ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-12 10:08:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #488 from AFLplusplus/dev

Browse Source 
Dev
This commit is contained in:
van Hauser
2020-08-04 13:30:08 +02:00
committed by GitHub
parent d5d8d664d0 e1d20706ca
commit b2aa8b03d9
7 changed files with 92 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
examples/afl_untracer/afl-untracer.c
View File

@ -437,6 +437,8 @@ inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) {
if (write(FORKSRV_FD + 1, &pid, 4) != 4) do_exit = 1; if (write(FORKSRV_FD + 1, &pid, 4) != 4) do_exit = 1;
// fprintf(stderr, "write1 %d\n", do_exit); // fprintf(stderr, "write1 %d\n", do_exit);
__afl_area_ptr[0] = 1; // put something in the map
return status; return status;
} }

BIN
examples/afl_untracer/libtestinstr.so Executable file
View File

Binary file not shown.

57
examples/afl_untracer/patches.txt
View File

@ -1,23 +1,34 @@
libtestinstr.so:0x2000L libtestinstr.so:0x1000
0x1050L 0x10
0x1063L 0x12
0x106fL 0x20
0x1078L 0x36
0x1080L 0x30
0x10a4L 0x40
0x10b0L 0x50
0x10b8L 0x63
0x10c0L 0x6f
0x10c9L 0x78
0x10d7L 0x80
0x10e3L 0xa4
0x10f8L 0xb0
0x1100L 0xb8
0x1105L 0x100
0x111aL 0xc0
0x1135L 0xc9
0x1143L 0xd7
0x114eL 0xe3
0x115cL 0xe8
0x116aL 0xf8
0x116bL 0x105
0x11a
0x135
0x141
0x143
0x14e
0x15a
0x15c
0x168
0x16a
0x16b
0x170

19
libtokencap/Makefile
View File

@ -28,23 +28,22 @@ UNAME_S =$(shell uname -s)# GNU make
UNAME_S:sh=uname -s # BSD make UNAME_S:sh=uname -s # BSD make
_UNIQ=_QINU_ _UNIQ=_QINU_
_OS_DL = $(_UNIQ)$(UNAME_S) _OS_DL = $(_UNIQ)$(UNAME_S)
__OS_DL = $(_OS_DL:$(_UNIQ)Linux=$(_UNIQ)) __OS_DL = $(_OS_DL:$(_UNIQ)Linux=$(_UNIQ))
___OS_DL = $(__OS_DL:$(_UNIQ)Darwin=$(_UNIQ)) ___OS_DL = $(__OS_DL:$(_UNIQ)Darwin=$(_UNIQ))
____OS_DL = $(___OS_DL:$(_UNIQ)DragonFly=$(_UNIQ)) ____OS_DL = $(___OS_DL:$(_UNIQ)$(UNAME_S)=)
_____OS_DL = $(____OS_DL:$(_UNIQ)$(UNAME_S)=) _____OS_DL = $(____OS_DL:$(_UNIQ)="-ldl")
______OS_DL = $(_____OS_DL:$(_UNIQ)="-ldl")
_OS_TARGET = $(____OS_DL:$(_UNIQ)FreeBSD=$(_UNIQ)) _OS_TARGET = $(___OS_DL:$(_UNIQ)FreeBSD=$(_UNIQ))
__OS_TARGET = $(_OS_TARGET:$(_UNIQ)OpenBSD=$(_UNIQ)) __OS_TARGET = $(_OS_TARGET:$(_UNIQ)OpenBSD=$(_UNIQ))
___OS_TARGET = $(__OS_TARGET:$(_UNIQ)NetBSD=$(_UNIQ)) ___OS_TARGET = $(__OS_TARGET:$(_UNIQ)NetBSD=$(_UNIQ))
____OS_TARGET = $(___OS_TARGET:$(_UNIQ)Haiku=$(_UNIQ)) ____OS_TARGET = $(___OS_TARGET:$(_UNIQ)Haiku=$(_UNIQ))
_____OS_TARGET = $(____OS_TARGET:$(_UNIQ)SunOS=$(_UNIQ)) _____OS_TARGET = $(____OS_TARGET:$(_UNIQ)SunOS=$(_UNIQ))
______OS_TARGET = $(____OS_TARGET:$(_UNIQ)$(UNAME_S)=) ______OS_TARGET = $(_____OS_TARGET:$(_UNIQ)$(UNAME_S)=)
TARGETS = $(_____OS_TARGET:$(_UNIQ)=libtokencap.so) TARGETS = $(______OS_TARGET:$(_UNIQ)=libtokencap.so)
LDFLAGS += $(______OS_DL) LDFLAGS += $(_____OS_DL)
#ifeq "$(shell uname)" "Linux" #ifeq "$(shell uname)" "Linux"
# TARGETS = libtokencap.so # TARGETS = libtokencap.so

