ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-18 12:48:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

support LLVMFuzzerTestOneInput -1 return

Browse Source
This commit is contained in:
vanhauser-thc
2023-03-09 13:57:03 +01:00
parent aa125f8246
commit e0866f51c7
4 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Changelog.md
View File

@ -7,10 +7,12 @@
- afl-fuzz: - afl-fuzz:
- ensure temporary file descriptor is closed when not used - ensure temporary file descriptor is closed when not used
- added `AFL_NO_WARN_INSTABILITY` - added `AFL_NO_WARN_INSTABILITY`
- added `AFL_FRIDA_STATS_INTERVAL`
- afl-cc: - afl-cc:
- add CFI sanitizer variant to gcc targets - add CFI sanitizer variant to gcc targets
- llvm 16 support (thanks to @devnexen!) - llvm 16 support (thanks to @devnexen!)
- support llvm 15 native pcguard changes - support llvm 15 native pcguard changes
- support for LLVMFuzzerTestOneInput -1 return
- qemu_mode: - qemu_mode:
- fix _RANGES envs to allow hyphens in the filenames - fix _RANGES envs to allow hyphens in the filenames
- new custom module: autotoken, grammar free fuzzer for text inputs - new custom module: autotoken, grammar free fuzzer for text inputs

2
test/test-cmplog.c
View File

@ -8,7 +8,7 @@
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t i) { int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t i) {
if (i < 30) return 0; if (i < 30) return -1;
if (buf[0] != 'A') return 0; if (buf[0] != 'A') return 0;
if (buf[1] != 'B') return 0; if (buf[1] != 'B') return 0;
if (buf[2] != 'C') return 0; if (buf[2] != 'C') return 0;

13
utils/aflpp_driver/aflpp_driver.c
View File

@ -58,10 +58,15 @@ $AFL_HOME/afl-fuzz -i IN -o OUT ./a.out
#include "hash.h" #include "hash.h"
#endif #endif
// AFL++ shared memory fuzz cases
int __afl_sharedmem_fuzzing = 1; int __afl_sharedmem_fuzzing = 1;
extern unsigned int *__afl_fuzz_len; extern unsigned int *__afl_fuzz_len;
extern unsigned char *__afl_fuzz_ptr; extern unsigned char *__afl_fuzz_ptr;
// AFL++ coverage map
extern unsigned char *__afl_area_ptr;
extern unsigned int __afl_map_size;
// libFuzzer interface is thin, so we don't include any libFuzzer headers. // libFuzzer interface is thin, so we don't include any libFuzzer headers.
__attribute__((weak)) int LLVMFuzzerTestOneInput(const uint8_t *Data, __attribute__((weak)) int LLVMFuzzerTestOneInput(const uint8_t *Data,
size_t Size); size_t Size);
@ -375,7 +380,13 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp,
} }
prev_length = length; prev_length = length;
(void)callback(__afl_fuzz_ptr, length);
if (unlikely(callback(__afl_fuzz_ptr, length) == -1)) {
memset(__afl_area_ptr, 0, __afl_map_size);
__afl_area_ptr[0] = 1;
}
} }

19
utils/aflpp_driver/aflpp_driver_test.c
View File

@ -2,9 +2,9 @@
#include <stdlib.h> #include <stdlib.h>
#include <stdint.h> #include <stdint.h>
void __attribute__((noinline)) crashme(const uint8_t *Data, size_t Size) { int __attribute__((noinline)) crashme(const uint8_t *Data, size_t Size) {
if (Size < 5) return; if (Size < 5) return -1;
if (Data[0] == 'F') if (Data[0] == 'F')
if (Data[1] == 'A') if (Data[1] == 'A')
@ -12,13 +12,16 @@ void __attribute__((noinline)) crashme(const uint8_t *Data, size_t Size) {
if (Data[3] == '$') if (Data[3] == '$')
if (Data[4] == '$') abort(); if (Data[4] == '$') abort();
}
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size) crashme(Data, Size);
return 0; return 0;
} }
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
if (Size)
return crashme(Data, Size);
else
return -1;
}