ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 04:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

merge cmplog

Browse Source
This commit is contained in:
van Hauser
2021-01-15 16:56:40 +01:00
parent fba8790e32
commit a0e884cf8b
13 changed files with 2092 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
include/afl-fuzz.h
View File

@ -145,12 +145,22 @@ extern s16 interesting_16[INTERESTING_8_LEN + INTERESTING_16_LEN];
extern s32
interesting_32[INTERESTING_8_LEN + INTERESTING_16_LEN + INTERESTING_32_LEN];
struct tainted {
u32 pos;
u32 len;
struct tainted *next;
struct tainted *prev;
};
struct queue_entry {
u8 *fname; /* File name for the test case */
u32 len; /* Input length */
u8 cal_failed; /* Calibration failed? */
u8 colorized, /* Do not run redqueen stage again */
cal_failed; /* Calibration failed? */
bool trim_done, /* Trimmed? */
was_fuzzed, /* historical, but needed for MOpt */
passed_det, /* Deterministic stages passed? */
@ -158,7 +168,6 @@ struct queue_entry {
var_behavior, /* Variable behavior? */
favored, /* Currently favored? */
fs_redundant, /* Marked as redundant in the fs? */
fully_colorized, /* Do not run redqueen stage again */
is_ascii, /* Is the input just ascii text? */
disabled; /* Is disabled from fuzz selection */
@ -183,7 +192,11 @@ struct queue_entry {
u8 *testcase_buf; /* The testcase buffer, if loaded. */
struct queue_entry *next; /* Next element, if any */
u8 * cmplog_colorinput; /* the result buf of colorization */
struct tainted *taint; /* Taint information from CmpLog */
struct queue_entry *mother, /* queue entry this based on */
*next; /* Next element, if any */
};
@ -636,6 +649,8 @@ typedef struct afl_state {
/* cmplog forkserver ids */
s32 cmplog_fsrv_ctl_fd, cmplog_fsrv_st_fd;
u32 cmplog_prev_timed_out;
u32 cmplog_max_filesize;
u32 cmplog_lvl;
struct afl_pass_stat *pass_stats;
struct cmp_map * orig_cmp_map;

17
include/cmplog.h
View File

@ -30,8 +30,10 @@
#include "config.h"
#define CMPLOG_LVL_MAX 3
#define CMP_MAP_W 65536
#define CMP_MAP_H 256
#define CMP_MAP_H 32
#define CMP_MAP_RTN_H (CMP_MAP_H / 4)
#define SHAPE_BYTES(x) (x + 1)
@ -41,13 +43,12 @@
struct cmp_header {
unsigned hits : 20;
unsigned cnt : 20;
unsigned id : 16;
unsigned shape : 5; // from 0 to 31
unsigned hits : 24;
unsigned id : 24;
unsigned shape : 5;
unsigned type : 1;
unsigned attribute : 4;
unsigned reserved : 6;
} __attribute__((packed));
@ -55,6 +56,8 @@ struct cmp_operands {
u64 v0;
u64 v1;
u64 v0_128;
u64 v1_128;
};

24
include/debug.h
View File

@ -295,8 +295,8 @@ static inline const char *colorfilter(const char *x) {
\
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \
"\n[-] PROGRAM ABORT : " cRST x); \
SAYF(cLRD "\n Location : " cRST "%s(), %s:%d\n\n", __func__, \
__FILE__, __LINE__); \
SAYF(cLRD "\n Location : " cRST "%s(), %s:%u\n\n", __func__, \
__FILE__, (u32)__LINE__); \
exit(1); \
\
} while (0)
@ -308,8 +308,8 @@ static inline const char *colorfilter(const char *x) {
\
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \
"\n[-] PROGRAM ABORT : " cRST x); \
SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%d\n\n", __func__, \
__FILE__, __LINE__); \
SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n\n", __func__, \
__FILE__, (u32)__LINE__); \
abort(); \
\
} while (0)
@ -322,8 +322,8 @@ static inline const char *colorfilter(const char *x) {
fflush(stdout); \
SAYF(bSTOP RESET_G1 CURSOR_SHOW cRST cLRD \
"\n[-] SYSTEM ERROR : " cRST x); \
SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%d\n", __func__, \
__FILE__, __LINE__); \
SAYF(cLRD "\n Stop location : " cRST "%s(), %s:%u\n", __func__, \
__FILE__, (u32)__LINE__); \
SAYF(cLRD " OS message : " cRST "%s\n", strerror(errno)); \
exit(1); \
\
@ -344,12 +344,12 @@ static inline const char *colorfilter(const char *x) {
/* Show a prefixed debug output. */
#define DEBUGF(x...) \
do { \
\
SAYF(cMGN "[D] " cBRI "DEBUG: " cRST x); \
SAYF(cRST ""); \
\
#define DEBUGF(x...) \
do { \
\
fprintf(stderr, cMGN "[D] " cBRI "DEBUG: " cRST x); \
fprintf(stderr, cRST ""); \
\
} while (0)
/* Error-checking versions of read() and write() that call RPFATAL() as

43
include/types.h
View File

@ -26,9 +26,11 @@
#include <stdint.h>
#include <stdlib.h>
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
typedef uint8_t u8;
typedef uint16_t u16;
typedef uint32_t u32;
typedef unsigned __int128 uint128_t;
typedef uint128_t u128;
/* Extended forkserver option values */
@ -57,10 +59,12 @@ typedef uint32_t u32;
typedef unsigned long long u64;
typedef int8_t s8;
typedef int16_t s16;
typedef int32_t s32;
typedef int64_t s64;
typedef int8_t s8;
typedef int16_t s16;
typedef int32_t s32;
typedef int64_t s64;
typedef __int128 int128_t;
typedef int128_t s128;
#ifndef MIN
#define MIN(a, b) \
@ -114,6 +118,31 @@ typedef int64_t s64;
\
})
// It is impossible to define 128 bit constants, so ...
#define SWAPN(_x, _l) \
({ \
\
u128 _res = (_x), _ret; \
char *d = (char *)&_ret, *s = (char *)&_res; \
int i; \
for (i = 0; i < 16; i++) \
d[15 - i] = s[i]; \
u32 sr = 128U - ((_l) << 3U); \
(_ret >>= sr); \
(u128) _ret; \
\
})
#define SWAPNN(_x, _y, _l) \
({ \
\
char *d = (char *)(_x), *s = (char *)(_y); \
u32 i, l = (_l)-1; \
for (i = 0; i <= l; i++) \
d[l - i] = s[i]; \
\
})
#ifdef AFL_LLVM_PASS
#if defined(__linux__) || !defined(__ANDROID__)
#define AFL_SR(s) (srandom(s))