16
llvm_mode/afl-clang-fast.c
View File

@ -255,12 +255,6 @@ static void edit_params(u32 argc, char **argv, char **envp) {
if (getenv("LAF_TRANSFORM_COMPARES") || if (getenv("LAF_TRANSFORM_COMPARES") ||
getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) { getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) {
if (!be_quiet && getenv("AFL_LLVM_LTO_AUTODICTIONARY") && lto_mode)
WARNF(
"using AFL_LLVM_LAF_TRANSFORM_COMPARES together with "
"AFL_LLVM_LTO_AUTODICTIONARY makes no sense. Use only "
"AFL_LLVM_LTO_AUTODICTIONARY.");
cc_params[cc_par_cnt++] = "-Xclang"; cc_params[cc_par_cnt++] = "-Xclang";
cc_params[cc_par_cnt++] = "-load"; cc_params[cc_par_cnt++] = "-load";
cc_params[cc_par_cnt++] = "-Xclang"; cc_params[cc_par_cnt++] = "-Xclang";
@ -311,6 +305,11 @@ static void edit_params(u32 argc, char **argv, char **envp) {
if (lto_mode) { if (lto_mode) {
if (cmplog_mode)
unsetenv("AFL_LLVM_LTO_AUTODICTIONARY");
else
setenv("AFL_LLVM_LTO_AUTODICTIONARY", "1", 1);
cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", AFL_REAL_LD); cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", AFL_REAL_LD);
cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition"; cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition";
/* /*
@ -398,6 +397,7 @@ static void edit_params(u32 argc, char **argv, char **envp) {
continue; continue;
if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue; if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue;
if (lto_mode && !strncmp(cur, "--ld-path=", 10)) continue;
cc_params[cc_par_cnt++] = cur; cc_params[cc_par_cnt++] = cur;
@ -472,9 +472,7 @@ static void edit_params(u32 argc, char **argv, char **envp) {
} }
if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") ||
getenv("LAF_TRANSFORM_COMPARES") || getenv("LAF_TRANSFORM_COMPARES") || lto_mode) {
(lto_mode && (getenv("AFL_LLVM_LTO_AUTODICTIONARY") ||
getenv("AFL_LLVM_AUTODICTIONARY")))) {
cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strcmp";
cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strncmp";

