mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-17 04:18:06 +00:00
ensure all fuzz targets are killed on exit
This commit is contained in:
vanhauser-thc
@ -33,6 +33,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
|
|||||||
(it is better!)
|
(it is better!)
|
||||||
- fix a regression introduced in 3.10 that resulted in less
|
- fix a regression introduced in 3.10 that resulted in less
|
||||||
coverage being detected. thanks to Collin May for reporting!
|
coverage being detected. thanks to Collin May for reporting!
|
||||||
|
- ensure all spawned targets are killed on exit
|
||||||
- added AFL_IGNORE_PROBLEMS, plus checks to identify and abort on
|
- added AFL_IGNORE_PROBLEMS, plus checks to identify and abort on
|
||||||
incorrect LTO usage setups and enhanced the READMEs for better
|
incorrect LTO usage setups and enhanced the READMEs for better
|
||||||
information on how to deal with instrumenting libraries
|
information on how to deal with instrumenting libraries
|
||||||
|
|||||||
@ -46,15 +46,31 @@ extern u64 time_spent_working;
|
|||||||
|
|
||||||
static void at_exit() {
|
static void at_exit() {
|
||||||
|
|
||||||
s32 i, pid1 = 0, pid2 = 0;
|
s32 i, pid1 = 0, pid2 = 0, pgrp = -1;
|
||||||
char *list[4] = {SHM_ENV_VAR, SHM_FUZZ_ENV_VAR, CMPLOG_SHM_ENV_VAR, NULL};
|
char *list[4] = {SHM_ENV_VAR, SHM_FUZZ_ENV_VAR, CMPLOG_SHM_ENV_VAR, NULL};
|
||||||
char *ptr;
|
char *ptr;
|
||||||
|
|
||||||
ptr = getenv("__AFL_TARGET_PID2");
|
ptr = getenv("__AFL_TARGET_PID2");
|
||||||
if (ptr && *ptr && (pid2 = atoi(ptr)) > 0) kill(pid2, SIGTERM);
|
if (ptr && *ptr && (pid2 = atoi(ptr)) > 0) {
|
||||||
|
|
||||||
|
#if defined(__linux__)
|
||||||
|
pgrp = getpgid(pid2);
|
||||||
|
#endif
|
||||||
|
if (pgrp > 0) { killpg(pgrp, SIGTERM); }
|
||||||
|
kill(pid2, SIGTERM);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
ptr = getenv("__AFL_TARGET_PID1");
|
ptr = getenv("__AFL_TARGET_PID1");
|
||||||
if (ptr && *ptr && (pid1 = atoi(ptr)) > 0) kill(pid1, SIGTERM);
|
if (ptr && *ptr && (pid1 = atoi(ptr)) > 0) {
|
||||||
|
|
||||||
|
#if defined(__linux__)
|
||||||
|
pgrp = getpgid(pid1);
|
||||||
|
#endif
|
||||||
|
if (pgrp > 0) { killpg(pgrp, SIGTERM); }
|
||||||
|
kill(pid1, SIGTERM);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
ptr = getenv(CPU_AFFINITY_ENV_VAR);
|
ptr = getenv(CPU_AFFINITY_ENV_VAR);
|
||||||
if (ptr && *ptr) unlink(ptr);
|
if (ptr && *ptr) unlink(ptr);
|
||||||
@ -85,8 +101,25 @@ static void at_exit() {
|
|||||||
/* AFL_KILL_SIGNAL should already be a valid int at this point */
|
/* AFL_KILL_SIGNAL should already be a valid int at this point */
|
||||||
if ((ptr = getenv("AFL_KILL_SIGNAL"))) { kill_signal = atoi(ptr); }
|
if ((ptr = getenv("AFL_KILL_SIGNAL"))) { kill_signal = atoi(ptr); }
|
||||||
|
|
||||||
if (pid1 > 0) { kill(pid1, kill_signal); }
|
if (pid1 > 0) {
|
||||||
if (pid2 > 0) { kill(pid2, kill_signal); }
|
|
||||||
|
#if defined(__linux__)
|
||||||
|
pgrp = getpgid(pid1);
|
||||||
|
#endif
|
||||||
|
if (pgrp > 0) { killpg(pgrp, kill_signal); }
|
||||||
|
kill(pid1, kill_signal);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
if (pid2 > 0) {
|
||||||
|
|
||||||
|
#if defined(__linux__)
|
||||||
|
pgrp = getpgid(pid1);
|
||||||
|
#endif
|
||||||
|
if (pgrp > 0) { killpg(pgrp, kill_signal); }
|
||||||
|
kill(pid2, kill_signal);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -121,8 +154,7 @@ static void usage(u8 *argv0, int more_help) {
|
|||||||
#if defined(__linux__)
|
#if defined(__linux__)
|
||||||
" -Q - use binary-only instrumentation (QEMU mode)\n"
|
" -Q - use binary-only instrumentation (QEMU mode)\n"
|
||||||
" -U - use unicorn-based instrumentation (Unicorn mode)\n"
|
" -U - use unicorn-based instrumentation (Unicorn mode)\n"
