ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix autodict

Browse Source
This commit is contained in:
van Hauser
2020-06-29 00:58:05 +02:00
parent 16f3df7cc6
commit e5e485fcdb
9 changed files with 62 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
GNUmakefile
View File

@ -394,8 +394,8 @@ afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86
# document all mutations and only do one run (use with only one input file!) # document all mutations and only do one run (use with only one input file!)
document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o | test_x86 document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-performance.o | test_x86
$(CC) -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS) $(CC) -D_DEBUG=\"1\" -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.c src/afl-performance.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS)
test/unittests/unit_maybe_alloc.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_maybe_alloc.c $(AFL_FUZZ_FILES) test/unittests/unit_maybe_alloc.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_maybe_alloc.c $(AFL_FUZZ_FILES)
@$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_maybe_alloc.c -o test/unittests/unit_maybe_alloc.o @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_maybe_alloc.c -o test/unittests/unit_maybe_alloc.o

4
examples/persistent_demo/persistent_demo_new.c
View File

@ -49,9 +49,13 @@ int main(int argc, char **argv) {
len = __AFL_FUZZ_TESTCASE_LEN; len = __AFL_FUZZ_TESTCASE_LEN;
fprintf(stderr, "input: %zd \"%s\"\n", len, buf);
/* do we have enough data? */ /* do we have enough data? */
if (len < 8) continue; if (len < 8) continue;
if (strcmp((char *)buf, "thisisateststring") == 0) printf("teststring\n");
if (buf[0] == 'f') { if (buf[0] == 'f') {
printf("one\n"); printf("one\n");

2
include/afl-prealloc.h
View File

@ -60,7 +60,7 @@ typedef enum prealloc_status {
\ \
if ((prealloc_counter) >= (prealloc_size)) { \ if ((prealloc_counter) >= (prealloc_size)) { \
\ \
el_ptr = (element_t *) malloc(sizeof(*el_ptr)); \ el_ptr = (element_t *)malloc(sizeof(*el_ptr)); \
if (!el_ptr) { FATAL("error in list.h -> out of memory for element!"); } \ if (!el_ptr) { FATAL("error in list.h -> out of memory for element!"); } \
el_ptr->pre_status = PRE_STATUS_MALLOC; \ el_ptr->pre_status = PRE_STATUS_MALLOC; \
\ \

6
include/alloc-inl.h
View File

@ -170,10 +170,10 @@ static inline u8 *DFL_ck_strdup(u8 *str) {
size = strlen((char *)str) + 1; size = strlen((char *)str) + 1;
ALLOC_CHECK_SIZE(size); ALLOC_CHECK_SIZE(size);
ret = (u8*) malloc(size); ret = (u8 *)malloc(size);
ALLOC_CHECK_RESULT(ret, size); ALLOC_CHECK_RESULT(ret, size);
return (u8*)memcpy(ret, str, size); return (u8 *)memcpy(ret, str, size);
} }
@ -204,7 +204,7 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
if (!mem || !size) { return NULL; } if (!mem || !size) { return NULL; }
ALLOC_CHECK_SIZE(size); ALLOC_CHECK_SIZE(size);
ret = (u8*) malloc(size + 1); ret = (u8 *)malloc(size + 1);
ALLOC_CHECK_RESULT(ret, size); ALLOC_CHECK_RESULT(ret, size);
memcpy(ret, mem, size); memcpy(ret, mem, size);

6
llvm_mode/afl-llvm-rt.o.c
View File

@ -395,6 +395,9 @@ static void __afl_start_snapshots(void) {
if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1);
if (getenv("AFL_DEBUG"))
fprintf(stderr, "target forkserver recv: %08x\n", was_killed);
if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) == if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) ==
(FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) { (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) {
@ -594,6 +597,9 @@ static void __afl_start_forkserver(void) {
if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1);
if (getenv("AFL_DEBUG"))
fprintf(stderr, "target forkserver recv: %08x\n", was_killed);
if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) == if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) ==
(FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) { (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) {

