Merge branch 'master' of https://github.com/vanhauser-thc/AFLplusplus

2025-06-11 01:31:37 +00:00 · 2020-01-07 07:12:05 +01:00 · 2020-01-07 07:12:05 +01:00 · f88910755b
commit f88910755b
parent d176c59ea2 b2bee5c32a
39 changed files with 89 additions and 81 deletions
--- a/Android.bp
+++ b/Android.bp
@ -129,6 +129,7 @@ cc_library_static {
  vendor_available: true,
  host_supported: true,
  recovery_available: true,
+  sdk_version: "9",

  defaults: [
    "afl-defaults",
--- a/6
+++ b/6
@ -1,8 +1,8 @@
 #
-# american fuzzy lop - makefile
+# american fuzzy lop++ - makefile
 # -----------------------------
 #
-# Written by Michal Zalewski
+# Originally written by Michal Zalewski
 # 
 # Copyright 2013, 2014, 2015, 2016, 2017 Google Inc. All rights reserved.
 # 
@ -400,7 +400,7 @@ endif
 	set -e; if [ -f afl-clang-fast ] ; then ln -sf afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang++ ; else ln -sf afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang++; fi

 	mkdir -m 0755 -p ${DESTDIR}$(MAN_PATH)
-	install -m0644 -D *.8 ${DESTDIR}$(MAN_PATH)
+	install -m0644 *.8 ${DESTDIR}$(MAN_PATH)

 	install -m 755 afl-as $${DESTDIR}$(HELPER_PATH)
 	ln -sf afl-as $${DESTDIR}$(HELPER_PATH)/as
--- a/4
+++ b/4
@ -1,9 +1,9 @@
 #!/usr/bin/env sh
 #
-# american fuzzy lop - corpus minimization tool
+# american fuzzy lop++ - corpus minimization tool
 # ---------------------------------------------
 #
-# Written by Michal Zalewski
+# Originally written by Michal Zalewski
 #
 # Copyright 2014, 2015 Google Inc. All rights reserved.
 #
--- a/4
+++ b/4
@ -1,9 +1,9 @@
 #!/bin/sh
 #
-# american fuzzy lop - Advanced Persistent Graphing
+# american fuzzy lop++ - Advanced Persistent Graphing
 # -------------------------------------------------
 #
-# Written by Michal Zalewski
+# Originally written by Michal Zalewski
 # Based on a design & prototype by Michael Rash.
 #
 # Copyright 2014, 2015 Google Inc. All rights reserved.
--- a/7
+++ b/7
@ -1,11 +1,12 @@
 #!/bin/sh
 #
-# american fuzzy lop - status check tool
-# --------------------------------------
+# american fuzzy lop++ - status check tool
+# ----------------------------------------
 #
-# Written by Michal Zalewski
+# Originally written by Michal Zalewski
 #
 # Copyright 2015 Google Inc. All rights reserved.
+# Copyright 2019-2020 AFLplusplus Project. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/docs/ChangeLog
+++ b/docs/ChangeLog
@ -17,8 +17,9 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
 Version ++2.60d (develop):
 --------------------------

-  - exciting new stuff is coming up :-)
-  - all the best for the new year!
+  - afl-fuzz:
+     - now prints the real python version support compiled in
+  - added fix from Debian project to compile libdislocator and libtokencap


 --------------------------
--- a/experimental/argv_fuzzing/Makefile
+++ b/experimental/argv_fuzzing/Makefile
@ -1,5 +1,5 @@
 #
-# american fuzzy lop - argvfuzz
+# american fuzzy lop++ - argvfuzz
 # --------------------------------
 #
 # Copyright 2019-2020 Kjell Braden <afflux@pentabarf.de>
--- a/experimental/argv_fuzzing/argv-fuzz-inl.h
+++ b/experimental/argv_fuzzing/argv-fuzz-inl.h
@ -1,8 +1,8 @@
 /*
-   american fuzzy lop - sample argv fuzzing wrapper
+   american fuzzy lop++ - sample argv fuzzing wrapper
   ------------------------------------------------

-   Written by Michal Zalewski
+   Originally written by Michal Zalewski

   Copyright 2015 Google Inc. All rights reserved.

