ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-09 08:41:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed resize; removed more statics

Browse Source
This commit is contained in:
Dominik Maier 2020-03-19 21:32:08 +01:00
parent b6fa63abdf
commit b22e890ec2
6 changed files with 16 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/afl-analyze.c
View File

@ -207,15 +207,6 @@ static s32 write_to_file(u8 *path, u8 *mem, u32 len) {
}
/* Handle timeout signal. */
static void handle_timeout(int sig) {
child_timed_out = 1;
if (child_pid > 0) kill(child_pid, SIGKILL);
}
/* Execute target application. Returns exec checksum, or 0 if program
times out. */
@ -770,11 +761,6 @@ static void setup_signal_handlers(void) {
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
/* Exec timeout notifications. */
sa.sa_handler = handle_timeout;
sigaction(SIGALRM, &sa, NULL);
}
/* Display usage hints. */

46
src/afl-forkserver.c
View File

@ -51,18 +51,17 @@
extern u8 *doc_path;
u8 *forkserver_DMS(u64 val) {
static void forkserver_stringify_int(u8 *buf, size_t len, u64 val) {
static u8 tmp[12][16];
static u8 cur;
u8 cur = 0;
#define CHK_FORMAT(_divisor, _limit_mult, _fmt, _cast) \
do { \
\
if (val < (_divisor) * (_limit_mult)) { \
\
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
return tmp[cur]; \
snprintf(buf, len, _fmt, ((_cast)val) / (_divisor));\
return; \
\
} \
\
@ -106,36 +105,13 @@ u8 *forkserver_DMS(u64 val) {
#undef CHK_FORMAT
/* 100T+ */
strcpy(tmp[cur], "infty");
return tmp[cur];
strncpy(buf, "infty", len - 1);
buf[len - 1] = '\0';
}
list_t fsrv_list = {.element_prealloc_count = 0};
/* the timeout handler */
void handle_timeout(int sig) {
LIST_FOREACH(&fsrv_list, afl_forkserver_t, {
// TODO: We need a proper timer to handle multiple timeouts
if (el->child_pid > 0) {
el->child_timed_out = 1;
kill(el->child_pid, SIGKILL);
} else if (el->child_pid == -1 && el->fsrv_pid > 0) {
el->child_timed_out = 1;
kill(el->fsrv_pid, SIGKILL);
}
});
}
/* Initializes the struct */
void afl_fsrv_init(afl_forkserver_t *fsrv) {
@ -477,6 +453,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
} else {
u8 mem_limit_buf[16];
forkserver_stringify_int(mem_limit_buf, sizeof(mem_limit_buf), fsrv->mem_limit << 20);
SAYF("\n" cLRD "[-] " cRST
"Whoops, the target binary crashed suddenly, "
"before receiving any input\n"
@ -509,7 +488,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
"options\n"
" fail, poke <afl-users@googlegroups.com> for troubleshooting "
"tips.\n",
forkserver_DMS(fsrv->mem_limit << 20), fsrv->mem_limit - 1);
mem_limit_buf, fsrv->mem_limit - 1);
}
@ -544,6 +523,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
} else {
u8 mem_limit_buf[16];
forkserver_stringify_int(mem_limit_buf, sizeof(mem_limit_buf), fsrv->mem_limit << 20);
SAYF(
"\n" cLRD "[-] " cRST
"Hmm, looks like the target binary terminated "
@ -575,7 +557,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
"never\n"
" reached before the program terminates.\n\n"
: "",
forkserver_DMS(fsrv->mem_limit << 20), fsrv->mem_limit - 1);
mem_limit_buf, fsrv->mem_limit - 1);
}

7
src/afl-fuzz-init.c
View File

@ -1787,7 +1787,7 @@ void fix_up_sync(afl_state_t *afl) {
static void handle_resize(int sig) {
LIST_FOREACH(&afl_states, afl_state_t, { el->clear_screen; });
LIST_FOREACH(&afl_states, afl_state_t, { el->clear_screen = 1; });
}
@ -2125,11 +2125,6 @@ void setup_signal_handlers(void) {
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
/* Exec timeout notifications. */
sa.sa_handler = handle_timeout;
sigaction(SIGALRM, &sa, NULL);
/* Window resize */
sa.sa_handler = handle_resize;

2
src/afl-gotcpu.c
View File

@ -90,7 +90,7 @@ static u64 get_cpu_usage_us(void) {
static u32 measure_preemption(u32 target_ms) {
static volatile u32 v1, v2;
volatile u32 v1, v2;
u64 st_t, en_t, st_c, en_c, real_delta, slice_delta;
s32 loop_repeats = 0;

