ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

resize fix + code format

Browse Source
This commit is contained in:
Dominik Maier
2020-04-10 17:47:22 +02:00
parent 6aa6af04ac
commit f0f83bab52
10 changed files with 32 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/common.h
View File

@ -99,9 +99,11 @@ u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms);
/* Wrapper for select() and read(), reading exactly len bytes. /* Wrapper for select() and read(), reading exactly len bytes.
Returns the time passed to read. Returns the time passed to read.
stop_soon should point to a variable indicating ctrl+c was pressed.
If the wait times out, returns timeout_ms + 1; If the wait times out, returns timeout_ms + 1;
Returns 0 if an error occurred (fd closed, signal, ...); */ Returns 0 if an error occurred (fd closed, signal, ...); */
u32 read_timed(s32 fd, void *buf, size_t len, u32 timeout_ms); u32 read_timed(s32 fd, void *buf, size_t len, u32 timeout_ms,
volatile u8 *stop_soon_p);
#endif #endif

3
include/forkserver.h
View File

@ -67,7 +67,8 @@ typedef struct afl_forkserver {
} afl_forkserver_t; } afl_forkserver_t;
void afl_fsrv_init(afl_forkserver_t *fsrv); void afl_fsrv_init(afl_forkserver_t *fsrv);
void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv); void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
volatile u8 *stop_soon_p);
void afl_fsrv_deinit(afl_forkserver_t *fsrv); void afl_fsrv_deinit(afl_forkserver_t *fsrv);
void afl_fsrv_killall(); void afl_fsrv_killall();

8
src/afl-common.c
View File

@ -40,6 +40,7 @@
u8 be_quiet = 0; u8 be_quiet = 0;
u8 *doc_path = ""; u8 *doc_path = "";
u8 last_intr = 0;
char *afl_environment_variables[] = { char *afl_environment_variables[] = {
@ -754,7 +755,8 @@ u8 *u_stringify_time_diff(u8 *buf, u64 cur_ms, u64 event_ms) {
Returns the time passed to read. Returns the time passed to read.
If the wait times out, returns timeout_ms + 1; If the wait times out, returns timeout_ms + 1;
Returns 0 if an error occurred (fd closed, signal, ...); */ Returns 0 if an error occurred (fd closed, signal, ...); */
u32 read_timed(s32 fd, void *buf, size_t len, u32 timeout_ms) { u32 read_timed(s32 fd, void *buf, size_t len, u32 timeout_ms,
volatile u8 *stop_soon_p) {
struct timeval timeout; struct timeval timeout;
fd_set readfds; fd_set readfds;
@ -779,8 +781,8 @@ u32 read_timed(s32 fd, void *buf, size_t len, u32 timeout_ms) {
} else if (sret < 0) { } else if (sret < 0) {
// perror("sret malloc"); /* Retry select for all signals other than than ctrl+c */
// TODO: catch other (errno == EINTR) than ctrl+c? if (errno == EINTR && !*stop_soon_p) { continue; }
return 0; return 0;
} }

5
src/afl-forkserver.c
View File

@ -160,7 +160,8 @@ static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) {
cloning a stopped child. So, we just execute once, and then send commands cloning a stopped child. So, we just execute once, and then send commands
through a pipe. The other part of this logic is in afl-as.h / llvm_mode */ through a pipe. The other part of this logic is in afl-as.h / llvm_mode */
void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) { void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
volatile u8 *stop_soon_p) {
int st_pipe[2], ctl_pipe[2]; int st_pipe[2], ctl_pipe[2];
int status; int status;
@ -317,7 +318,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) {
rlen = 4; rlen = 4;
u32 time = read_timed(fsrv->fsrv_st_fd, &status, rlen, u32 time = read_timed(fsrv->fsrv_st_fd, &status, rlen,
fsrv->exec_tmout * FORK_WAIT_MULT); fsrv->exec_tmout * FORK_WAIT_MULT, stop_soon_p);
if (time > fsrv->exec_tmout * FORK_WAIT_MULT) { if (time > fsrv->exec_tmout * FORK_WAIT_MULT) {

6
src/afl-fuzz-cmplog.c
View File

@ -187,7 +187,8 @@ void init_cmplog_forkserver(afl_state_t *afl) {
rlen = 4; rlen = 4;
u32 timeout_ms = afl->fsrv.exec_tmout * FORK_WAIT_MULT; u32 timeout_ms = afl->fsrv.exec_tmout * FORK_WAIT_MULT;
/* Reuse readfds as exceptfds to see when the child closed the pipe */ /* Reuse readfds as exceptfds to see when the child closed the pipe */
u32 exec_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, rlen, timeout_ms); u32 exec_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, rlen, timeout_ms,
&afl->stop_soon);
if (!exec_ms) { if (!exec_ms) {
@ -416,7 +417,8 @@ u8 run_cmplog_target(afl_state_t *afl, u32 timeout) {
/* Configure timeout, as requested by user, then wait for child to terminate. /* Configure timeout, as requested by user, then wait for child to terminate.
*/ */
exec_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, 4, timeout); exec_ms =
read_timed(afl->cmplog_fsrv_st_fd, &status, 4, timeout, &afl->stop_soon);
if (exec_ms > timeout) { if (exec_ms > timeout) {

