 and arm64 - support for long form instrumentation on x86_x64 and arm64
- renamed utils/get_symbol_addr.sh to utils/frida_get_symbol_addr.sh
- qemu_mode:
- added qemu_mode/utils/qemu_get_symbol_addr.sh
### Version ++4.07c (release) ### Version ++4.07c (release)

2
frida_mode/src/instrument/instrument_arm32.c
View File

@ -15,7 +15,7 @@ static GHashTable *coverage_blocks = NULL;
extern __thread guint64 instrument_previous_pc; extern __thread guint64 instrument_previous_pc;
__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_SIZE]; __attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_INITIAL_SIZE];
#pragma pack(push, 1) #pragma pack(push, 1)
typedef struct { typedef struct {

2
frida_mode/src/instrument/instrument_arm64.c
View File

@ -22,7 +22,7 @@ gboolean instrument_cache_enabled = FALSE;
gsize instrument_cache_size = 0; gsize instrument_cache_size = 0;
static GHashTable *coverage_blocks = NULL; static GHashTable *coverage_blocks = NULL;
__attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_SIZE]; __attribute__((aligned(0x1000))) static guint8 area_ptr_dummy[MAP_INITIAL_SIZE];
#pragma pack(push, 1) #pragma pack(push, 1)
typedef struct { typedef struct {

2
frida_mode/test/bloaty/GNUmakefile
View File

@ -35,7 +35,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/cache/GNUmakefile vendored
View File

@ -11,7 +11,7 @@ QEMU_OUT:=$(BUILD_DIR)qemu-out
FRIDA_OUT:=$(BUILD_DIR)frida-out FRIDA_OUT:=$(BUILD_DIR)frida-out
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so

2
frida_mode/test/cmov/GNUmakefile
View File

@ -11,7 +11,7 @@ QEMU_OUT:=$(BUILD_DIR)qemu-out
FRIDA_OUT:=$(BUILD_DIR)frida-out FRIDA_OUT:=$(BUILD_DIR)frida-out
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so

2
frida_mode/test/deferred/GNUmakefile
View File

@ -10,7 +10,7 @@ TESTINSTSRC:=$(PWD)testinstr.c
QEMU_OUT:=$(BUILD_DIR)qemu-out QEMU_OUT:=$(BUILD_DIR)qemu-out
FRIDA_OUT:=$(BUILD_DIR)frida-out FRIDA_OUT:=$(BUILD_DIR)frida-out
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
ifndef ARCH ifndef ARCH

2
frida_mode/test/dynamic/GNUmakefile
View File

@ -17,7 +17,7 @@ FRIDA_OUT:=$(BUILD_DIR)frida-out
AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) testinstr $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) testinstr $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/entry_point/GNUmakefile
View File

@ -10,7 +10,7 @@ TESTINSTSRC:=$(PWD)testinstr.c
QEMU_OUT:=$(BUILD_DIR)qemu-out QEMU_OUT:=$(BUILD_DIR)qemu-out
FRIDA_OUT:=$(BUILD_DIR)frida-out FRIDA_OUT:=$(BUILD_DIR)frida-out
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
ifndef ARCH ifndef ARCH

2
frida_mode/test/freetype2/GNUmakefile
View File

@ -64,7 +64,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/jpeg/GNUmakefile
View File

@ -47,7 +47,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/libpcap/GNUmakefile
View File

@ -56,7 +56,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/libxml/GNUmakefile
View File

@ -43,7 +43,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/libxslt/GNUmakefile
View File

@ -42,7 +42,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/osx-lib/GNUmakefile
View File

@ -26,7 +26,7 @@ FRIDA_OUT:=$(BUILD_DIR)frida-out
HARNESS_LDFLAGS:=-Wl,-no_pie HARNESS_LDFLAGS:=-Wl,-no_pie
LIB_CFLAGS:=-dynamiclib LIB_CFLAGS:=-dynamiclib
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_MAIN_ADDR=$(shell $(GET_SYMBOL_ADDR) $(HARNESS_BIN) main 0x0) AFL_FRIDA_MAIN_ADDR=$(shell $(GET_SYMBOL_ADDR) $(HARNESS_BIN) main 0x0)
AFL_FRIDA_MAIN_ADDR2=$(shell $(GET_SYMBOL_ADDR) $(HARNESS2_BIN) main 0x0) AFL_FRIDA_MAIN_ADDR2=$(shell $(GET_SYMBOL_ADDR) $(HARNESS2_BIN) main 0x0)
AFL_FRIDA_FUZZ_ADDR=$(shell $(GET_SYMBOL_ADDR) $(HARNESS_BIN) LLVMFuzzerTestOneInput 0x0) AFL_FRIDA_FUZZ_ADDR=$(shell $(GET_SYMBOL_ADDR) $(HARNESS_BIN) LLVMFuzzerTestOneInput 0x0)

