mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 02:58:08 +00:00
code format
This commit is contained in:
Dominik Maier
@ -175,7 +175,7 @@ static void __afl_start_forkserver(void) {
|
|||||||
|
|
||||||
static u32 __afl_next_testcase(u8 *buf, u32 max_len) {
|
static u32 __afl_next_testcase(u8 *buf, u32 max_len) {
|
||||||
|
|
||||||
s32 status, res = 0x0fffffff; // res is a dummy pid
|
s32 status, res = 0x0fffffff; // res is a dummy pid
|
||||||
|
|
||||||
/* Wait for parent by reading from the pipe. Abort if read fails. */
|
/* Wait for parent by reading from the pipe. Abort if read fails. */
|
||||||
if (read(FORKSRV_FD, &status, 4) != 4) return 0;
|
if (read(FORKSRV_FD, &status, 4) != 4) return 0;
|
||||||
@ -305,3 +305,4 @@ int main(int argc, char *argv[]) {
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -155,9 +155,11 @@ void read_library_information() {
|
|||||||
liblist[liblist_cnt].addr_start = strtoull(b, NULL, 16);
|
liblist[liblist_cnt].addr_start = strtoull(b, NULL, 16);
|
||||||
liblist[liblist_cnt].addr_end = strtoull(m, NULL, 16);
|
liblist[liblist_cnt].addr_end = strtoull(m, NULL, 16);
|
||||||
if (debug)
|
if (debug)
|
||||||
fprintf(stderr, "%s:%x (%lx-%lx)\n", liblist[liblist_cnt].name,
|
fprintf(
|
||||||
liblist[liblist_cnt].addr_end - liblist[liblist_cnt].addr_start,
|
stderr, "%s:%x (%lx-%lx)\n", liblist[liblist_cnt].name,
|
||||||
liblist[liblist_cnt].addr_start, liblist[liblist_cnt].addr_end - 1);
|
liblist[liblist_cnt].addr_end - liblist[liblist_cnt].addr_start,
|
||||||
|
liblist[liblist_cnt].addr_start,
|
||||||
|
liblist[liblist_cnt].addr_end - 1);
|
||||||
liblist_cnt++;
|
liblist_cnt++;
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -170,25 +172,17 @@ void read_library_information() {
|
|||||||
|
|
||||||
#elif defined(__FreeBSD__)
|
#elif defined(__FreeBSD__)
|
||||||
int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, getpid()};
|
int mib[] = {CTL_KERN, KERN_PROC, KERN_PROC_VMMAP, getpid()};
|
||||||
char *buf, *start, *end;
|
char * buf, *start, *end;
|
||||||
size_t miblen = sizeof(mib) / sizeof(mib[0]);
|
size_t miblen = sizeof(mib) / sizeof(mib[0]);
|
||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
if (debug) fprintf(stderr, "Library list:\n");
|
if (debug) fprintf(stderr, "Library list:\n");
|
||||||
if (sysctl(mib, miblen, NULL, &len, NULL, 0) == -1) {
|
if (sysctl(mib, miblen, NULL, &len, NULL, 0) == -1) { return; }
|
||||||
|
|
||||||
return;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
len = len * 4 / 3;
|
len = len * 4 / 3;
|
||||||
|
|
||||||
buf = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
|
buf = mmap(NULL, len, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANON, -1, 0);
|
||||||
if (buf == MAP_FAILED) {
|
if (buf == MAP_FAILED) { return; }
|
||||||
|
|
||||||
return;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if (sysctl(mib, miblen, buf, &len, NULL, 0) == -1) {
|
if (sysctl(mib, miblen, buf, &len, NULL, 0) == -1) {
|
||||||
|
|
||||||
@ -205,31 +199,33 @@ void read_library_information() {
|
|||||||
struct kinfo_vmentry *region = (struct kinfo_vmentry *)start;
|
struct kinfo_vmentry *region = (struct kinfo_vmentry *)start;
|
||||||
