mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-21 05:42:12 +00:00
van Hauser
GitHub
@ -111,7 +111,13 @@ if [ -z "$NO_COLOR" ]; then
|
||||
RESET="$NC"
|
||||
fi
|
||||
|
||||
PLATFORM=`uname -s`
|
||||
if [ "$PLATFORM" = "Linux" ] ; then
|
||||
CUR_TIME=`cat /proc/uptime | awk '{printf "%.0f\n", $1}'`
|
||||
else
|
||||
# This will lead to inacurate results but will prevent the script from breaking on platforms other than Linux
|
||||
CUR_TIME=`date +%s`
|
||||
fi
|
||||
|
||||
TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1
|
||||
trap "rm -f $TMP" 1 2 3 13 15
|
||||
|
||||
@ -5,14 +5,18 @@
|
||||
|
||||
### Version ++4.21a (dev)
|
||||
* afl-fuzz
|
||||
- added AFL_DISABLE_REDUNDANT for huge queues
|
||||
- fix AFL_PERSISTENT_RECORD
|
||||
- prevent filenames in the queue that have spaces
|
||||
- minor fix for FAST schedules
|
||||
- more frequent stats update when syncing (todo: check performance impact)
|
||||
* afl-cc:
|
||||
- re-enable i386 support that was accidently disabled
|
||||
- fixes for LTO and outdated afl-gcc mode
|
||||
- ensure shared memory variables are visible in weird build setups
|
||||
* afl-cmin
|
||||
- work with input files that have a space
|
||||
* enhanced the ASAN configuration
|
||||
|
||||
|
||||
### Version ++4.20c (release)
|
||||
|
||||
@ -381,6 +381,9 @@ checks or alter some of the more exotic semantics of the tool:
|
||||
- Setting `AFL_DISABLE_TRIM` tells afl-fuzz not to trim test cases. This is
|
||||
usually a bad idea!
|
||||
|
||||
- Setting `AFL_DISABLE_REDUNDANT` disables any queue items that are redundant.
|
||||
This can be useful with huge queues.
|
||||
|
||||
- Setting `AFL_KEEP_TIMEOUTS` will keep longer running inputs if they reach
|
||||
new coverage
|
||||
|
||||
|
||||
@ -452,7 +452,7 @@ typedef struct afl_env_vars {
|
||||
afl_keep_timeouts, afl_no_crash_readme, afl_ignore_timeouts,
|
||||
afl_no_startup_calibration, afl_no_warn_instability,
|
||||
afl_post_process_keep_original, afl_crashing_seeds_as_new_crash,
|
||||
afl_final_sync, afl_ignore_seed_problems;
|
||||
afl_final_sync, afl_ignore_seed_problems, afl_disable_redundant;
|
||||
|
||||
u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
|
||||
*afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload,
|
||||
|
||||
@ -26,7 +26,8 @@ static char *afl_environment_variables[] = {
|
||||
"AFL_CUSTOM_MUTATOR_ONLY", "AFL_CUSTOM_INFO_PROGRAM",
|
||||
"AFL_CUSTOM_INFO_PROGRAM_ARGV", "AFL_CUSTOM_INFO_PROGRAM_INPUT",
|
||||
"AFL_CUSTOM_INFO_OUT", "AFL_CXX", "AFL_CYCLE_SCHEDULES", "AFL_DEBUG",
|
||||
"AFL_DEBUG_CHILD", "AFL_DEBUG_GDB", "AFL_DEBUG_UNICORN", "AFL_DISABLE_TRIM",
|
||||
"AFL_DEBUG_CHILD", "AFL_DEBUG_GDB", "AFL_DEBUG_UNICORN",
|
||||
"AFL_DISABLE_REDUNDANT", "AFL_DISABLE_TRIM",
|
||||
"AFL_DISABLE_LLVM_INSTRUMENTATION", "AFL_DONT_OPTIMIZE",
|
||||
"AFL_DRIVER_STDERR_DUPLICATE_FILENAME", "AFL_DUMB_FORKSRV",
|
||||
"AFL_EARLY_FORKSERVER", "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE",
|
||||
|
||||
@ -486,7 +486,7 @@ bool ModuleSanitizerCoverageLTO::instrumentModule(
|
||||