2
frida_mode/test/perf/GNUmakefile
View File

@ -31,7 +31,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/persistent_ret/GNUmakefile
View File

@ -23,7 +23,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
ifeq "$(shell uname)" "Darwin" ifeq "$(shell uname)" "Darwin"
TEST_BIN_LDFLAGS:=-Wl,-no_pie TEST_BIN_LDFLAGS:=-Wl,-no_pie

2
frida_mode/test/png/persistent/GNUmakefile
View File

@ -22,7 +22,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/png/persistent/hook/GNUmakefile
View File

@ -33,7 +33,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/proj4/GNUmakefile
View File

@ -47,7 +47,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/re2/GNUmakefile
View File

@ -48,7 +48,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/sqlite/GNUmakefile
View File

@ -43,7 +43,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/unstable/GNUmakefile
View File

@ -23,7 +23,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

2
frida_mode/test/vorbis/GNUmakefile
View File

@ -54,7 +54,7 @@ endif
endif endif
ADDR_BIN:=$(ROOT)frida_mode/build/addr ADDR_BIN:=$(ROOT)frida_mode/build/addr
GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/frida_get_symbol_addr.sh
AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN)) AFL_FRIDA_BASE_ADDR:=$(shell $(ADDR_BIN))
AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR)) AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput $(AFL_FRIDA_BASE_ADDR))

55
frida_mode/util/frida_get_symbol_addr.sh Executable file
View File

@ -0,0 +1,55 @@
#!/bin/bash
# Copyright 2023 AFLplusplus
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
target="$1"
symbol="$2"
base="$3"
test -z "$target" -o -z "$symbol" -o '!' -x "$target" && {
echo "Syntax: $0 executable function [baseaddress]"
echo
echo Help script to calculate the function address of a binary QEMU will load it to.
echo function is e.g. LLVMFuzzerTestOneInput, afl_qemu_driver_stdin, etc.
echo "baseaddress is tried to be auto-detected, you can use 'AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace ./executable' to see the maps."
exit 1
}
file=$(file $target|sed 's/.*: //')
arch=$(echo $file|awk -F, '{print$2}'|tr -d ' ')
bits=$(echo $file|sed 's/-bit .*//'|sed 's/.* //')
pie=$(echo $file|grep -wqi pie && echo pie)
test $(uname -s) = "Darwin" && symbol=_"$symbol"
tmp_addr=$(nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F)
test -z "$tmp_addr" && { echo Error: function $symbol not found 1>&2; exit 1; }
test -z "$pie" && { echo 0x$tmp_addr; exit 0; }
test -z "$base" && {
test "$bits" = 32 -o "$bits" = 64 || { echo "Error: could not identify arch (bits=$bits)" 1>&2 ; exit 1; }
# is this true for arm/aarch64/i386 too?
base=0x555555554000
#test "$arch" = Intel80386 && base=0x5555554000
#test "$arch" = x86-64 && base=0x555555554000
#test "$arch" = ARMaarch64 && base=0x5500000000
# add more here, e.g. "$arch" = ARM
}
test -z "$base" && { echo "Error: could not identify base address! bits=$bits arch=$arch" 1>&2 ; exit 1; }
hex_base=$(echo "$base" | awk '{sub("^0x","");print $0}' | tr a-f A-F )
echo $tmp_addr | echo "ibase=16;obase=10;$hex_base + $tmp_addr" | bc | tr A-F a-f | awk '{print "0x"$0}'
exit 0

32
frida_mode/util/get_symbol_addr.sh
View File

@ -1,32 +0,0 @@
#!/bin/bash
# Copyright 2020 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# set -x
target="$1"
symbol="$2"
base="$3"
test -z "$target" -o -z "$symbol" -o '!' -e "$target" && exit 0
test $(uname -s) = "Darwin" && symbol=_"$symbol"
file "$target" | grep -q executable && {
nm "$target" | grep -i "T $symbol" | awk '{print"0x"$1}'
exit 0
}
hex_base=$(echo "$3" | awk '{sub("^0x","");print $0}' | tr a-f A-F )
nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F | \
xargs echo "ibase=16;obase=10;$hex_base + " | bc | tr A-F a-f | awk '{print "0x"$0}'
exit 0