size_t size = region->kve_structsize;
|
size_t size = region->kve_structsize;
|
||||||
|
|
||||||
if (size == 0) {
|
if (size == 0) { break; }
|
||||||
|
|
||||||
break;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((region->kve_protection & KVME_PROT_READ) &&
|
if ((region->kve_protection & KVME_PROT_READ) &&
|
||||||
!(region->kve_protection & KVME_PROT_EXEC)) {
|
!(region->kve_protection & KVME_PROT_EXEC)) {
|
||||||
|
|
||||||
liblist[liblist_cnt].name = region->kve_path[0] != '\0' ? strdup(region->kve_path) : 0;
|
liblist[liblist_cnt].name =
|
||||||
liblist[liblist_cnt].addr_start = region->kve_start;
|
region->kve_path[0] != '\0' ? strdup(region->kve_path) : 0;
|
||||||
liblist[liblist_cnt].addr_end = region->kve_end;
|
liblist[liblist_cnt].addr_start = region->kve_start;
|
||||||
|
liblist[liblist_cnt].addr_end = region->kve_end;
|
||||||
|
|
||||||
if (debug) {
|
if (debug) {
|
||||||
fprintf(stderr, "%s:%x (%lx-%lx)\n", liblist[liblist_cnt].name,
|
|
||||||
liblist[liblist_cnt].addr_end - liblist[liblist_cnt].addr_start,
|
fprintf(stderr, "%s:%x (%lx-%lx)\n", liblist[liblist_cnt].name,
|
||||||
liblist[liblist_cnt].addr_start, liblist[liblist_cnt].addr_end - 1);
|
liblist[liblist_cnt].addr_end - liblist[liblist_cnt].addr_start,
|
||||||
}
|
liblist[liblist_cnt].addr_start,
|
||||||
|
liblist[liblist_cnt].addr_end - 1);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
liblist_cnt++;
|
||||||
|
|
||||||
liblist_cnt++;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
start += size;
|
start += size;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -532,7 +528,7 @@ void setup_trap_instrumentation() {
|
|||||||
uint32_t *shadow = SHADOW(lib_addr + offset);
|
uint32_t *shadow = SHADOW(lib_addr + offset);
|
||||||
if (*shadow != 0) FATAL("Duplicate patch entry: 0x%lx", offset);
|
if (*shadow != 0) FATAL("Duplicate patch entry: 0x%lx", offset);
|
||||||
|
|
||||||
// Make lookup entry in shadow memory.
|
// Make lookup entry in shadow memory.
|
||||||
#if ((defined(__APPLE__) && defined(__LP64__)) || defined(__x86_64__))
|
#if ((defined(__APPLE__) && defined(__LP64__)) || defined(__x86_64__))
|
||||||
// this is for Intel x64
|
// this is for Intel x64
|
||||||
|
|
||||||
@ -546,14 +542,14 @@ void setup_trap_instrumentation() {
|
|||||||
bitmap_index, *shadow);
|
bitmap_index, *shadow);
|
||||||
|
|
||||||
#else
|
#else
|
||||||
// this will be ARM and AARCH64
|
// this will be ARM and AARCH64
|
||||||
// for ARM we will need to identify if the code is in thumb or ARM
|
// for ARM we will need to identify if the code is in thumb or ARM
|
||||||
#error "non x86_64 not supported yet"
|
#error "non x86_64 not supported yet"
|
||||||
//__arm__:
|
//__arm__:
|
||||||
// linux thumb: 0xde01
|
// linux thumb: 0xde01
|
||||||
// linux arm: 0xe7f001f0
|
// linux arm: 0xe7f001f0
|
||||||
//__aarch64__:
|
//__aarch64__:
|
||||||
// linux aarch64: 0xd4200000
|
// linux aarch64: 0xd4200000
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
bitmap_index++;
|
bitmap_index++;
|
||||||
@ -596,7 +592,8 @@ static void sigtrap_handler(int signum, siginfo_t *si, void *context) {
|
|||||||
#error "Unsupported platform"
|
