ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix short write

Browse Source
This commit is contained in:
van Hauser
2020-08-05 11:17:15 +02:00
parent 0712d44cbc
commit f30ca1476c
4 changed files with 24 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/afl-fuzz.h
View File

@ -986,7 +986,7 @@ uint64_t rand_next(afl_state_t *afl);
static inline u32 rand_below(afl_state_t *afl, u32 limit) { static inline u32 rand_below(afl_state_t *afl, u32 limit) {
if (limit <= 1) return 0; if (limit <= 1) return 0;
/* The boundary not being necessarily a power of 2, /* The boundary not being necessarily a power of 2,
we need to ensure the result uniformity. */ we need to ensure the result uniformity. */
@ -1008,7 +1008,7 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) {
expand havoc mode */ expand havoc mode */
static inline u32 rand_below_datalen(afl_state_t *afl, u32 limit) { static inline u32 rand_below_datalen(afl_state_t *afl, u32 limit) {
if (limit <= 1) return 0; if (limit <= 1) return 0;
switch (rand_below(afl, 3)) { switch (rand_below(afl, 3)) {

10
llvm_mode/afl-clang-fast.c
View File

@ -161,8 +161,8 @@ static void find_obj(u8 *argv0) {
static void edit_params(u32 argc, char **argv, char **envp) { static void edit_params(u32 argc, char **argv, char **envp) {
u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0, u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0,
preprocessor_only = 0; preprocessor_only = 0;
u8 have_pic = 0; u8 have_pic = 0;
u8 *name; u8 *name;
@ -400,7 +400,7 @@ static void edit_params(u32 argc, char **argv, char **envp) {
if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue; if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue;
if (lto_mode && !strncmp(cur, "--ld-path=", 10)) continue; if (lto_mode && !strncmp(cur, "--ld-path=", 10)) continue;
if (!strcmp(cur, "-E")) preprocessor_only = 1; if (!strcmp(cur, "-E")) preprocessor_only = 1;
cc_params[cc_par_cnt++] = cur; cc_params[cc_par_cnt++] = cur;
@ -566,8 +566,9 @@ static void edit_params(u32 argc, char **argv, char **envp) {
cc_params[cc_par_cnt++] = "none"; cc_params[cc_par_cnt++] = "none";
} }
if (preprocessor_only) { if (preprocessor_only) {
/* In the preprocessor_only case (-E), we are not actually compiling at /* In the preprocessor_only case (-E), we are not actually compiling at
all but requesting the compiler to output preprocessed sources only. all but requesting the compiler to output preprocessed sources only.
We must not add the runtime in this case because the compiler will We must not add the runtime in this case because the compiler will
@ -575,6 +576,7 @@ static void edit_params(u32 argc, char **argv, char **envp) {
systems that rely on a separate source preprocessing step. */ systems that rely on a separate source preprocessing step. */
cc_params[cc_par_cnt] = NULL; cc_params[cc_par_cnt] = NULL;
return; return;
} }
#ifndef __ANDROID__ #ifndef __ANDROID__

2
src/afl-fuzz-queue.c
View File

@ -112,8 +112,10 @@ static u8 check_if_text(struct queue_entry *q) {
u8 buf[MAX_FILE]; u8 buf[MAX_FILE];
s32 fd, len = q->len, offset = 0, ascii = 0, utf8 = 0, comp; s32 fd, len = q->len, offset = 0, ascii = 0, utf8 = 0, comp;
if (len >= MAX_FILE) len = MAX_FILE - 1;
if ((fd = open(q->fname, O_RDONLY)) < 0) return 0; if ((fd = open(q->fname, O_RDONLY)) < 0) return 0;
if ((comp = read(fd, buf, len)) != len) return 0; if ((comp = read(fd, buf, len)) != len) return 0;
buf[len] = 0;
close(fd); close(fd);
while (offset < len) { while (offset < len) {

17
src/afl-fuzz-run.c
View File

@ -819,16 +819,27 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {
fd = open(q->fname, O_WRONLY | O_CREAT | O_TRUNC, 0600); fd = open(q->fname, O_WRONLY | O_CREAT | O_TRUNC, 0600);
if (fd < 0) { PFATAL("Unable to create '%s'", q->fname); }
u32 written = 0;
while (written < q->len) {
ssize_t result = write(fd, in_buf, q->len - written);
if (result > 0) written += result;
}
} else { } else {
unlink(q->fname); /* ignore errors */ unlink(q->fname); /* ignore errors */
fd = open(q->fname, O_WRONLY | O_CREAT | O_EXCL, 0600); fd = open(q->fname, O_WRONLY | O_CREAT | O_EXCL, 0600);
if (fd < 0) { PFATAL("Unable to create '%s'", q->fname); }
ck_write(fd, in_buf, q->len, q->fname);
} }
if (fd < 0) { PFATAL("Unable to create '%s'", q->fname); }
ck_write(fd, in_buf, q->len, q->fname);
close(fd); close(fd);
memcpy(afl->fsrv.trace_bits, afl->clean_trace, afl->fsrv.map_size); memcpy(afl->fsrv.trace_bits, afl->clean_trace, afl->fsrv.map_size);