if ((ptr = getenv("AFL_LLVM_DOCUMENT_IDS")) != NULL) {
|
||||
|
||||
dFile.open(ptr, std::ofstream::out | std::ofstream::app);
|
||||
if (dFile.is_open()) WARNF("Cannot access document file %s", ptr);
|
||||
if (!dFile.is_open()) WARNF("Cannot access document file %s", ptr);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -1 +1 @@
|
||||
40033af00c
|
||||
a6f0632a65
|
||||
|
||||
Submodule qemu_mode/qemuafl updated: 40033af00c...a6f0632a65
10
src/afl-cc.c
10
src/afl-cc.c
@ -525,7 +525,7 @@ void find_built_deps(aflcc_state_t *aflcc) {
|
||||
|
||||
char *ptr = NULL;
|
||||
|
||||
#if defined(__x86_64__)
|
||||
#if defined(__x86_64__) || defined(__i386__)
|
||||
if ((ptr = find_object(aflcc, "afl-as")) != NULL) {
|
||||
|
||||
#ifndef __APPLE__
|
||||
@ -1911,7 +1911,13 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) {
|
||||
}
|
||||
|
||||
add_defs_fortify(aflcc, 0);
|
||||
if (!aflcc->have_asan) { insert_param(aflcc, "-fsanitize=address"); }
|
||||
if (!aflcc->have_asan) {
|
||||
|
||||
insert_param(aflcc, "-fsanitize=address");
|
||||
insert_param(aflcc, "-fno-common");
|
||||
|
||||
}
|
||||
|
||||
aflcc->have_asan = 1;
|
||||
|
||||
} else if (getenv("AFL_USE_MSAN") || aflcc->have_msan) {
|
||||
|
||||
@ -108,9 +108,10 @@ void set_sanitizer_defaults() {
|
||||
u8 *have_lsan_options = getenv("LSAN_OPTIONS");
|
||||
u8 have_san_options = 0;
|
||||
u8 default_options[1024] =
|
||||
"detect_odr_violation=0:abort_on_error=1:symbolize=0:allocator_may_"
|
||||
"return_null=1:handle_segv=0:handle_sigbus=0:handle_abort=0:handle_"
|
||||
"sigfpe=0:handle_sigill=0:";
|
||||
"detect_odr_violation=0:abort_on_error=1:symbolize=0:"
|
||||
"allocator_may_return_null=1:handle_segv=0:handle_sigbus=0:"
|
||||
"handle_abort=0:handle_sigfpe=0:handle_sigill=0:"
|
||||
"detect_stack_use_after_return=0:check_initialization_order=0:";
|
||||
|
||||
if (have_asan_options || have_ubsan_options || have_msan_options ||
|
||||
have_lsan_options) {
|
||||
|
||||
@ -577,6 +577,8 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
|
||||
afl->stage_cur = 0;
|
||||
afl->stage_max = 0;
|
||||
|
||||
show_stats(afl);
|
||||
|
||||
for (i = 0; i < (u32)nl_cnt; ++i) {
|
||||
|
||||
struct stat st;
|
||||
@ -655,7 +657,12 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
|
||||
munmap(mem, st.st_size);
|
||||
close(fd);
|
||||
|
||||
if (st.st_mtime > mtime_max) mtime_max = st.st_mtime;
|
||||
if (st.st_mtime > mtime_max) {
|
||||
|
||||
mtime_max = st.st_mtime;
|
||||
show_stats(afl);
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -933,8 +940,11 @@ void perform_dry_run(afl_state_t *afl) {
|
||||
res = calibrate_case(afl, q, use_mem, 0, 1);
|
||||
|
||||
/* For AFLFast schedules we update the queue entry */
|
||||
if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE) && likely(q->exec_cksum)) {
|
||||
if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE) &&
|
||||
likely(q->exec_cksum)) {
|
||||
|
||||
q->n_fuzz_entry = q->exec_cksum % N_FUZZ_SIZE;
|
||||
|
||||
}
|
||||
|
||||
if (afl->stop_soon) { return; }
|
||||
|
||||