#error "Unsupported platform"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
//fprintf(stderr, "TRAP at context addr = %lx, fault addr = %lx\n", addr, si->si_addr);
|
// fprintf(stderr, "TRAP at context addr = %lx, fault addr = %lx\n", addr,
|
||||||
|
// si->si_addr);
|
||||||
|
|
||||||
// If the trap didn't come from our instrumentation, then we probably will
|
// If the trap didn't come from our instrumentation, then we probably will
|
||||||
// just segfault here
|
// just segfault here
|
||||||
@ -605,12 +602,13 @@ static void sigtrap_handler(int signum, siginfo_t *si, void *context) {
|
|||||||
faultaddr = (u8 *)si->si_addr - 1;
|
faultaddr = (u8 *)si->si_addr - 1;
|
||||||
else
|
else
|
||||||
faultaddr = (u8 *)addr;
|
faultaddr = (u8 *)addr;
|
||||||
//if (debug) fprintf(stderr, "Shadow location: %p\n", SHADOW(faultaddr));
|
// if (debug) fprintf(stderr, "Shadow location: %p\n", SHADOW(faultaddr));
|
||||||
uint32_t shadow = *SHADOW(faultaddr);
|
uint32_t shadow = *SHADOW(faultaddr);
|
||||||
uint8_t orig_byte = shadow & 0xff;
|
uint8_t orig_byte = shadow & 0xff;
|
||||||
uint32_t index = shadow >> 8;
|
uint32_t index = shadow >> 8;
|
||||||
|
|
||||||
//if (debug) fprintf(stderr, "shadow data: %x, orig_byte %02x, index %d\n", shadow, orig_byte, index);
|
// if (debug) fprintf(stderr, "shadow data: %x, orig_byte %02x, index %d\n",
|
||||||
|
// shadow, orig_byte, index);
|
||||||
|
|
||||||
// Index zero is invalid so that it is still possible to catch actual trap
|
// Index zero is invalid so that it is still possible to catch actual trap
|
||||||
// instructions in instrumented libraries.
|
// instructions in instrumented libraries.
|
||||||
@ -672,7 +670,6 @@ int main(int argc, char *argv[]) {
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
|
||||||
pid = getpid();
|
pid = getpid();
|
||||||
while ((len = __afl_next_testcase(buf, sizeof(buf))) > 0) {
|
while ((len = __afl_next_testcase(buf, sizeof(buf))) > 0) {
|
||||||
|
|
||||||
@ -709,3 +706,4 @@ static void fuzz() {
|
|||||||
// END STEP 3
|
// END STEP 3
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,7 @@
|
|||||||
|
|
||||||
void testinstr(char *buf, int len) {
|
void testinstr(char *buf, int len) {
|
||||||
|
|
||||||
if (len < 1)
|
if (len < 1) return;
|
||||||
return;
|
|
||||||
buf[len] = 0;
|
buf[len] = 0;
|
||||||
|
|
||||||
// we support three input cases
|
// we support three input cases
|
||||||
@ -33,3 +32,4 @@ void testinstr(char *buf, int len) {
|
|||||||
printf("Neither one or zero? How quaint!\n");
|
printf("Neither one or zero? How quaint!\n");
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -819,7 +819,8 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
|
|||||||
|
|
||||||
if (fsrv->child_pid <= 0) { FATAL("Fork server is misbehaving (OOM?)"); }
|
if (fsrv->child_pid <= 0) { FATAL("Fork server is misbehaving (OOM?)"); }
|
||||||
|
|
||||||
exec_ms = read_timed(fsrv->fsrv_st_fd, &fsrv->child_status, 4, timeout, stop_soon_p);
|
exec_ms = read_timed(fsrv->fsrv_st_fd, &fsrv->child_status, 4, timeout,
|
||||||
|
stop_soon_p);
|
||||||
|
|
||||||
if (exec_ms > timeout) {
|
if (exec_ms > timeout) {
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user