ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 10:38:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1142 from AFLplusplus/dev

Browse Source 
Dev
This commit is contained in:
van Hauser
2021-11-03 21:55:21 +01:00
committed by GitHub
parent 25c947cd5a 9278f27d74
commit f5535e348d
43 changed files with 986 additions and 255 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/afl-analyze.c
View File

@ -120,6 +120,17 @@ static u8 count_class_lookup[256] = {
#undef TIMES8
#undef TIMES4
static void kill_child() {
if (fsrv.child_pid > 0) {
kill(fsrv.child_pid, fsrv.kill_signal);
fsrv.child_pid = -1;
}
}
static void classify_counts(u8 *mem) {
u32 i = map_size;
@ -1053,6 +1064,7 @@ int main(int argc, char **argv_orig, char **envp) {
fsrv.target_path = find_binary(argv[optind]);
fsrv.trace_bits = afl_shm_init(&shm, map_size, 0);
detect_file_args(argv + optind, fsrv.out_file, &use_stdin);
signal(SIGALRM, kill_child);
if (qemu_mode) {

16
src/afl-cc.c
View File

@ -423,6 +423,8 @@ static void edit_params(u32 argc, char **argv, char **envp) {
char *fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path);
cc_params[cc_par_cnt++] = fplugin_arg;
cc_params[cc_par_cnt++] = "-fno-if-conversion";
cc_params[cc_par_cnt++] = "-fno-if-conversion2";
}
@ -735,6 +737,14 @@ static void edit_params(u32 argc, char **argv, char **envp) {
}
if ((compiler_mode == GCC || compiler_mode == GCC_PLUGIN) &&
!strncmp(cur, "-stdlib=", 8)) {
if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); }
continue;
}
if ((!strncmp(cur, "-fsanitize=fuzzer-", strlen("-fsanitize=fuzzer-")) ||
!strncmp(cur, "-fsanitize-coverage", strlen("-fsanitize-coverage"))) &&
(strncmp(cur, "sanitize-coverage-allow",
@ -1007,7 +1017,11 @@ static void edit_params(u32 argc, char **argv, char **envp) {
}
// prevent unnecessary build errors
cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument";
if (compiler_mode != GCC_PLUGIN && compiler_mode != GCC) {
cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument";
}
if (preprocessor_only || have_c) {

6
src/afl-common.c
View File

@ -217,11 +217,10 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
}
char **new_argv = ck_alloc(sizeof(char *) * (argc + 4));
char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
memcpy(&new_argv[3], &argv[1], (int)(sizeof(char *)) * (argc - 1));
new_argv[argc + 3] = NULL;
new_argv[2] = *target_path_p;
new_argv[1] = "--";
@ -237,11 +236,10 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
char **new_argv = ck_alloc(sizeof(char *) * (argc + 2));
if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
memcpy(&new_argv[2], &argv[1], (int)(sizeof(char *)) * (argc - 1));
new_argv[argc + 2] = NULL;
new_argv[1] = *target_path_p;

29
src/afl-forkserver.c
View File

@ -608,19 +608,31 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
/* Wait for the fork server to come up, but don't wait too long. */
rlen = 0;
if (fsrv->exec_tmout) {
if (fsrv->init_tmout) {
u32 time_ms = read_s32_timed(fsrv->fsrv_st_fd, &status, fsrv->init_tmout,
stop_soon_p);
if (!time_ms) {
if (fsrv->fsrv_pid > 0) { kill(fsrv->fsrv_pid, fsrv->kill_signal); }
s32 tmp_pid = fsrv->fsrv_pid;
if (tmp_pid > 0) {
kill(tmp_pid, fsrv->kill_signal);
fsrv->fsrv_pid = -1;
}
} else if (time_ms > fsrv->init_tmout) {
fsrv->last_run_timed_out = 1;
if (fsrv->fsrv_pid > 0) { kill(fsrv->fsrv_pid, fsrv->kill_signal); }
s32 tmp_pid = fsrv->fsrv_pid;
if (tmp_pid > 0) {
kill(tmp_pid, fsrv->kill_signal);
fsrv->fsrv_pid = -1;
}
} else {
@ -1259,7 +1271,14 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
/* If there was no response from forkserver after timeout seconds,
we kill the child. The forkserver should inform us afterwards */
if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->kill_signal); }
s32 tmp_pid = fsrv->child_pid;
if (tmp_pid > 0) {
kill(tmp_pid, fsrv->kill_signal);
fsrv->child_pid = -1;
}
fsrv->last_run_timed_out = 1;
if (read(fsrv->fsrv_st_fd, &fsrv->child_status, 4) < 4) { exec_ms = 0; }
@ -1293,7 +1312,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
}
if (!WIFSTOPPED(fsrv->child_status)) { fsrv->child_pid = 0; }
if (!WIFSTOPPED(fsrv->child_status)) { fsrv->child_pid = -1; }
fsrv->total_execs++;