|
||||||
" -W - use qemu-based instrumentation with Wine (Wine "
|
" -W - use qemu-based instrumentation with Wine (Wine mode)\n"
|
||||||
"mode)\n"
|
|
||||||
#endif
|
#endif
|
||||||
#if defined(__linux__)
|
#if defined(__linux__)
|
||||||
" -X - use VM fuzzing (NYX mode - standalone mode)\n"
|
" -X - use VM fuzzing (NYX mode - standalone mode)\n"
|
||||||
@ -173,8 +205,8 @@ static void usage(u8 *argv0, int more_help) {
|
|||||||
" -T text - text banner to show on the screen\n"
|
" -T text - text banner to show on the screen\n"
|
||||||
" -I command - execute this command/script when a new crash is "
|
" -I command - execute this command/script when a new crash is "
|
||||||
"found\n"
|
"found\n"
|
||||||
//" -B bitmap.txt - mutate a specific test case, use the out/fuzz_bitmap
|
//" -B bitmap.txt - mutate a specific test case, use the
|
||||||
//" "file\n"
|
//out/default/fuzz_bitmap file\n"
|
||||||
" -C - crash exploration mode (the peruvian rabbit thing)\n"
|
" -C - crash exploration mode (the peruvian rabbit thing)\n"
|
||||||
" -b cpu_id - bind the fuzzing process to the specified CPU core "
|
" -b cpu_id - bind the fuzzing process to the specified CPU core "
|
||||||
"(0-...)\n"
|
"(0-...)\n"
|
||||||
@ -744,6 +776,7 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
case 'f': /* target file */
|
case 'f': /* target file */
|
||||||
|
|
||||||
if (afl->fsrv.out_file) { FATAL("Multiple -f options not supported"); }
|
if (afl->fsrv.out_file) { FATAL("Multiple -f options not supported"); }
|
||||||
|
|
||||||
afl->fsrv.out_file = ck_strdup(optarg);
|
afl->fsrv.out_file = ck_strdup(optarg);
|
||||||
afl->fsrv.use_stdin = 0;
|
afl->fsrv.use_stdin = 0;
|
||||||
break;
|
break;
|
||||||
@ -923,6 +956,7 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
|
|
||||||
case 'Y': /* NYX distributed mode */
|
case 'Y': /* NYX distributed mode */
|
||||||
if (afl->fsrv.nyx_mode) { FATAL("Multiple -Y options not supported"); }
|
if (afl->fsrv.nyx_mode) { FATAL("Multiple -Y options not supported"); }
|
||||||
|
|
||||||
afl->fsrv.nyx_mode = 1;
|
afl->fsrv.nyx_mode = 1;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
@ -966,6 +1000,7 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
case 'Q': /* QEMU mode */
|
case 'Q': /* QEMU mode */
|
||||||
|
|
||||||
if (afl->fsrv.qemu_mode) { FATAL("Multiple -Q options not supported"); }
|
if (afl->fsrv.qemu_mode) { FATAL("Multiple -Q options not supported"); }
|
||||||
|
|
||||||
afl->fsrv.qemu_mode = 1;
|
afl->fsrv.qemu_mode = 1;
|
||||||
|
|
||||||
if (!mem_limit_given) { afl->fsrv.mem_limit = MEM_LIMIT_QEMU; }
|
if (!mem_limit_given) { afl->fsrv.mem_limit = MEM_LIMIT_QEMU; }
|
||||||
@ -1076,6 +1111,7 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
case 'L': { /* MOpt mode */
|
case 'L': { /* MOpt mode */
|
||||||
|
|
||||||
if (afl->limit_time_sig) { FATAL("Multiple -L options not supported"); }
|
if (afl->limit_time_sig) { FATAL("Multiple -L options not supported"); }
|
||||||
|
|
||||||
afl->havoc_max_mult = HAVOC_MAX_MULT_MOPT;
|
afl->havoc_max_mult = HAVOC_MAX_MULT_MOPT;
|
||||||
|
|
||||||
if (sscanf(optarg, "%d", &afl->limit_time_puppet) < 1) {
|
if (sscanf(optarg, "%d", &afl->limit_time_puppet) < 1) {
|
||||||
@ -1276,8 +1312,7 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
if (afl->fsrv.nyx_mode) {
|
if (afl->fsrv.nyx_mode) {
|
||||||
|
|
||||||
OKF("afl++ Nyx mode is enabled (developed and mainted by Sergej Schumilo)");
|
OKF("afl++ Nyx mode is enabled (developed and mainted by Sergej Schumilo)");
|
||||||
OKF("Nyx is open source, get it at "
|
OKF("Nyx is open source, get it at https://github.com/Nyx-Fuzz");
|
||||||
"https://github.com/Nyx-Fuzz");
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user