36
src/afl-forkserver.c
View File

@ -596,9 +596,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
// this is not afl-fuzz - we deny and return // this is not afl-fuzz - we deny and return
if (fsrv->use_shmem_fuzz) if (fsrv->use_shmem_fuzz)
status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ); status = (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ);
else else
status = (FS_OPT_ENABLED | FS_OPT_AUTODICT); status = (FS_OPT_ENABLED);
if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) { if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) {
FATAL("Writing to forkserver failed."); FATAL("Writing to forkserver failed.");
@ -610,7 +610,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
} }
if (!be_quiet) { ACTF("Using AUTODICT feature."); } if (!be_quiet) { ACTF("Using AUTODICT feature."); }
status = (FS_OPT_ENABLED | FS_OPT_AUTODICT);
if (fsrv->use_shmem_fuzz)
status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ);
else
status = (FS_OPT_ENABLED | FS_OPT_AUTODICT);
if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) { if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) {
FATAL("Writing to forkserver failed."); FATAL("Writing to forkserver failed.");
@ -862,16 +867,21 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
*fsrv->shmem_fuzz_len = len; *fsrv->shmem_fuzz_len = len;
memcpy(fsrv->shmem_fuzz, buf, len); memcpy(fsrv->shmem_fuzz, buf, len);
#ifdef _DEBUG #ifdef _DEBUG
fprintf(stderr, "FS crc: %08x len: %u\n", if (getenv("AFL_DEBUG")) {
hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705),
*fsrv->shmem_fuzz_len); fprintf(stderr, "FS crc: %016llx len: %u\n",
fprintf(stderr, "SHM :"); hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705),
for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) *fsrv->shmem_fuzz_len);
fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]); fprintf(stderr, "SHM :");
fprintf(stderr, "\nORIG:"); for (int i = 0; i < *fsrv->shmem_fuzz_len; i++)
for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]);
fprintf(stderr, "%02x", buf[i]); fprintf(stderr, "\nORIG:");
fprintf(stderr, "\n"); for (int i = 0; i < *fsrv->shmem_fuzz_len; i++)
fprintf(stderr, "%02x", buf[i]);
fprintf(stderr, "\n");
}
#endif #endif
} else { } else {

26
src/afl-fuzz-run.c
View File

@ -156,16 +156,22 @@ static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at,
*afl->fsrv.shmem_fuzz_len = len - skip_len; *afl->fsrv.shmem_fuzz_len = len - skip_len;
#ifdef _DEBUG #ifdef _DEBUG
fprintf(stderr, "FS crc: %08x len: %u\n", if (afl->debug) {
hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705),
*fsrv->shmem_fuzz_len); fprintf(
fprintf(stderr, "SHM :"); stderr, "FS crc: %16llx len: %u\n",
for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) hash64(afl->fsrv.shmem_fuzz, *afl->fsrv.shmem_fuzz_len, 0xa5b35705),
fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]); *afl->fsrv.shmem_fuzz_len);
fprintf(stderr, "\nORIG:"); fprintf(stderr, "SHM :");
for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++)
fprintf(stderr, "%02x", buf[i]); fprintf(stderr, "%02x", afl->fsrv.shmem_fuzz[i]);
fprintf(stderr, "\n"); fprintf(stderr, "\nORIG:");
for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++)
fprintf(stderr, "%02x", (u8)((u8 *)mem)[i]);
fprintf(stderr, "\n");
}
#endif #endif
return; return;

4
src/afl-performance.c
View File

@ -143,8 +143,10 @@ void long_jump(afl_state_t *afl) {
#ifdef _DEBUG #ifdef _DEBUG
u32 hash32(u8 *key, u32 len, u32 seed) { u32 hash32(u8 *key, u32 len, u32 seed) {
#else #else
u32 inline hash32(u8 *key, u32 len, u32 seed) { u32 inline hash32(u8 *key, u32 len, u32 seed) {
#endif #endif
return (u32)XXH64(key, len, seed); return (u32)XXH64(key, len, seed);
@ -153,8 +155,10 @@ u32 inline hash32(u8 *key, u32 len, u32 seed) {
#ifdef _DEBUG #ifdef _DEBUG
u64 hash64(u8 *key, u32 len, u64 seed) { u64 hash64(u8 *key, u32 len, u64 seed) {
#else #else
u64 inline hash64(u8 *key, u32 len, u64 seed) { u64 inline hash64(u8 *key, u32 len, u64 seed) {
#endif #endif
return XXH64(key, len, seed); return XXH64(key, len, seed);

4
src/afl-showmap.c
View File

@ -985,10 +985,12 @@ int main(int argc, char **argv_orig, char **envp) {
if (read_file(infile)) { if (read_file(infile)) {
if (wait_for_gdb) { if (wait_for_gdb) {
fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid); fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid);
fprintf(stderr, "exec: kill -CONT %d\n", getpid()); fprintf(stderr, "exec: kill -CONT %d\n", getpid());
kill(0, SIGSTOP); kill(0, SIGSTOP);
} }
showmap_run_target_forkserver(fsrv, use_argv, in_data, in_len); showmap_run_target_forkserver(fsrv, use_argv, in_data, in_len);