5
src/afl-fuzz-bitmap.c
View File

@ -317,8 +317,9 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) {
}
sprintf(ret + strlen(ret), ",time:%llu",
get_cur_time() + afl->prev_run_time - afl->start_time);
sprintf(ret + strlen(ret), ",time:%llu,execs:%llu",
get_cur_time() + afl->prev_run_time - afl->start_time,
afl->fsrv.total_execs);
if (afl->current_custom_fuzz &&
afl->current_custom_fuzz->afl_custom_describe) {

41
src/afl-fuzz-init.c
View File

@ -1325,8 +1325,8 @@ void pivot_inputs(afl_state_t *afl) {
}
nfn = alloc_printf("%s/queue/id:%06u,time:0,orig:%s", afl->out_dir, id,
use_name);
nfn = alloc_printf("%s/queue/id:%06u,time:0,execs:%llu,orig:%s",
afl->out_dir, id, afl->fsrv.total_execs, use_name);
#else
@ -2815,43 +2815,6 @@ void check_binary(afl_state_t *afl, u8 *fname) {
}
/* Trim and possibly create a banner for the run. */
void fix_up_banner(afl_state_t *afl, u8 *name) {
if (!afl->use_banner) {
if (afl->sync_id) {
afl->use_banner = afl->sync_id;
} else {
u8 *trim = strrchr(name, '/');
if (!trim) {
afl->use_banner = name;
} else {
afl->use_banner = trim + 1;
}
}
}
if (strlen(afl->use_banner) > 32) {
u8 *tmp = ck_alloc(36);
sprintf(tmp, "%.32s...", afl->use_banner);
afl->use_banner = tmp;
}
}
/* Check if we're on TTY. */
void check_if_tty(afl_state_t *afl) {

49
src/afl-fuzz-stats.c
View File

@ -442,9 +442,10 @@ void show_stats(afl_state_t *afl) {
u64 cur_ms;
u32 t_bytes, t_bits;
u32 banner_len, banner_pad;
u8 tmp[256];
u8 time_tmp[64];
static u8 banner[128];
u32 banner_len, banner_pad;
u8 tmp[256];
u8 time_tmp[64];
u8 val_buf[8][STRINGIFY_VAL_SIZE_MAX];
#define IB(i) (val_buf[(i)])
@ -657,26 +658,34 @@ void show_stats(afl_state_t *afl) {
}
/* Let's start by drawing a centered banner. */
if (unlikely(!banner[0])) {
banner_len = (afl->crash_mode ? 24 : 22) + strlen(VERSION) +
strlen(afl->use_banner) + strlen(afl->power_name) + 3 + 5;
banner_pad = (79 - banner_len) / 2;
memset(tmp, ' ', banner_pad);
char *si = "";
if (afl->sync_id) { si = afl->sync_id; }
memset(banner, 0, sizeof(banner));
banner_len = (afl->crash_mode ? 20 : 18) + strlen(VERSION) + strlen(si) +
strlen(afl->power_name) + 4 + 6;
#ifdef HAVE_AFFINITY
sprintf(
tmp + banner_pad,
"%s " cLCY VERSION cLGN " (%s) " cPIN "[%s]" cBLU " {%d}",
afl->crash_mode ? cPIN "peruvian were-rabbit" : cYEL "american fuzzy lop",
afl->use_banner, afl->power_name, afl->cpu_aff);
#else
sprintf(
tmp + banner_pad, "%s " cLCY VERSION cLGN " (%s) " cPIN "[%s]",
afl->crash_mode ? cPIN "peruvian were-rabbit" : cYEL "american fuzzy lop",
afl->use_banner, afl->power_name);
#endif /* HAVE_AFFINITY */
if (strlen(afl->use_banner) + banner_len > 75) {
SAYF("\n%s\n", tmp);
afl->use_banner += (strlen(afl->use_banner) + banner_len) - 76;
memset(afl->use_banner, '.', 3);
}
banner_len += strlen(afl->use_banner);
banner_pad = (79 - banner_len) / 2;
memset(banner, ' ', banner_pad);
sprintf(banner + banner_pad,
"%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s]",
afl->crash_mode ? cPIN "peruvian were-rabbit"
: cYEL "american fuzzy lop",
si, afl->use_banner, afl->power_name);
}
SAYF("\n%s\n", banner);
/* "Handy" shortcuts for drawing boxes... */

