ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

test.sh with -no-pie

Browse Source
This commit is contained in:
van Hauser
2020-03-21 21:10:38 +01:00
parent 6f78b67f03
commit c6db05c5ae
10 changed files with 32 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Makefile
View File

@ -151,6 +151,18 @@ ifdef STATIC
LDFLAGS += -lm -lpthread -lz -lutil
endif
ifdef ASAN_BUILD
$(info Compiling ASAN version of binaries)
CFLAGS+=-fsanitize=address
LDFLAGS+=-fsanitize=address
endif
ifdef PROFILING
$(info Compiling profiling version of binaries)
CFLAGS+=-pg
LDFLAGS+=-pg
endif
ifeq "$(shell echo '$(HASH)include <sys/ipc.h>@$(HASH)include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1"
SHMAT_OK=1
else
@ -165,11 +177,6 @@ ifeq "$(TEST_MMAP)" "1"
LDFLAGS+=-Wno-deprecated-declarations
endif
ifdef ASAN_BUILD
CFLAGS+=-fsanitize=address
LDFLAGS+=-fsanitize=address
endif
all: test_x86 test_shm test_python ready $(PROGS) afl-as test_build all_done
man: $(MANPAGES)
@ -208,6 +215,7 @@ help:
@echo "=========================================="
@echo STATIC - compile AFL++ static
@echo ASAN_BUILD - compiles with memory sanitizer for debug purposes
@echo PROFILING - compile afl-fuzz with profiling information
@echo AFL_NO_X86 - if compiling on non-intel/amd platforms
@echo "=========================================="
@echo e.g.: make ASAN_BUILD=1

1
README.md
View File

@ -174,6 +174,7 @@ These build options exist:
* STATIC - compile AFL++ static
* ASAN_BUILD - compiles with memory sanitizer for debug purposes
* PROFILING - compile with profiling information (gprof)
* AFL_NO_X86 - if compiling on non-intel/amd platforms
* LLVM_CONFIG - if your distro doesn't use the standard name for llvm-config (e.g. Debian)

3
include/afl-fuzz.h
View File

@ -118,6 +118,9 @@ extern s16 interesting_16[INTERESTING_8_LEN + INTERESTING_16_LEN];
extern s32
interesting_32[INTERESTING_8_LEN + INTERESTING_16_LEN + INTERESTING_32_LEN];
extern u32 bmcnt, initcnt, one1cnt, one2cnt, runcnt;
struct queue_entry {
u8 *fname; /* File name for the test case */

1
src/afl-fuzz-bitmap.c
View File

@ -578,6 +578,7 @@ u8 save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
/* Try to calibrate inline; this also calls update_bitmap_score() when
successful. */
bmcnt++;
res = calibrate_case(afl, afl->queue_top, mem, afl->queue_cycle - 1, 0);
if (res == FAULT_ERROR) FATAL("Unable to execute target application");

2
src/afl-fuzz-globals.c
View File

@ -38,6 +38,8 @@ u8 *doc_path = NULL; /* gath to documentation dir */
/* Initialize MOpt "globals" for this afl state */
u32 bmcnt, initcnt, one1cnt, one2cnt, runcnt;
static void init_mopt_globals(afl_state_t *afl) {
MOpt_globals_t *core = &afl->mopt_globals_core;

1
src/afl-fuzz-init.c
View File

@ -473,6 +473,7 @@ void perform_dry_run(afl_state_t *afl) {
close(fd);
initcnt++;
res = calibrate_case(afl, q, use_mem, 0, 1);
ck_free(use_mem);

2
src/afl-fuzz-one.c
View File

@ -442,6 +442,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
if (afl->queue_cur->cal_failed < CAL_CHANCES) {
one1cnt++;
res =
calibrate_case(afl, afl->queue_cur, in_buf, afl->queue_cycle - 1, 0);
@ -2460,6 +2461,7 @@ u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
if (afl->queue_cur->cal_failed < CAL_CHANCES) {
one2cnt++;
res =
calibrate_case(afl, afl->queue_cur, in_buf, afl->queue_cycle - 1, 0);

2
src/afl-fuzz-run.c
View File

@ -303,6 +303,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
trying to calibrate already-added finds. This helps avoid trouble due
to intermittent latency. */
runcnt++;
if (!from_queue || afl->resuming_fuzz)
use_tmout = MAX(afl->fsrv.exec_tmout + CAL_TMOUT_ADD,
afl->fsrv.exec_tmout * CAL_TMOUT_PERC / 100);

2
src/afl-fuzz.c
View File

@ -1196,6 +1196,8 @@ stop_fuzzing:
OKF("We're done here. Have a nice day!\n");
printf("%u %u %u %u %u\n", bmcnt, initcnt, one1cnt, one2cnt, runcnt);
exit(0);
}

10
test/test.sh
View File

@ -653,7 +653,7 @@ test -e ../libradamsa.so && {
$ECHO "$BLUE[*] Testing: qemu_mode"
test -e ../afl-qemu-trace && {
gcc -pie -fPIE -o test-instr ../test-instr.c
gcc -no-pie -fPIE -o test-instr ../test-instr.c
gcc -o test-compcov test-compcov.c
test -e test-instr -a -e test-compcov && {
{
@ -678,8 +678,8 @@ test -e ../afl-qemu-trace && {
$ECHO "$GREY[*] running afl-fuzz for qemu_mode AFL_ENTRYPOINT, this will take approx 6 seconds"
{
{
export AFL_ENTRYPOINT=`expr 0x4$(nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//')`
$ECHO AFL_ENTRYPOINT=$AFL_ENTRYPOINT - $(m test-instr | grep "T main") - $(file ./test-instr)
export AFL_ENTRYPOINT=`expr 0x4$(nm test-instr | grep "T main" | awk '{print $1}' )`
#$ECHO AFL_ENTRYPOINT=$AFL_ENTRYPOINT - $(nm test-instr | grep "T main") - $(file ./test-instr)
../afl-fuzz -m ${MEM_LIMIT} -V2 -Q -i in -o out -- ./test-instr
unset AFL_ENTRYPOINT
} >>errors 2>&1
@ -727,9 +727,9 @@ test -e ../afl-qemu-trace && {
test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && {
$ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds"
{
export AFL_QEMU_PERSISTENT_ADDR=`expr 0x4$(nm test-instr | grep "T main" | awk '{print $1}' | sed 's/^.......//')`
export AFL_QEMU_PERSISTENT_ADDR=`expr 0x4$(nm test-instr | grep "T main" | awk '{print $1}' )`
export AFL_QEMU_PERSISTENT_GPR=1
$ECHO "Info: AFL_QEMU_PERSISTENT_ADDR=$AFL_QEMU_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')"
#$ECHO "Info: AFL_QEMU_PERSISTENT_ADDR=$AFL_QEMU_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')"
file test-instr
../afl-fuzz -m ${MEM_LIMIT} -V10 -Q -i in -o out -- ./test-instr
unset AFL_QEMU_PERSISTENT_ADDR