done implementing AFL_MAP_SIZE

2025-06-08 00:01:33 +00:00 · 2020-04-17 10:08:56 +02:00 · 2020-04-17 10:08:56 +02:00 · ef311ec70c
commit ef311ec70c
parent 5b70d23211
5 changed files with 41 additions and 13 deletions
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@ -243,6 +243,11 @@ checks or alter some of the more exotic semantics of the tool:
    normally indicated by the cycle counter in the UI turning green. May be
    convenient for some types of automated jobs.

+  - AFL_MAP_SIZE sets the size of the shared map that afl-fuzz, afl-showmap,
+    afl-tmin and afl-analyze create to gather instrumentation data from
+    the target. This must be equal or larger than the size the target was
+    compiled with.
+
  - Setting AFL_NO_AFFINITY disables attempts to bind to a specific CPU core
    on Linux systems. This slows things down, but lets you run more instances
    of afl-fuzz than would be prudent (if you really want to).
--- a/gcc_plugin/afl-gcc-fast.c
+++ b/gcc_plugin/afl-gcc-fast.c
@ -364,6 +364,16 @@ int main(int argc, char **argv, char **envp) {

    be_quiet = 1;

+  u8 *ptr;
+  if (!be_quiet &&
+      ((ptr = getenv("AFL_MAP_SIZE")) || (ptr = getenv("AFL_MAPSIZE")))) {
+
+    u32 map_size = atoi(ptr);
+    if (map_size != MAP_SIZE)
+      FATAL("AFL_MAP_SIZE is not supported by afl-gcc-fast");
+
+  }
+
  check_environment_vars(envp);

  find_obj(argv[0]);
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@ -796,6 +796,16 @@ int main(int argc, char **argv, char **envp) {

  }

+  u8 *ptr2;
+  if (!be_quiet && instrument_mode != INSTRUMENT_LTO &&
+      ((ptr2 = getenv("AFL_MAP_SIZE")) || (ptr2 = getenv("AFL_MAPSIZE")))) {
+
+    u32 map_size = atoi(ptr2);
+    if (map_size != MAP_SIZE)
+      FATAL("AFL_MAP_SIZE is not supported by afl-clang-fast");
+
+  }
+
  if (debug) {

    SAYF(cMGN "[D]" cRST " cd \"%s\";", getthecwd());
--- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc
+++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc
@ -608,20 +608,22 @@ bool AFLLTOPass::runOnModule(Module &M) {

    }

-    // save highest location ID to global variable
-    // do this after each function to fail faster
-    if (afl_global_id > MAP_SIZE) {
+  }

-      uint32_t pow2map = 1, map = afl_global_id;
-      while ((map = map >> 1))
-        pow2map++;
-      FATAL(
-          "We have %u blocks to instrument but the map size is only %u! Edit "
-          "config.h and set MAP_SIZE_POW2 from %u to %u, then recompile "
-          "afl-fuzz and llvm_mode.",
-          afl_global_id, MAP_SIZE, MAP_SIZE_POW2, pow2map);
+  // save highest location ID to global variable
+  // do this after each function to fail faster
+  if (!be_quiet && afl_global_id > MAP_SIZE) {

-    }
+    uint32_t pow2map = 1, map = afl_global_id;
+    while ((map = map >> 1))
+      pow2map++;
+    WARNF(
+        "We have %u blocks to instrument but the map size is only %u. Either "
+        "edit config.h and set MAP_SIZE_POW2 from %u to %u, then recompile "
+        "afl-fuzz and llvm_mode and then make this target - or set "
+        "AFL_MAP_SIZE with at least size %u when running afl-fuzz with this "
+        "target.",
+        afl_global_id, MAP_SIZE, MAP_SIZE_POW2, pow2map, afl_global_id);

  }

--- a/src/afl-gcc.c
+++ b/src/afl-gcc.c
@ -412,7 +412,8 @@ int main(int argc, char **argv) {
  }

  u8 *ptr;
-  if ((ptr = getenv("AFL_MAP_SIZE")) || (ptr = getenv("AFL_MAPSIZE"))) {
+  if (!be_quiet &&
+      ((ptr = getenv("AFL_MAP_SIZE")) || (ptr = getenv("AFL_MAPSIZE")))) {

    u32 map_size = atoi(ptr);
    if (map_size != MAP_SIZE) FATAL("AFL_MAP_SIZE is not supported by afl-gcc");