19
src/afl-fuzz.c
View File

@ -1189,7 +1189,17 @@ int main(int argc, char **argv_orig, char **envp) {
}
if (afl->sync_id) { fix_up_sync(afl); }
if (afl->sync_id) {
if (strlen(afl->sync_id) > 24) {
FATAL("sync_id max length is 24 characters");
}
fix_up_sync(afl);
}
if (!strcmp(afl->in_dir, afl->out_dir)) {
@ -1218,6 +1228,8 @@ int main(int argc, char **argv_orig, char **envp) {
if (unlikely(afl->afl_env.afl_statsd)) { statsd_setup_format(afl); }
if (!afl->use_banner) { afl->use_banner = argv[optind]; }
if (strchr(argv[optind], '/') == NULL && !afl->unicorn_mode) {
WARNF(cLRD
@ -1486,9 +1498,6 @@ int main(int argc, char **argv_orig, char **envp) {
}
save_cmdline(afl, argc, argv);
fix_up_banner(afl, argv[optind]);
check_if_tty(afl);
if (afl->afl_env.afl_force_ui) { afl->not_on_tty = 0; }
@ -1697,7 +1706,7 @@ int main(int argc, char **argv_orig, char **envp) {
if (afl->non_instrumented_mode || afl->fsrv.qemu_mode ||
afl->fsrv.frida_mode || afl->unicorn_mode) {
map_size = afl->fsrv.map_size = MAP_SIZE;
map_size = afl->fsrv.real_map_size = afl->fsrv.map_size = MAP_SIZE;
afl->virgin_bits = ck_realloc(afl->virgin_bits, map_size);
afl->virgin_tmout = ck_realloc(afl->virgin_tmout, map_size);
afl->virgin_crash = ck_realloc(afl->virgin_crash, map_size);

25
src/afl-showmap.c
View File

@ -77,7 +77,7 @@ static u32 tcnt, highest; /* tuple content information */
static u32 in_len; /* Input data length */
static u32 map_size = MAP_SIZE;
static u32 map_size = MAP_SIZE, timed_out = 0;
static bool quiet_mode, /* Hide non-essential messages? */
edges_only, /* Ignore hit counts? */
@ -146,6 +146,18 @@ static const u8 count_class_binary[256] = {
#undef TIMES8
#undef TIMES4
static void kill_child() {
timed_out = 1;
if (fsrv->child_pid > 0) {
kill(fsrv->child_pid, fsrv->kill_signal);
fsrv->child_pid = -1;
}
}
static void classify_counts(afl_forkserver_t *fsrv) {
u8 * mem = fsrv->trace_bits;
@ -243,10 +255,13 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) {
(fsrv->last_run_timed_out || (!caa && child_crashed != cco))) {
if (strcmp(outfile, "-")) {
// create empty file to prevent error messages in afl-cmin
fd = open(outfile, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
close(fd);
}
return ret;
}
@ -359,9 +374,10 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem,
if (!quiet_mode) {
if (fsrv->last_run_timed_out) {
if (timed_out || fsrv->last_run_timed_out) {
SAYF(cLRD "\n+++ Program timed off +++\n" cRST);
timed_out = 0;
} else if (stop_soon) {
@ -523,6 +539,8 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) {
}
signal(SIGALRM, kill_child);
setitimer(ITIMER_REAL, &it, NULL);
if (waitpid(fsrv->child_pid, &status, 0) <= 0) { FATAL("waitpid() failed"); }
@ -565,9 +583,10 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) {
if (!quiet_mode) {
if (fsrv->last_run_timed_out) {
if (timed_out || fsrv->last_run_timed_out) {
SAYF(cLRD "\n+++ Program timed off +++\n" cRST);
timed_out = 0;
} else if (stop_soon) {

12
src/afl-tmin.c
View File

@ -120,6 +120,17 @@ static const u8 count_class_lookup[256] = {
#undef TIMES8
#undef TIMES4
static void kill_child() {
if (fsrv->child_pid > 0) {
kill(fsrv->child_pid, fsrv->kill_signal);
fsrv->child_pid = -1;
}
}
static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv,
sharedmem_t * shm_fuzz) {
@ -1125,6 +1136,7 @@ int main(int argc, char **argv_orig, char **envp) {
fsrv->target_path = find_binary(argv[optind]);
fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
detect_file_args(argv + optind, out_file, &fsrv->use_stdin);
signal(SIGALRM, kill_child);
if (fsrv->qemu_mode) {