--- a/experimental/argv_fuzzing/argvfuzz.c
+++ b/experimental/argv_fuzzing/argvfuzz.c
@ -1,5 +1,5 @@
 /*
-   american fuzzy lop - LD_PRELOAD for fuzzing argv in binaries
+   american fuzzy lop++ - LD_PRELOAD for fuzzing argv in binaries
   ------------------------------------------------------------

   Copyright 2019-2020 Kjell Braden <afflux@pentabarf.de>
--- a/experimental/asan_cgroups/limit_memory.sh
+++ b/experimental/asan_cgroups/limit_memory.sh
@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 #
-# american fuzzy lop - limit memory using cgroups
+# american fuzzy lop++ - limit memory using cgroups
 # -----------------------------------------------
 #
 # Written by Samir Khakimov <samir.hakim@nyu.edu> and
--- a/experimental/canvas_harness/canvas_harness.html
+++ b/experimental/canvas_harness/canvas_harness.html
@ -1,10 +1,10 @@
 <html>
 <!--

-  american fuzzy lop - <canvas> harness
+  american fuzzy lop++ - <canvas> harness
  -------------------------------------
 
-  Written by Michal Zalewski
+  Originally written by Michal Zalewski
 
  Copyright 2013, 2014 Google Inc. All rights reserved.
 
--- a/experimental/clang_asm_normalize/as
+++ b/experimental/clang_asm_normalize/as
@ -1,9 +1,9 @@
 #!/bin/sh
 #
-# american fuzzy lop - clang assembly normalizer
+# american fuzzy lop++ - clang assembly normalizer
 # ----------------------------------------------
 #
-# Written by Michal Zalewski
+# Originally written by Michal Zalewski
 # The idea for this wrapper comes from Ryan Govostes.
 #
 # Copyright 2013, 2014 Google Inc. All rights reserved.
--- a/experimental/crash_triage/triage_crashes.sh
+++ b/experimental/crash_triage/triage_crashes.sh
@ -1,9 +1,9 @@
 #!/bin/sh
 #
-# american fuzzy lop - crash triage utility
+# american fuzzy lop++ - crash triage utility
 # -----------------------------------------
 #
-# Written by Michal Zalewski
+# Originally written by Michal Zalewski
 #
 # Copyright 2013, 2014, 2017 Google Inc. All rights reserved.
 #
--- a/experimental/distributed_fuzzing/sync_script.sh
+++ b/experimental/distributed_fuzzing/sync_script.sh
@ -1,11 +1,12 @@
 #!/bin/sh
 #
-# american fuzzy lop - fuzzer synchronization tool
-# ------------------------------------------------
+# american fuzzy lop++ - fuzzer synchronization tool
+# --------------------------------------------------
 #
-# Written by Michal Zalewski
+# Originally written by Michal Zalewski
 #
 # Copyright 2014 Google Inc. All rights reserved.
+# Copyright 2019-2020 AFLplusplus Project. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/experimental/persistent_demo/persistent_demo.c
+++ b/experimental/persistent_demo/persistent_demo.c
@ -1,8 +1,8 @@
 /*
-   american fuzzy lop - persistent mode example
+   american fuzzy lop++ - persistent mode example
   --------------------------------------------

-   Written by Michal Zalewski
+   Originally written by Michal Zalewski

   Copyright 2015 Google Inc. All rights reserved.

--- a/experimental/post_library/post_library.so.c
+++ b/experimental/post_library/post_library.so.c
@ -1,8 +1,8 @@
 /*
-   american fuzzy lop - postprocessor library example
+   american fuzzy lop++ - postprocessor library example
   --------------------------------------------------

-   Written by Michal Zalewski
+   Originally written by Michal Zalewski

   Copyright 2015 Google Inc. All rights reserved.

--- a/experimental/post_library/post_library_png.so.c
+++ b/experimental/post_library/post_library_png.so.c
@ -1,8 +1,8 @@
 /*
-   american fuzzy lop - postprocessor for PNG
+   american fuzzy lop++ - postprocessor for PNG
   ------------------------------------------

-   Written by Michal Zalewski
+   Originally written by Michal Zalewski

   Copyright 2015 Google Inc. All rights reserved.