2
include/afl-fuzz.h
View File

@ -31,7 +31,7 @@
#define MESSAGES_TO_STDOUT #define MESSAGES_TO_STDOUT
#ifndef _GNU_SOURCE #ifndef _GNU_SOURCE
#define _GNU_SOURCE 1 #define _GNU_SOURCE
#endif #endif
#ifndef _FILE_OFFSET_BITS #ifndef _FILE_OFFSET_BITS
#define _FILE_OFFSET_BITS 64 #define _FILE_OFFSET_BITS 64

4
include/android-ashmem.h
View File

@ -2,7 +2,9 @@
#ifndef _ANDROID_ASHMEM_H #ifndef _ANDROID_ASHMEM_H
#define _ANDROID_ASHMEM_H #define _ANDROID_ASHMEM_H
#define _GNU_SOURCE #ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include <sys/syscall.h> #include <sys/syscall.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h> #include <fcntl.h>

11
include/config.h
View File

@ -360,9 +360,10 @@
65535, /* Overflow unsig 16-bit when incremented */ \ 65535, /* Overflow unsig 16-bit when incremented */ \
65536, /* Overflow unsig 16 bit */ \ 65536, /* Overflow unsig 16 bit */ \
100663045, /* Large positive number (endian-agnostic) */ \ 100663045, /* Large positive number (endian-agnostic) */ \
2139095040, /* float infinite */ \
2147483647 /* Overflow signed 32-bit when incremented */ 2147483647 /* Overflow signed 32-bit when incremented */
#define INTERESTING_32_LEN 8 #define INTERESTING_32_LEN 9
/*********************************************************** /***********************************************************
* * * *
@ -446,7 +447,15 @@
after changing this - otherwise, SEGVs may ensue. */ after changing this - otherwise, SEGVs may ensue. */
#define MAP_SIZE_POW2 16 #define MAP_SIZE_POW2 16
/* Do not change this unless you really know what you are doing. */
#define MAP_SIZE (1U << MAP_SIZE_POW2) #define MAP_SIZE (1U << MAP_SIZE_POW2)
#if MAP_SIZE <= 65536
#define MAP_INITIAL_SIZE (2 << 20) // = 2097152
#else
#define MAP_INITIAL_SIZE MAP_SIZE
#endif
/* Maximum allocator request size (keep well under INT_MAX): */ /* Maximum allocator request size (keep well under INT_MAX): */

2
instrumentation/README.llvm.md
View File

@ -7,7 +7,7 @@ For the GCC-based instrumentation, see
## 1) Introduction ## 1) Introduction
! llvm_mode works with llvm versions 3.8 up to 13 ! ! llvm_mode works with llvm versions 3.8 up to 17 - but 13+ is recommended !
The code in this directory allows you to instrument programs for AFL++ using The code in this directory allows you to instrument programs for AFL++ using
true compiler-level instrumentation, instead of the more crude assembly-level true compiler-level instrumentation, instead of the more crude assembly-level

2
instrumentation/SanitizerCoverageLTO.so.cc
View File

@ -1081,7 +1081,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule(
} }
if (!be_quiet) if (!be_quiet)
printf("AUTODICTIONARY: %lu string%s found\n", count, printf("AUTODICTIONARY: %zu string%s found\n", count,
count == 1 ? "" : "s"); count == 1 ? "" : "s");
if (count) { if (count) {

1
instrumentation/SanitizerCoveragePCGUARD.so.cc
View File

@ -227,6 +227,7 @@ llvmGetPassPluginInfo() {
PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M, PreservedAnalyses ModuleSanitizerCoverageAFL::run(Module &M,
ModuleAnalysisManager &MAM) { ModuleAnalysisManager &MAM) {
ModuleSanitizerCoverageAFL ModuleSancov(Options); ModuleSanitizerCoverageAFL ModuleSancov(Options);
auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager(); auto &FAM = MAM.getResult<FunctionAnalysisManagerModuleProxy>(M).getManager();
auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{ auto DTCallback = [&FAM](Function &F) -> const DominatorTree *{

