diff --git a/test-instr.c b/test-instr.c index 28552893..7ab342cf 100644 --- a/test-instr.c +++ b/test-instr.c @@ -49,7 +49,11 @@ int main(int argc, char **argv) { if ((cnt = read(fd, buf, sizeof(buf) - 1)) < 1) { printf("Hum?\n"); +#ifdef EXIT_AT_END + exit(1); +#else return 1; +#endif } @@ -76,6 +80,9 @@ int main(int argc, char **argv) { break; } +#ifdef EXIT_AT_END + exit(0); +#endif return 0; diff --git a/test/test-qemu-mode.sh b/test/test-qemu-mode.sh index 2ba81d02..00751ced 100755 --- a/test/test-qemu-mode.sh +++ b/test/test-qemu-mode.sh @@ -16,7 +16,8 @@ test -z "$AFL_CC" && { test -e ../afl-qemu-trace && { cc -pie -fPIE -o test-instr ../test-instr.c cc -o test-compcov test-compcov.c - test -e test-instr -a -e test-compcov && { + cc -pie -fPIE -o test-instr-exit-at-end -DEXIT_AT_END ../test-instr.c + test -e test-instr -a -e test-compcov -a -e test-instr-exit-at-end && { { mkdir -p in echo 00000 > in/in @@ -149,11 +150,63 @@ test -e ../afl-qemu-trace && { $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" CODE=1 } - rm -rf in out errors + rm -rf out errors } || { $ECHO "$YELLOW[-] not an intel or arm platform, cannot test persistent qemu_mode" } + test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { + $ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode with AFL_QEMU_PERSISTENT_EXITS, this will take approx 10 seconds" + { + IS_STATIC="" + file test-instr-exit-at-end | grep -q 'statically linked' && IS_STATIC=1 + test -z "$IS_STATIC" && { + if file test-instr-exit-at-end | grep -q "32-bit"; then + # for 32-bit reduce 8 nibbles to the lower 7 nibbles + ADDR_LOWER_PART=`nm test-instr-exit-at-end | grep "T main" | awk '{print $1}' | sed 's/^.//'` + else + # for 64-bit reduce 16 nibbles to the lower 9 nibbles + ADDR_LOWER_PART=`nm test-instr-exit-at-end | grep "T main" | awk '{print $1}' | sed 's/^.......//'` + fi + export AFL_QEMU_PERSISTENT_ADDR=`expr 0x4${ADDR_LOWER_PART}` + } + test -n "$IS_STATIC" && { + export AFL_QEMU_PERSISTENT_ADDR=0x`nm test-instr-exit-at-end | grep "T main" | awk '{print $1}'` + } + export AFL_QEMU_PERSISTENT_GPR=1 + $ECHO "Info: AFL_QEMU_PERSISTENT_ADDR=$AFL_QEMU_PERSISTENT_ADDR <= $(nm test-instr-exit-at-end | grep "T main" | awk '{print $1}')" + export AFL_QEMU_PERSISTENT_EXITS=1 + ../afl-fuzz -m ${MEM_LIMIT} -V07 -Q -i in -o out -- ./test-instr-exit-at-end + echo status "$?" + unset AFL_QEMU_PERSISTENT_ADDR + unset AFL_QEMU_PERSISTENT_GPR + unset AFL_QEMU_PERSISTENT_EXITS + } >>errors 2>&1 + test -n "$( ls out/default/queue/id:000000* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode and AFL_QEMU_PERSISTENT_EXITS" + RUNTIMEP_EXIT=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` + test -n "$RUNTIME" -a -n "$RUNTIMEP_EXIT" && { + DIFF=`expr $RUNTIMEP_EXIT / $RUNTIME` + test "$DIFF" -gt 1 && { # must be at least twice as fast + $ECHO "$GREEN[+] persistent qemu_mode with AFL_QEMU_PERSISTENT_EXITS was noticeable faster than standard qemu_mode" + } || { + $ECHO "$YELLOW[-] persistent qemu_mode with AFL_QEMU_PERSISTENT_EXITS was not noticeable faster than standard qemu_mode" + } + } || { + $ECHO "$YELLOW[-] we got no data on executions performed? weird!" + } + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode and AFL_QEMU_PERSISTENT_EXITS" + CODE=1 + } + rm -rf in out errors + } || { + $ECHO "$YELLOW[-] not an intel or arm platform, cannot test persistent qemu_mode with AFL_QEMU_PERSISTENT_EXITS" + } + test -e ../qemu_mode/unsigaction/unsigaction32.so && { ${AFL_CC} -o test-unsigaction32 -m32 test-unsigaction.c >> errors 2>&1 && { ./test-unsigaction32 @@ -212,7 +265,7 @@ test -e ../afl-qemu-trace && { CODE=1 } - rm -f test-instr test-compcov + rm -f test-instr test-compcov test-instr-exit-at-end } || { $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" INCOMPLETE=1