34
llvm_mode/afl-llvm-lto-instrumentation.so.cc
View File

@ -86,7 +86,7 @@ class AFLLTOPass : public ModulePass {
bool runOnModule(Module &M) override; bool runOnModule(Module &M) override;
protected: protected:
int afl_global_id = 1, autodictionary = 1; int afl_global_id = 1, autodictionary = 0;
uint32_t function_minimum_size = 1; uint32_t function_minimum_size = 1;
uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0;
uint64_t map_addr = 0x10000; uint64_t map_addr = 0x10000;
@ -105,6 +105,11 @@ bool AFLLTOPass::runOnModule(Module &M) {
char * ptr; char * ptr;
FILE * documentFile = NULL; FILE * documentFile = NULL;
srand((unsigned int)time(NULL));
unsigned long long int moduleID =
(((unsigned long long int)(rand() & 0xffffffff)) << 32) | getpid();
IntegerType *Int8Ty = IntegerType::getInt8Ty(C); IntegerType *Int8Ty = IntegerType::getInt8Ty(C);
IntegerType *Int32Ty = IntegerType::getInt32Ty(C); IntegerType *Int32Ty = IntegerType::getInt32Ty(C);
IntegerType *Int64Ty = IntegerType::getInt64Ty(C); IntegerType *Int64Ty = IntegerType::getInt64Ty(C);
@ -128,6 +133,8 @@ bool AFLLTOPass::runOnModule(Module &M) {
} }
if (getenv("AFL_LLVM_LTO_AUTODICTIONARY")) autodictionary = 1;
if (getenv("AFL_LLVM_MAP_DYNAMIC")) map_addr = 0; if (getenv("AFL_LLVM_MAP_DYNAMIC")) map_addr = 0;
if (getenv("AFL_LLVM_SKIPSINGLEBLOCK")) function_minimum_size = 2; if (getenv("AFL_LLVM_SKIPSINGLEBLOCK")) function_minimum_size = 2;
@ -189,13 +196,32 @@ bool AFLLTOPass::runOnModule(Module &M) {
ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); ConstantInt *Zero = ConstantInt::get(Int8Ty, 0);
ConstantInt *One = ConstantInt::get(Int8Ty, 1); ConstantInt *One = ConstantInt::get(Int8Ty, 1);
/* This dumps all inialized global strings - might be useful in the future
for (auto G=M.getGlobalList().begin(); G!=M.getGlobalList().end(); G++) {
GlobalVariable &GV=*G;
if (!GV.getName().str().empty()) {
fprintf(stderr, "Global Variable: %s", GV.getName().str().c_str());
if (GV.hasInitializer())
if (auto *Val = dyn_cast<ConstantDataArray>(GV.getInitializer()))
fprintf(stderr, " Value: \"%s\"", Val->getAsString().str().c_str());
fprintf(stderr, "\n");
}
}
*/
/* Instrument all the things! */ /* Instrument all the things! */
int inst_blocks = 0; int inst_blocks = 0;
for (auto &F : M) { for (auto &F : M) {
// fprintf(stderr, "DEBUG: Function %s\n", F.getName().str().c_str()); // fprintf(stderr, "DEBUG: Module %s Function %s\n",
// M.getName().str().c_str(), F.getName().str().c_str());
if (F.size() < function_minimum_size) continue; if (F.size() < function_minimum_size) continue;
if (isIgnoreFunction(&F)) continue; if (isIgnoreFunction(&F)) continue;
@ -603,8 +629,8 @@ bool AFLLTOPass::runOnModule(Module &M) {
if (documentFile) { if (documentFile) {
fprintf(documentFile, "%s %u\n", F.getName().str().c_str(), fprintf(documentFile, "ModuleID=%llu Function=%s edgeID=%u\n",
afl_global_id); moduleID, F.getName().str().c_str(), afl_global_id);
} }

12
src/afl-fuzz-init.c
View File

@ -490,9 +490,13 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
if (nl_cnt == 0) { if (nl_cnt == 0) {
if (first) if (first) {
WARNF("directory %s is currently empty", WARNF("directory %s is currently empty",
afl->foreign_syncs[iter].dir); afl->foreign_syncs[iter].dir);
}
continue; continue;
} }
@ -540,11 +544,15 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
if (st.st_size > MAX_FILE) { if (st.st_size > MAX_FILE) {
if (first) if (first) {
WARNF( WARNF(
"Test case '%s' is too big (%s, limit is %s), skipping", fn2, "Test case '%s' is too big (%s, limit is %s), skipping", fn2,
stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size),
stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE)); stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE));
}
ck_free(fn2); ck_free(fn2);
continue; continue;