--- a/gcc_plugin/Makefile
+++ b/gcc_plugin/Makefile
@ -1,5 +1,5 @@
 #
-# american fuzzy lop - GCC plugin instrumentation
+# american fuzzy lop++ - GCC plugin instrumentation
 # -----------------------------------------------
 #
 # Written by Austin Seipp <aseipp@pobox.com> and
@ -11,6 +11,7 @@
 # from Laszlo Szekeres.
 #
 # Copyright 2015 Google Inc. All rights reserved.
+# Copyright 2019-2020 AFLplusplus Project. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
--- a/gcc_plugin/afl-gcc-fast.c
+++ b/gcc_plugin/afl-gcc-fast.c
@ -1,5 +1,5 @@
 /*
-   american fuzzy lop - GCC wrapper for GCC plugin
+   american fuzzy lop++ - GCC wrapper for GCC plugin
   ------------------------------------------------

   Written by Austin Seipp <aseipp@pobox.com> and
--- a/gcc_plugin/afl-gcc-pass.so.cc
+++ b/gcc_plugin/afl-gcc-pass.so.cc
@ -8,7 +8,7 @@
 //

 /*
-   american fuzzy lop - GCC instrumentation pass
+   american fuzzy lop++ - GCC instrumentation pass
   ---------------------------------------------

   Written by Austin Seipp <aseipp@pobox.com> with bits from
--- a/gcc_plugin/afl-gcc-rt.o.c
+++ b/gcc_plugin/afl-gcc-rt.o.c
@ -1,5 +1,5 @@
 /*
-   american fuzzy lop - GCC plugin instrumentation bootstrap
+   american fuzzy lop++ - GCC plugin instrumentation bootstrap
   ---------------------------------------------------------

   Written by Austin Seipp <aseipp@pobox.com> and
--- a/include/hash.h
+++ b/include/hash.h
@ -15,6 +15,7 @@
   Other code written by Michal Zalewski

   Copyright 2016 Google Inc. All rights reserved.
+   Copyright 2019-2020 AFLplusplus Project. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/libdislocator/Makefile
+++ b/libdislocator/Makefile
@ -1,8 +1,8 @@
 #
-# american fuzzy lop - libdislocator
+# american fuzzy lop++ - libdislocator
 # ----------------------------------
 #
-# Written by Michal Zalewski
+# Originally written by Michal Zalewski
 #
 # Copyright 2016 Google Inc. All rights reserved.
 #
@ -18,8 +18,8 @@ HELPER_PATH  = $(PREFIX)/lib/afl

 VERSION     = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2)

-CFLAGS      ?= -O3 -funroll-loops -I ../include/
-CFLAGS      += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign
+CFLAGS      ?= -O3 -funroll-loops
+CFLAGS      += -I ../include/ -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign

 ifdef USEHUGEPAGE
 	CFLAGS += -DUSEHUGEPAGE
--- a/libdislocator/libdislocator.so.c
+++ b/libdislocator/libdislocator.so.c
@ -1,11 +1,12 @@
 /*

-   american fuzzy lop - dislocator, an abusive allocator
+   american fuzzy lop++ - dislocator, an abusive allocator
   -----------------------------------------------------

-   Written by Michal Zalewski
+   Originally written by Michal Zalewski

   Copyright 2016 Google Inc. All rights reserved.
+   Copyright 2019-2020 AFLplusplus Project. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/libtokencap/Makefile
+++ b/libtokencap/Makefile
@ -1,8 +1,8 @@
 #
-# american fuzzy lop - libtokencap
+# american fuzzy lop++ - libtokencap
 # --------------------------------
 #
-# Written by Michal Zalewski
+# Originally written by Michal Zalewski
 #
 # Copyright 2016 Google Inc. All rights reserved.
 #
@ -18,8 +18,8 @@ HELPER_PATH  = $(PREFIX)/lib/afl

 VERSION     = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2)

-CFLAGS      ?= -O3 -funroll-loops -I ../include/
-CFLAGS      += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign
+CFLAGS      ?= -O3 -funroll-loops
+CFLAGS      += -I ../include/ -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign

 ifeq "$(shell uname)" "Linux"
  TARGETS = libtokencap.so
--- a/libtokencap/libtokencap.so.c
+++ b/libtokencap/libtokencap.so.c
@ -1,11 +1,12 @@
 /*

-   american fuzzy lop - extract tokens passed to strcmp / memcmp
+   american fuzzy lop++ - extract tokens passed to strcmp / memcmp
   -------------------------------------------------------------