6
instrumentation/afl-compiler-rt.o.c
View File

@ -87,12 +87,6 @@
is used for instrumentation output before __afl_map_shm() has a chance to is used for instrumentation output before __afl_map_shm() has a chance to
run. It will end up as .comm, so it shouldn't be too wasteful. */ run. It will end up as .comm, so it shouldn't be too wasteful. */
#if MAP_SIZE <= 65536
#define MAP_INITIAL_SIZE 2097152
#else
#define MAP_INITIAL_SIZE MAP_SIZE
#endif
#if defined(__HAIKU__) #if defined(__HAIKU__)
extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, extern ssize_t _kern_write(int fd, off_t pos, const void *buffer,
size_t bufferSize); size_t bufferSize);

2
instrumentation/split-compares-pass.so.cc
View File

@ -1740,7 +1740,7 @@ bool SplitComparesTransform::runOnModule(Module &M) {
if (!be_quiet && !debug) { if (!be_quiet && !debug) {
errs() << "Split-floatingpoint-compare-pass: " << count errs() << "Split-floatingpoint-compare-pass: " << count
<< " FP comparisons splitted\n"; << " FP comparisons split\n";
} }

53
qemu_mode/util/qemu_get_symbol_addr.sh Executable file
View File

@ -0,0 +1,53 @@
#!/bin/bash
# Copyright 2023 AFLplusplus
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
target="$1"
symbol="$2"
base="$3"
test -z "$target" -o -z "$symbol" -o '!' -x "$target" && {
echo "Syntax: $0 executable function [baseaddress]"
echo
echo Help script to calculate the function address of a binary QEMU will load it to.
echo function is e.g. LLVMFuzzerTestOneInput, afl_qemu_driver_stdin, etc.
echo "baseaddress is tried to be auto-detected, you can use 'AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace ./executable' to see the maps."
exit 1
}
file=$(file $target|sed 's/.*: //')
arch=$(echo $file|awk -F, '{print$2}'|tr -d ' ')
bits=$(echo $file|sed 's/-bit .*//'|sed 's/.* //')
pie=$(echo $file|grep -wqi pie && echo pie)
test $(uname -s) = "Darwin" && symbol=_"$symbol"
tmp_addr=$(nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F)
test -z "$tmp_addr" && { echo Error: function $symbol not found 1>&2; exit 1; }
test -z "$pie" && { echo 0x$tmp_addr; exit 0; }
test -z "$base" && {
test "$bits" = 32 -o "$bits" = 64 || { echo "Error: could not identify arch (bits=$bits)" 1>&2 ; exit 1; }
test "$arch" = Intel80386 && base=0x40000000
test "$arch" = x86-64 && base=0x4000000000
test "$arch" = ARMaarch64 && base=0x5500000000
# add more here, e.g. "$arch" = ARM
}
test -z "$base" && { echo "Error: could not identify base address! bits=$bits arch=$arch" 1>&2 ; exit 1; }
hex_base=$(echo "$base" | awk '{sub("^0x","");print $0}' | tr a-f A-F )
echo $tmp_addr | echo "ibase=16;obase=10;$hex_base + $tmp_addr" | bc | tr A-F a-f | awk '{print "0x"$0}'
exit 0