5
src/afl-showmap.c
View File

@ -578,11 +578,6 @@ static void setup_signal_handlers(void) {
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
/* Exec timeout notifications. */
sa.sa_handler = handle_timeout;
sigaction(SIGALRM, &sa, NULL);
}
/* Show banner. */

150
src/afl-tmin.c
View File

@ -247,151 +247,6 @@ static void write_to_testcase(afl_forkserver_t *fsrv, void *mem, u32 len) {
}
/* Handle timeout signal. */
/*
static void handle_timeout(int sig) {
if (child_pid > 0) {
child_timed_out = 1;
kill(child_pid, SIGKILL);
} else if (child_pid == -1 && forksrv_pid > 0) {
child_timed_out = 1;
kill(forksrv_pid, SIGKILL);
}
}
*/
/* start the app and it's forkserver */
/*
static void init_forkserver(char **argv) {
static struct itimerval it;
int st_pipe[2], ctl_pipe[2];
int status = 0;
s32 rlen;
ACTF("Spinning up the fork server...");
if (pipe(st_pipe) || pipe(ctl_pipe)) PFATAL("pipe() failed");
forksrv_pid = fork();
if (forksrv_pid < 0) PFATAL("fork() failed");
if (!forksrv_pid) {
struct rlimit r;
if (dup2(use_stdin ? out_fd : dev_null_fd, 0) < 0 ||
dup2(dev_null_fd, 1) < 0 ||
dup2(dev_null_fd, 2) < 0) {
*(u32*)trace_bits = EXEC_FAIL_SIG;
PFATAL("dup2() failed");
}
close(dev_null_fd);
close(out_fd);
setsid();
if (mem_limit) {
r.rlim_max = r.rlim_cur = ((rlim_t)mem_limit) << 20;
#ifdef RLIMIT_AS
setrlimit(RLIMIT_AS, &r); // Ignore errors
#else
setrlimit(RLIMIT_DATA, &r); // Ignore errors
#endif // ^RLIMIT_AS
}
r.rlim_max = r.rlim_cur = 0;
setrlimit(RLIMIT_CORE, &r); // Ignore errors
// Set up control and status pipes, close the unneeded original fds.
if (dup2(ctl_pipe[0], FORKSRV_FD) < 0) PFATAL("dup2() failed");
if (dup2(st_pipe[1], FORKSRV_FD + 1) < 0) PFATAL("dup2() failed");
close(ctl_pipe[0]);
close(ctl_pipe[1]);
close(st_pipe[0]);
close(st_pipe[1]);
execv(fsrv->target_path, argv);
*(u32*)trace_bits = EXEC_FAIL_SIG;
exit(0);
}
// Close the unneeded endpoints.
close(ctl_pipe[0]);
close(st_pipe[1]);
fsrv_ctl_fd = ctl_pipe[1];
fsrv_st_fd = st_pipe[0];
// Configure timeout, wait for child, cancel timeout.
if (exec_tmout) {
child_timed_out = 0;
it.it_value.tv_sec = (exec_tmout * FORK_WAIT_MULT / 1000);
it.it_value.tv_usec = ((exec_tmout * FORK_WAIT_MULT) % 1000) * 1000;
}
setitimer(ITIMER_REAL, &it, NULL);
rlen = read(fsrv_st_fd, &status, 4);
it.it_value.tv_sec = 0;
it.it_value.tv_usec = 0;
setitimer(ITIMER_REAL, &it, NULL);
// If we have a four-byte "hello" message from the server, we're all set.
// Otherwise, try to figure out what went wrong.
if (rlen == 4) {
ACTF("All right - fork server is up.");
return;
}
if (waitpid(forksrv_pid, &status, 0) <= 0)
PFATAL("waitpid() failed");
u8 child_crashed;
if (WIFSIGNALED(status))
child_crashed = 1;
if (child_timed_out)
SAYF(cLRD "\n+++ Program timed off +++\n" cRST);
else if (stop_soon)
SAYF(cLRD "\n+++ Program aborted by user +++\n" cRST);
else if (child_crashed)
SAYF(cLRD "\n+++ Program killed by signal %u +++\n" cRST, WTERMSIG(status));
}
*/
/* Execute target application. Returns 0 if the changes are a dud, or
1 if they should be kept. */
@ -961,11 +816,6 @@ static void setup_signal_handlers(void) {
sigaction(SIGINT, &sa, NULL);
sigaction(SIGTERM, &sa, NULL);
/* Exec timeout notifications. */
sa.sa_handler = handle_timeout;
sigaction(SIGALRM, &sa, NULL);
}
/* Display usage hints. */