write target errors to out_dir/error.txt

instrumentation/afl-compiler-rt.o.c

@@ -630,6 +630,30 @@ static void __afl_unmap_shm(void) {
 
 }
 
+void write_error(char *text) {
+
+  u8 *  o = getenv("__AFL_OUT_DIR");
+  char *e = strerror(errno);
+
+  if (o) {
+
+    char buf[4096];
+    snprintf(buf, sizeof(buf), "%s/error.txt", o);
+    FILE *f = fopen(buf, "a");
+
+    if (f) {
+
+      fprintf(f, "Error(%s): %s\n", text, e);
+      fclose(f);
+
+    }
+
+  }
+
+  fprintf(stderr, "Error(%s): %s\n", text, e);
+
+}
+
 #ifdef __linux__
 static void __afl_start_snapshots(void) {
 
@@ -656,7 +680,12 @@ static void __afl_start_snapshots(void) {
 
   if (__afl_sharedmem_fuzzing || (__afl_dictionary_len && __afl_dictionary)) {
 
-    if (read(FORKSRV_FD, &was_killed, 4) != 4) { _exit(1); }
+    if (read(FORKSRV_FD, &was_killed, 4) != 4) {
+
+      write_error("read to afl-fuzz");
+      _exit(1);
+
+    }
 
     if (__afl_debug) {
 
@@ -725,7 +754,12 @@ static void __afl_start_snapshots(void) {
     } else {
 
       /* Wait for parent by reading from the pipe. Abort if read fails. */
-      if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1);
+      if (read(FORKSRV_FD, &was_killed, 4) != 4) {
+
+        write_error("reading from afl-fuzz");
+        _exit(1);
+
+      }
 
     }
 
@@ -762,7 +796,12 @@ static void __afl_start_snapshots(void) {
     if (child_stopped && was_killed) {
 
       child_stopped = 0;
-      if (waitpid(child_pid, &status, 0) < 0) _exit(1);
+      if (waitpid(child_pid, &status, 0) < 0) {
+
+        write_error("child_stopped && was_killed");
+        _exit(1);  // TODO why exit?
+
+      }
 
     }
 
@@ -771,7 +810,12 @@ static void __afl_start_snapshots(void) {
       /* Once woken up, create a clone of our process. */
 
       child_pid = fork();
-      if (child_pid < 0) _exit(1);
+      if (child_pid < 0) {
+
+        write_error("fork");
+        _exit(1);
+
+      }
 
       /* In child process: close fds, resume execution. */
 
@@ -811,9 +855,19 @@ static void __afl_start_snapshots(void) {
 
     /* In parent process: write PID to pipe, then wait for child. */
 
-    if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) _exit(1);
+    if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) {
 
-    if (waitpid(child_pid, &status, WUNTRACED) < 0) _exit(1);
+      write_error("write to afl-fuzz");
+      _exit(1);
+
+    }
+
+    if (waitpid(child_pid, &status, WUNTRACED) < 0) {
+
+      write_error("waitpid");
+      _exit(1);
+
+    }
 
     /* In persistent mode, the child stops itself with SIGSTOP to indicate
        a successful run. In this case, we want to wake it up without forking
@@ -823,7 +877,12 @@ static void __afl_start_snapshots(void) {
 
     /* Relay wait status to pipe, then loop back. */
 
-    if (write(FORKSRV_FD + 1, &status, 4) != 4) _exit(1);
+    if (write(FORKSRV_FD + 1, &status, 4) != 4) {
+
+      write_error("writing to afl-fuzz");
+      _exit(1);
+
+    }
 
   }
 
@@ -956,7 +1015,12 @@ static void __afl_start_forkserver(void) {
 
     } else {
 
-      if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1);
+      if (read(FORKSRV_FD, &was_killed, 4) != 4) {
+
+        write_error("read from afl-fuzz");
+        _exit(1);
+
+      }
 
     }
 
@@ -993,7 +1057,12 @@ static void __afl_start_forkserver(void) {
     if (child_stopped && was_killed) {
 
       child_stopped = 0;
-      if (waitpid(child_pid, &status, 0) < 0) _exit(1);
+      if (waitpid(child_pid, &status, 0) < 0) {
+
+        write_error("child_stopped && was_killed");
+        _exit(1);
+
+      }
 
     }
 
@@ -1002,7 +1071,12 @@ static void __afl_start_forkserver(void) {
       /* Once woken up, create a clone of our process. */
 
       child_pid = fork();
-      if (child_pid < 0) _exit(1);
+      if (child_pid < 0) {
+
+        write_error("fork");
+        _exit(1);
+
+      }
 
       /* In child process: close fds, resume execution. */
 
@@ -1031,11 +1105,20 @@ static void __afl_start_forkserver(void) {
 
     /* In parent process: write PID to pipe, then wait for child. */
 
-    if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) _exit(1);
+    if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) {
 
-    if (waitpid(child_pid, &status, is_persistent ? WUNTRACED : 0) < 0)
+      write_error("write to afl-fuzz");
       _exit(1);
 
+    }
+
+    if (waitpid(child_pid, &status, is_persistent ? WUNTRACED : 0) < 0) {
+
+      write_error("waitpid");
+      _exit(1);
+
+    }
+
     /* In persistent mode, the child stops itself with SIGSTOP to indicate
        a successful run. In this case, we want to wake it up without forking
        again. */
@@ -1044,7 +1127,12 @@ static void __afl_start_forkserver(void) {
 
     /* Relay wait status to pipe, then loop back. */
 
-    if (write(FORKSRV_FD + 1, &status, 4) != 4) _exit(1);
+    if (write(FORKSRV_FD + 1, &status, 4) != 4) {
+
+      write_error("writing to afl-fuzz");
+      _exit(1);
+
+    }
 
   }
 

src/afl-analyze.c

@@ -225,7 +225,6 @@ static s32 write_to_file(u8 *path, u8 *mem, u32 len) {
 
 }
 
-
 /* Handle timeout signal. */
 
 static void handle_timeout(int sig) {
@@ -238,7 +237,6 @@ static void handle_timeout(int sig) {
 
 }
 
-
 /* Execute target application. Returns exec checksum, or 0 if program
    times out. */
 

src/afl-fuzz-stats.c

@@ -873,9 +873,8 @@ void show_stats(afl_state_t *afl) {
 
   /* Aaaalmost there... hold on! */
 
-  SAYF(bVR bH cCYA                                                      bSTOP
+  SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bH2 bHT bH10 bH2
-       " fuzzing strategy yields " bSTG bH10 bH2 bHT bH10 bH2 bH bHB bH bSTOP cCYA
+           bH bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n");
-       " path geometry " bSTG bH5 bH2 bVL "\n");
 
   if (unlikely(afl->custom_only)) {
 

src/afl-fuzz.c

@@ -1205,6 +1205,8 @@ int main(int argc, char **argv_orig, char **envp) {
 
   }
 
+  setenv("__AFL_OUT_DIR", afl->out_dir, 1);
+
   if (get_afl_env("AFL_DISABLE_TRIM")) { afl->disable_trim = 1; }
 
   if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI")) {