@ -370,6 +370,7 @@ void mark_as_redundant(afl_state_t *afl, struct queue_entry *q, u8 state) {
|
||||
|
||||
s32 fd;
|
||||
|
||||
if (unlikely(afl->afl_env.afl_disable_redundant)) { q->disabled = 1; }
|
||||
fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
|
||||
if (fd < 0) { PFATAL("Unable to create '%s'", fn); }
|
||||
close(fd);
|
||||
|
||||
@ -2764,15 +2764,15 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
|
||||
#ifdef _DEBUG
|
||||
u32 j;
|
||||
struct cmp_header *hh = &afl->orig_cmp_map->headers[key];
|
||||
fprintf(stderr, "RTN N hits=%u id=%u shape=%u attr=%u v0=", h->hits, h->id,
|
||||
hshape, h->attribute);
|
||||
fprintf(stderr, "RTN N hits=%u shape=%u attr=%u v0=", h->hits, hshape,
|
||||
h->attribute);
|
||||
for (j = 0; j < 8; j++)
|
||||
fprintf(stderr, "%02x", o->v0[j]);
|
||||
fprintf(stderr, " v1=");
|
||||
for (j = 0; j < 8; j++)
|
||||
fprintf(stderr, "%02x", o->v1[j]);
|
||||
fprintf(stderr, "\nRTN O hits=%u id=%u shape=%u attr=%u o0=", hh->hits,
|
||||
hh->id, hshape, hh->attribute);
|
||||
fprintf(stderr, "\nRTN O hits=%u shape=%u attr=%u o0=", hh->hits, hshape,
|
||||
hh->attribute);
|
||||
for (j = 0; j < 8; j++)
|
||||
fprintf(stderr, "%02x", orig_o->v0[j]);
|
||||
fprintf(stderr, " o1=");
|
||||
|
||||
@ -771,6 +771,8 @@ void sync_fuzzers(afl_state_t *afl) {
|
||||
afl->stage_cur = 0;
|
||||
afl->stage_max = 0;
|
||||
|
||||
show_stats(afl);
|
||||
|
||||
/* For every file queued by this fuzzer, parse ID and see if we have
|
||||
looked at it before; exec a test case if not. */
|
||||
|
||||
@ -830,6 +832,7 @@ void sync_fuzzers(afl_state_t *afl) {
|
||||
|
||||
afl->syncing_party = sd_ent->d_name;
|
||||
afl->queued_imported += save_if_interesting(afl, mem, new_len, fault);
|
||||
show_stats(afl);
|
||||
afl->syncing_party = 0;
|
||||
|
||||
munmap(mem, st.st_size);
|
||||
|
||||
@ -293,6 +293,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
|
||||
afl->afl_env.afl_cmplog_only_new =
|
||||
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
|
||||
|
||||
} else if (!strncmp(env, "AFL_DISABLE_REDUNDANT",
|
||||
|
||||
afl_environment_variable_len)) {
|
||||
|
||||
afl->afl_env.afl_disable_redundant =
|
||||
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
|
||||
|
||||
} else if (!strncmp(env, "AFL_NO_STARTUP_CALIBRATION",
|
||||
|
||||
afl_environment_variable_len)) {
|
||||
|
||||
@ -264,6 +264,7 @@ static void usage(u8 *argv0, int more_help) {
|
||||
"AFL_CYCLE_SCHEDULES: after completing a cycle, switch to a different -p schedule\n"
|
||||
"AFL_DEBUG: extra debugging output for Python mode trimming\n"
|
||||
"AFL_DEBUG_CHILD: do not suppress stdout/stderr from target\n"
|
||||
"AFL_DISABLE_REDUNDANT: disable any queue item that is redundant\n"
|
||||
"AFL_DISABLE_TRIM: disable the trimming of test cases\n"
|
||||
"AFL_DUMB_FORKSRV: use fork server without feedback from target\n"
|
||||
"AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"
|
||||
|
||||
@ -1 +1 @@
|
||||
63aab0f
|
||||
764b66b2
|
||||
|
||||
Submodule unicorn_mode/unicornafl updated: 63aab0f752...764b66b21c
Reference in New Issue
Block a user