FASAN Support (#918)

* FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name <you@example.com>
2025-06-15 03:18:07 +00:00 · 2021-05-17 19:02:45 +01:00
parent 9d50ae7468
commit e40c0c2da1
16 changed files with 664 additions and 122 deletions
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -328,6 +328,50 @@ static int stricmp(char const *a, char const *b) {

 }

+static void fasan_check_afl_preload(char *afl_preload) {
+
+  char   first_preload[PATH_MAX + 1] = {0};
+  char * separator = strchr(afl_preload, ':');
+  size_t first_preload_len = PATH_MAX;
+  char * basename;
+  char   clang_runtime_prefix[] = "libclang_rt.asan-";
+
+  if (separator != NULL && (separator - afl_preload) < PATH_MAX) {
+
+    first_preload_len = separator - afl_preload;
+
+  }
+
+  strncpy(first_preload, afl_preload, first_preload_len);
+
+  basename = strrchr(first_preload, '/');
+  if (basename == NULL) {
+
+    basename = first_preload;
+
+  } else {
+
+    basename = basename + 1;
+
+  }
+
+  if (strncmp(basename, clang_runtime_prefix,
+              sizeof(clang_runtime_prefix) - 1) != 0) {
+
+    FATAL("Address Sanitizer DSO must be the first DSO in AFL_PRELOAD");
+
+  }
+
+  if (access(first_preload, R_OK) != 0) {
+
+    FATAL("Address Sanitizer DSO not found");
+
+  }
+
+  OKF("Found ASAN DSO: %s", first_preload);
+
+}
+
 /* Main entry point */

 int main(int argc, char **argv_orig, char **envp) {
@ -785,6 +829,7 @@ int main(int argc, char **argv_orig, char **envp) {
        }

        afl->fsrv.frida_mode = 1;
+        if (get_afl_env("AFL_USE_FASAN")) { afl->fsrv.frida_asan = 1; }

        break;

@ -1365,18 +1410,21 @@ int main(int argc, char **argv_orig, char **envp) {
    } else if (afl->fsrv.frida_mode) {

      afl_preload = getenv("AFL_PRELOAD");
-      u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so");
-      OKF("Injecting %s ...", frida_binary);
-      if (afl_preload) {

-        frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary);
+      if (afl->fsrv.frida_asan) {

-      } else {
+        OKF("Using Frida Address Sanitizer Mode");

-        frida_afl_preload = alloc_printf("%s", frida_binary);
+        fasan_check_afl_preload(afl_preload);
+
+        setenv("ASAN_OPTIONS", "detect_leaks=false", 1);

      }

+      u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so");
+      OKF("Injecting %s ...", frida_binary);
+      frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary);
+
      ck_free(frida_binary);

      setenv("LD_PRELOAD", frida_afl_preload, 1);
@ -1391,11 +1439,22 @@ int main(int argc, char **argv_orig, char **envp) {

  } else if (afl->fsrv.frida_mode) {

-    u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so");
-    OKF("Injecting %s ...", frida_binary);
-    setenv("LD_PRELOAD", frida_binary, 1);
-    setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1);
-    ck_free(frida_binary);
+    if (afl->fsrv.frida_asan) {
+
+      OKF("Using Frida Address Sanitizer Mode");
+      FATAL(
+          "Address Sanitizer DSO must be loaded using AFL_PRELOAD in Frida "
+          "Address Sanitizer Mode");
+
+    } else {
+
+      u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so");
+      OKF("Injecting %s ...", frida_binary);
+      setenv("LD_PRELOAD", frida_binary, 1);
+      setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1);
+      ck_free(frida_binary);
+
+    }

  }