Merge branch 'dev' of https://github.com/AFLplusplus/AFLplusplus into dev

2025-06-13 02:28:09 +00:00 · 2020-04-17 13:30:12 +02:00
parent 87d27b8616 f22d8120ef
commit a6d4f04019
41 changed files with 610 additions and 529 deletions
--- a/src/afl-common.c
+++ b/src/afl-common.c
@ -37,6 +37,10 @@
 #include <unistd.h>
 #endif
 #include <limits.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <fcntl.h>

 u8  be_quiet = 0;
 u8 *doc_path = "";
@ -68,7 +72,7 @@ char *afl_environment_variables[] = {
    "AFL_LLVM_LTO_DONTWRITEID", "AFL_NO_ARITH", "AFL_NO_BUILTIN",
    "AFL_NO_CPU_RED", "AFL_NO_FORKSRV", "AFL_NO_UI", "AFL_NO_PYTHON",
    "AFL_NO_X86",  // not really an env but we dont want to warn on it
-    "AFL_PATH", "AFL_PERFORMANCE_FILE",
+    "AFL_MAP_SIZE", "AFL_MAPSIZE", "AFL_PATH", "AFL_PERFORMANCE_FILE",
    //"AFL_PERSISTENT", // not implemented anymore, so warn additionally
    "AFL_POST_LIBRARY", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV",
    "AFL_QEMU_COMPCOV_DEBUG", "AFL_QEMU_DEBUG_MAPS", "AFL_QEMU_DISABLE_CACHE",
@ -218,10 +222,12 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {

    }

-  } else
+  } else {

    ck_free(own_copy);

+  }
+
  if (!access(BIN_PATH "/afl-qemu-trace", X_OK)) {

    if (cp) ck_free(cp);
@ -353,6 +359,79 @@ char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {

 }

+/* Find binary, used by analyze, showmap, tmin
+   @returns the path, allocating the string */
+
+u8 *find_binary(u8 *fname) {
+
+  // TODO: Merge this function with check_binary of afl-fuzz-init.c
+
+  u8 *env_path = NULL;
+  u8 *target_path = NULL;
+
+  struct stat st;
+
+  if (strchr(fname, '/') || !(env_path = getenv("PATH"))) {
+
+    target_path = ck_strdup(fname);
+
+    if (stat(target_path, &st) || !S_ISREG(st.st_mode) ||
+        !(st.st_mode & 0111) || st.st_size < 4) {
+
+      free(target_path);
+      FATAL("Program '%s' not found or not executable", fname);
+
+    }
+
+  } else {
+
+    while (env_path) {
+
+      u8 *cur_elem, *delim = strchr(env_path, ':');
+
+      if (delim) {
+
+        cur_elem = ck_alloc(delim - env_path + 1);
+        memcpy(cur_elem, env_path, delim - env_path);
+        delim++;
+
+      } else {
+
+        cur_elem = ck_strdup(env_path);
+
+      }
+
+      env_path = delim;
+
+      if (cur_elem[0]) {
+
+        target_path = alloc_printf("%s/%s", cur_elem, fname);
+
+      } else {
+
+        target_path = ck_strdup(fname);
+
+      }
+
+      ck_free(cur_elem);
+
+      if (!stat(target_path, &st) && S_ISREG(st.st_mode) &&
+          (st.st_mode & 0111) && st.st_size >= 4)
+        break;
+
+      ck_free(target_path);
+      target_path = NULL;
+
+    }
+
+    if (!target_path) FATAL("Program '%s' not found or not executable", fname);
+
+  }
+
+  return target_path;
+
+}
+
 void check_environment_vars(char **envp) {

  if (be_quiet) return;
@ -414,6 +493,20 @@ char *get_afl_env(char *env) {

 }

+/* Read mask bitmap from file. This is for the -B option. */
+
+void read_bitmap(u8 *fname, u8 *map, size_t len) {
+
+  s32 fd = open(fname, O_RDONLY);
+
+  if (fd < 0) PFATAL("Unable to open '%s'", fname);
+
+  ck_read(fd, map, len, fname);
+
+  close(fd);
+
+}
+
 u64 get_cur_time(void) {

  struct timeval  tv;
@ -805,3 +898,21 @@ u32 read_timed(s32 fd, void *buf, size_t len, u32 timeout_ms,

 }

+u32 get_map_size() {
+
+  uint32_t map_size = MAP_SIZE;
+  char *   ptr;
+
+  if ((ptr = getenv("AFL_MAP_SIZE")) || (ptr = getenv("AFL_MAPSIZE"))) {
+
+    map_size = atoi(ptr);
+    if (map_size < 8 || map_size > (1 << 29))
+      FATAL("illegal AFL_MAP_SIZE %u, must be between 2^3 and 2^30", map_size);
+    if (map_size % 8) map_size = (((map_size >> 3) + 1) << 3);
+
+  }
+
+  return map_size;
+
+}
+