33
src/afl-cc.c
View File

@ -383,11 +383,17 @@ static u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0,
have_o = 0, have_pic = 0, have_c = 0, partial_linking = 0, have_o = 0, have_pic = 0, have_c = 0, partial_linking = 0,
non_dash = 0; non_dash = 0;
#define MAX_PARAMS_NUM 2048 #ifndef MAX_PARAMS_NUM
#define MAX_PARAMS_NUM 2048
#endif
static void process_params(u32 argc, char **argv) { static void process_params(u32 argc, char **argv) {
if (cc_par_cnt + argc >= MAX_PARAMS_NUM) { FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM."); } if (cc_par_cnt + argc >= MAX_PARAMS_NUM) {
FATAL("Too many command line parameters, please increase MAX_PARAMS_NUM.");
}
if (lto_mode && argc > 1) { if (lto_mode && argc > 1) {
@ -2109,11 +2115,6 @@ int main(int argc, char **argv, char **envp) {
"-------------|\n" "-------------|\n"
"MODES: NCC PERSIST DICT LAF " "MODES: NCC PERSIST DICT LAF "
"CMPLOG SELECT\n" "CMPLOG SELECT\n"
" [LTO] LLVM LTO: %s%s\n"
" PCGUARD DEFAULT yes yes yes yes yes "
" yes\n"
" CLASSIC yes yes yes yes yes "
" yes\n"
" [LLVM] LLVM: %s%s\n" " [LLVM] LLVM: %s%s\n"
" PCGUARD %s yes yes module yes yes " " PCGUARD %s yes yes module yes yes "
"yes\n" "yes\n"
@ -2123,16 +2124,21 @@ int main(int argc, char **argv, char **envp) {
" - CALLER\n" " - CALLER\n"
" - CTX\n" " - CTX\n"
" - NGRAM-{2-16}\n" " - NGRAM-{2-16}\n"
" [LTO] LLVM LTO: %s%s\n"
" PCGUARD DEFAULT yes yes yes yes yes "
" yes\n"
" CLASSIC yes yes yes yes yes "
" yes\n"
" [GCC_PLUGIN] gcc plugin: %s%s\n" " [GCC_PLUGIN] gcc plugin: %s%s\n"
" CLASSIC DEFAULT no yes no no no " " CLASSIC DEFAULT no yes no no no "
"yes\n" "yes\n"
" [GCC/CLANG] simple gcc/clang: %s%s\n" " [GCC/CLANG] simple gcc/clang: %s%s\n"
" CLASSIC DEFAULT no no no no no " " CLASSIC DEFAULT no no no no no "
"no\n\n", "no\n\n",
have_lto ? "AVAILABLE" : "unavailable!",
compiler_mode == LTO ? " [SELECTED]" : "",
have_llvm ? "AVAILABLE" : "unavailable!", have_llvm ? "AVAILABLE" : "unavailable!",
compiler_mode == LLVM ? " [SELECTED]" : "", compiler_mode == LLVM ? " [SELECTED]" : "",
have_lto ? "AVAILABLE" : "unavailable!",
compiler_mode == LTO ? " [SELECTED]" : "",
LLVM_MAJOR >= 7 ? "DEFAULT" : " ", LLVM_MAJOR >= 7 ? "DEFAULT" : " ",
LLVM_MAJOR >= 7 ? " " : "DEFAULT", LLVM_MAJOR >= 7 ? " " : "DEFAULT",
have_gcc_plugin ? "AVAILABLE" : "unavailable!", have_gcc_plugin ? "AVAILABLE" : "unavailable!",
@ -2348,6 +2354,15 @@ int main(int argc, char **argv, char **envp) {
"AFL_LLVM_CMPLOG and " "AFL_LLVM_CMPLOG and "
"AFL_LLVM_DICT2FILE+AFL_LLVM_DICT2FILE_NO_MAIN.\n\n"); "AFL_LLVM_DICT2FILE+AFL_LLVM_DICT2FILE_NO_MAIN.\n\n");
if (LLVM_MAJOR < 13) {
SAYF(
"Warning: It is highly recommended to use at least LLVM version 13 "
"(or better, higher) rather than %d!\n\n",
LLVM_MAJOR);
}
exit(1); exit(1);
} }

2
src/afl-common.c
View File

@ -403,7 +403,7 @@ u8 *find_binary(u8 *fname) {
FATAL( FATAL(
"Unexpected overflow when processing ENV. This should never " "Unexpected overflow when processing ENV. This should never "
"happend."); "had happened.");
} }

8
src/afl-forkserver.c
View File

@ -667,13 +667,13 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
switch (fsrv->nyx_handlers->nyx_exec(fsrv->nyx_runner)) { switch (fsrv->nyx_handlers->nyx_exec(fsrv->nyx_runner)) {
case Abort: case Abort:
NYX_PRE_FATAL(fsrv, "Error: Nyx abort occured..."); NYX_PRE_FATAL(fsrv, "Error: Nyx abort occurred...");
break; break;
case IoError: case IoError:
NYX_PRE_FATAL(fsrv, "Error: QEMU-Nyx has died..."); NYX_PRE_FATAL(fsrv, "Error: QEMU-Nyx has died...");
break; break;
case Error: case Error:
NYX_PRE_FATAL(fsrv, "Error: Nyx runtime error has occured..."); NYX_PRE_FATAL(fsrv, "Error: Nyx runtime error has occurred...");
break; break;
default: default:
break; break;
@ -1581,7 +1581,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
FATAL("FixMe: Nyx InvalidWriteToPayload handler is missing"); FATAL("FixMe: Nyx InvalidWriteToPayload handler is missing");
break; break;
case Abort: case Abort:
FATAL("Error: Nyx abort occured..."); FATAL("Error: Nyx abort occurred...");
case IoError: case IoError:
if (*stop_soon_p) { if (*stop_soon_p) {
@ -1595,7 +1595,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
break; break;
case Error: case Error:
FATAL("Error: Nyx runtime error has occured..."); FATAL("Error: Nyx runtime error has occurred...");
break; break;
} }

