mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-13 02:28:09 +00:00
van Hauser
GitHub
@ -105,7 +105,8 @@ fairly broad use of environment variables instead:
|
|||||||
within your program at a certain point (such as at the end of an
|
within your program at a certain point (such as at the end of an
|
||||||
`__AFL_LOOP()`), you can run the macro `__AFL_LEAK_CHECK();` which will
|
`__AFL_LOOP()`), you can run the macro `__AFL_LEAK_CHECK();` which will
|
||||||
cause an abort if any memory is leaked (you can combine this with the
|
cause an abort if any memory is leaked (you can combine this with the
|
||||||
`LSAN_OPTIONS=...` suppression option to suppress some known leaks).
|
`__AFL_LSAN_OFF();` and `__AFL_LSAN_ON();` macros to avoid checking for
|
||||||
|
memory leaks from memory allocated between these two calls.
|
||||||
- `AFL_USE_MSAN=1` - activates the memory sanitizer (uninitialized memory)
|
- `AFL_USE_MSAN=1` - activates the memory sanitizer (uninitialized memory)
|
||||||
- `AFL_USE_TSAN=1` - activates the thread sanitizer to find thread race
|
- `AFL_USE_TSAN=1` - activates the thread sanitizer to find thread race
|
||||||
conditions
|
conditions
|
||||||
|
|||||||
@ -201,7 +201,10 @@ The following sanitizers have built-in support in AFL++:
|
|||||||
security issue, but for developers this can be very valuable. Note that unlike
|
security issue, but for developers this can be very valuable. Note that unlike
|
||||||
the other sanitizers above this needs `__AFL_LEAK_CHECK();` added to all areas
|
the other sanitizers above this needs `__AFL_LEAK_CHECK();` added to all areas
|
||||||
of the target source code where you find a leak check necessary! Enabled with
|
of the target source code where you find a leak check necessary! Enabled with
|
||||||
`export AFL_USE_LSAN=1` before compiling.
|
`export AFL_USE_LSAN=1` before compiling. To ignore the memory-leaking check
|
||||||
|
for certain allocations, `__AFL_LSAN_OFF();` can be used before memory is
|
||||||
|
allocated, and `__AFL_LSAN_OFF;` afterwards. Memory allocated between these
|
||||||
|
two macros will not be checked for memory leaks.
|
||||||
|
|
||||||
It is possible to further modify the behavior of the sanitizers at run-time by
|
It is possible to further modify the behavior of the sanitizers at run-time by
|
||||||
setting `ASAN_OPTIONS=...`, `LSAN_OPTIONS` etc. - the available parameters can
|
setting `ASAN_OPTIONS=...`, `LSAN_OPTIONS` etc. - the available parameters can
|
||||||
@ -890,4 +893,4 @@ covered.
|
|||||||
|
|
||||||
Note that there are also a lot of tools out there that help fuzzing with AFL++
|
Note that there are also a lot of tools out there that help fuzzing with AFL++
|
||||||
(some might be deprecated or unsupported), see
|
(some might be deprecated or unsupported), see
|
||||||
[third_party_tools.md](third_party_tools.md).
|
[third_party_tools.md](third_party_tools.md).
|
||||||
|
|||||||
@ -876,7 +876,10 @@ static void edit_params(u32 argc, char **argv, char **envp) {
|
|||||||
|
|
||||||
cc_params[cc_par_cnt++] = "-fsanitize=leak";
|
cc_params[cc_par_cnt++] = "-fsanitize=leak";
|
||||||
cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h";
|
cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h";
|
||||||
cc_params[cc_par_cnt++] = "-D__AFL_LEAK_CHECK()=__lsan_do_leak_check()";
|
cc_params[cc_par_cnt++] = "-D__AFL_LEAK_CHECK()={if(__lsan_do_recoverable_leak_check() > 0) _exit(23); }";
|
||||||
|
cc_params[cc_par_cnt++] = "-D__AFL_LSAN_OFF()=__lsan_disable();";
|
||||||
|
cc_params[cc_par_cnt++] = "-D__AFL_LSAN_ON()=__lsan_enable();";
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user