6
src/afl-fuzz-init.c
View File

@ -134,14 +134,12 @@ void bind_to_free_cpu(afl_state_t *afl) {
for (i = 0; i < proccount; i++) { for (i = 0; i < proccount; i++) {
#if defined(__FreeBSD__) #if defined(__FreeBSD__)
if (!strcmp(procs[i].ki_comm, "idle")) if (!strcmp(procs[i].ki_comm, "idle")) continue;
continue;
// fix when ki_oncpu = -1 // fix when ki_oncpu = -1
int oncpu; int oncpu;
oncpu = procs[i].ki_oncpu; oncpu = procs[i].ki_oncpu;
if (oncpu == -1) if (oncpu == -1) oncpu = procs[i].ki_lastcpu;
oncpu = procs[i].ki_lastcpu;
if (oncpu != -1 && oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 60) if (oncpu != -1 && oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 60)
cpu_used[oncpu] = 1; cpu_used[oncpu] = 1;

6
src/afl-fuzz-run.c
View File

@ -67,7 +67,8 @@ u8 run_target(afl_state_t *afl, u32 timeout) {
if (afl->fsrv.child_pid <= 0) FATAL("Fork server is misbehaving (OOM?)"); if (afl->fsrv.child_pid <= 0) FATAL("Fork server is misbehaving (OOM?)");
exec_ms = read_timed(afl->fsrv.fsrv_st_fd, &status, 4, timeout); exec_ms =
read_timed(afl->fsrv.fsrv_st_fd, &status, 4, timeout, &afl->stop_soon);
if (exec_ms > timeout) { if (exec_ms > timeout) {
@ -308,7 +309,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
/* Make sure the forkserver is up before we do anything, and let's not /* Make sure the forkserver is up before we do anything, and let's not
count its spin-up time toward binary calibration. */ count its spin-up time toward binary calibration. */
if (!afl->fsrv.fsrv_pid) afl_fsrv_start(&afl->fsrv, afl->argv); if (!afl->fsrv.fsrv_pid)
afl_fsrv_start(&afl->fsrv, afl->argv, &afl->stop_soon);
if (afl->dumb_mode != 1 && !afl->no_forkserver && !afl->cmplog_fsrv_pid && if (afl->dumb_mode != 1 && !afl->no_forkserver && !afl->cmplog_fsrv_pid &&
afl->shm.cmplog_mode) afl->shm.cmplog_mode)
init_cmplog_forkserver(afl); init_cmplog_forkserver(afl);

14
src/afl-fuzz-stats.c
View File

@ -366,9 +366,9 @@ void show_stats(afl_state_t *afl) {
/* Lord, forgive me this. */ /* Lord, forgive me this. */
SAYF(SET_G1 bSTG bLT bH bSTOP cCYA SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
" overall results " bSTG bH2 bH2 bRT "\n"); " overall results " bSTG bH2 bH2 bRT "\n");
if (afl->dumb_mode) { if (afl->dumb_mode) {
@ -450,9 +450,9 @@ void show_stats(afl_state_t *afl) {
" uniq hangs : " cRST "%-6s" bSTG bV "\n", " uniq hangs : " cRST "%-6s" bSTG bV "\n",
time_tmp, tmp); time_tmp, tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
" map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
/* This gets funny because we want to print several variable-length variables /* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to together, but then cram them into a fixed-width field - so we need to
@ -481,9 +481,9 @@ void show_stats(afl_state_t *afl) {
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored),
((double)afl->queued_favored) * 100 / afl->queued_paths); ((double)afl->queued_favored) * 100 / afl->queued_paths);
@ -557,7 +557,7 @@ void show_stats(afl_state_t *afl) {
/* Aaaalmost there... hold on! */ /* Aaaalmost there... hold on! */
SAYF(bVR bH cCYA bSTOP SAYF(bVR bH cCYA bSTOP
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
" path geometry " bSTG bH5 bH2 bVL "\n"); " path geometry " bSTG bH5 bH2 bVL "\n");

2
src/afl-showmap.c
View File

@ -951,7 +951,7 @@ int main(int argc, char **argv_orig, char **envp) {
} }
afl_fsrv_start(fsrv, use_argv); afl_fsrv_start(fsrv, use_argv, &stop_soon);
while (done == 0 && (dir_ent = readdir(dir_in))) { while (done == 0 && (dir_ent = readdir(dir_in))) {

2
src/afl-tmin.c
View File

@ -1133,7 +1133,7 @@ int main(int argc, char **argv_orig, char **envp) {
read_initial_file(); read_initial_file();
afl_fsrv_start(fsrv, use_argv); afl_fsrv_start(fsrv, use_argv, &stop_soon);
ACTF("Performing dry run (mem limit = %llu MB, timeout = %u ms%s)...", ACTF("Performing dry run (mem limit = %llu MB, timeout = %u ms%s)...",
fsrv->mem_limit, fsrv->exec_tmout, edges_only ? ", edges only" : ""); fsrv->mem_limit, fsrv->exec_tmout, edges_only ? ", edges only" : "");