4
src/afl-fuzz.c
View File

@ -1281,6 +1281,10 @@ int main(int argc, char **argv_orig, char **envp) {
} }
WARNF(
"Note that the MOpt mode is not maintained and is not as effective "
"as normal havoc mode.");
} break; } break;
case 'h': case 'h':

10
src/afl-ld-lto.c
View File

@ -23,7 +23,9 @@
*/ */
#define AFL_MAIN #define AFL_MAIN
#define _GNU_SOURCE #ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
#include "config.h" #include "config.h"
#include "types.h" #include "types.h"
@ -37,6 +39,7 @@
#include <time.h> #include <time.h>
#include <ctype.h> #include <ctype.h>
#include <fcntl.h> #include <fcntl.h>
#include <limits.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/types.h> #include <sys/types.h>
@ -45,11 +48,6 @@
#include <dirent.h> #include <dirent.h>
#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) || \
defined(__DragonFly__)
#include <limits.h>
#endif
#ifdef __APPLE__ #ifdef __APPLE__
#include <sys/syslimits.h> #include <sys/syslimits.h>
#endif #endif

4
test/test-basic.sh
View File

@ -28,7 +28,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc
rm -f test-instr.plain.0 test-instr.plain.1 rm -f test-instr.plain.0 test-instr.plain.1
SKIP= SKIP=
TUPLES=`echo 1|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.plain 2>&1 | grep Captur | awk '{print$3}'` TUPLES=`echo 1|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.plain 2>&1 | grep Captur | awk '{print$3}'`
test "$TUPLES" -gt 1 -a "$TUPLES" -lt 12 && { test "$TUPLES" -gt 1 -a "$TUPLES" -lt 22 && {
$ECHO "$GREEN[+] ${AFL_GCC} run reported $TUPLES instrumented locations which is fine" $ECHO "$GREEN[+] ${AFL_GCC} run reported $TUPLES instrumented locations which is fine"
} || { } || {
$ECHO "$RED[!] ${AFL_GCC} instrumentation produces weird numbers: $TUPLES" $ECHO "$RED[!] ${AFL_GCC} instrumentation produces weird numbers: $TUPLES"
@ -152,7 +152,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc
} }
rm -f test-instr.plain.0 test-instr.plain.1 rm -f test-instr.plain.0 test-instr.plain.1
TUPLES=`echo 1|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.plain 2>&1 | grep Captur | awk '{print$3}'` TUPLES=`echo 1|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.plain 2>&1 | grep Captur | awk '{print$3}'`
test "$TUPLES" -gt 1 -a "$TUPLES" -lt 12 && { test "$TUPLES" -gt 1 -a "$TUPLES" -lt 22 && {
$ECHO "$GREEN[+] ${AFL_CLANG} run reported $TUPLES instrumented locations which is fine" $ECHO "$GREEN[+] ${AFL_CLANG} run reported $TUPLES instrumented locations which is fine"
} || { } || {
$ECHO "$RED[!] ${AFL_CLANG} instrumentation produces weird numbers: $TUPLES" $ECHO "$RED[!] ${AFL_CLANG} instrumentation produces weird numbers: $TUPLES"

2
test/test-libextensions.sh
View File

@ -5,7 +5,7 @@
test -z "$AFL_CC" && unset AFL_CC test -z "$AFL_CC" && unset AFL_CC
$ECHO "$BLUE[*] Testing: shared library extensions" $ECHO "$BLUE[*] Testing: shared library extensions"
cc $CFLAGS -o test-compcov test-compcov.c > /dev/null 2>&1 cc $CFLAGS -O0 -o test-compcov test-compcov.c > /dev/null 2>&1
test -e ../libtokencap.so && { test -e ../libtokencap.so && {
AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1 AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1
grep -q BUGMENOT token.out > /dev/null 2>&1 && { grep -q BUGMENOT token.out > /dev/null 2>&1 && {