-   Written by Michal Zalewski
+   Originally written by Michal Zalewski

   Copyright 2016 Google Inc. All rights reserved.
+   Copyright 2019-2020 AFLplusplus Project. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/llvm_mode/Makefile
+++ b/llvm_mode/Makefile
@ -1,5 +1,5 @@
 #
-# american fuzzy lop - LLVM instrumentation
+# american fuzzy lop++ - LLVM instrumentation
 # -----------------------------------------
 #
 # Written by Laszlo Szekeres <lszekeres@google.com> and
@ -261,5 +261,5 @@ vpath  % ..
 	ln -sf afl-clang-fast.8 ../afl-clang-fast++.8

 clean:
-	rm -f *.o *.so *~ a.out core core.[1-9][0-9]* .test2 test-instr .test-instr0 .test-instr1 
+	rm -f *.o *.so *~ a.out core core.[1-9][0-9]* .test2 test-instr .test-instr0 .test-instr1 afl-llvm-pass.dwo
 	rm -f $(PROGS) ../afl-clang-fast++ ../afl-clang-fast*.8
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@ -1,5 +1,5 @@
 /*
-   american fuzzy lop - LLVM-mode wrapper for clang
+   american fuzzy lop++ - LLVM-mode wrapper for clang
   ------------------------------------------------

   Written by Laszlo Szekeres <lszekeres@google.com> and
@ -8,6 +8,7 @@
   LLVM integration design comes from Laszlo Szekeres.

   Copyright 2015, 2016 Google Inc. All rights reserved.
+   Copyright 2019-2020 AFLplusplus Project. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/llvm_mode/afl-llvm-pass.so.cc
+++ b/llvm_mode/afl-llvm-pass.so.cc
@ -1,5 +1,5 @@
 /*
-   american fuzzy lop - LLVM-mode instrumentation pass
+   american fuzzy lop++ - LLVM-mode instrumentation pass
   ---------------------------------------------------

   Written by Laszlo Szekeres <lszekeres@google.com> and
@ -9,6 +9,7 @@
   from afl-as.c are Michal's fault.

   Copyright 2015, 2016 Google Inc. All rights reserved.
+   Copyright 2019-2020 AFLplusplus Project. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/llvm_mode/afl-llvm-rt.o.c
+++ b/llvm_mode/afl-llvm-rt.o.c
@ -1,5 +1,5 @@
 /*
-   american fuzzy lop - LLVM instrumentation bootstrap
+   american fuzzy lop++ - LLVM instrumentation bootstrap
   ---------------------------------------------------

   Written by Laszlo Szekeres <lszekeres@google.com> and
@ -8,6 +8,7 @@
   LLVM integration design comes from Laszlo Szekeres.

   Copyright 2015, 2016 Google Inc. All rights reserved.
+   Copyright 2019-2020 AFLplusplus Project. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/qemu_mode/build_qemu_support.sh
+++ b/qemu_mode/build_qemu_support.sh
@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# american fuzzy lop - QEMU build script
+# american fuzzy lop++ - QEMU build script
 # --------------------------------------
 #
 # Originally written by Andrew Griffiths <agriffiths@google.com> and
--- a/qemu_mode/libcompcov/Makefile
+++ b/qemu_mode/libcompcov/Makefile
@ -1,5 +1,5 @@
 #
-# american fuzzy lop - libcompcov
+# american fuzzy lop++ - libcompcov
 # --------------------------------
 #
 # Written by Andrea Fioraldi <andreafioraldi@gmail.com>
--- a/qemu_mode/unsigaction/Makefile
+++ b/qemu_mode/unsigaction/Makefile
@ -1,5 +1,5 @@
 #
-# american fuzzy lop - unsigaction
+# american fuzzy lop++ - unsigaction
 # --------------------------------
 #
 # Written by Andrea Fioraldi <andreafioraldi@gmail.com>
--- a/qemu_mode/unsigaction/README.md
+++ b/qemu_mode/unsigaction/README.md
@ -1,7 +1,7 @@
-# unsigation
+# unsigaction

-This library disable sigaction when preloaded.
+This library disables sigaction handlers when preloaded.

 Mainly needed by Wine mode but can be used as a separate tool.

-A similar solution can be found in is [preeny](https://github.com/zardus/preeny).
+A similar solution can be found in [preeny](https://github.com/zardus/preeny).
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@ -482,6 +482,8 @@ u8 fuzz_one_original(char** argv) {

  if (use_radamsa > 1) goto radamsa_stage;

+  // custom_stage:	// not used - yet
+
  if (custom_mutator) {

    stage_short = "custom";
@ -541,13 +543,10 @@ u8 fuzz_one_original(char** argv) {
                         : havoc_max_mult * 100)) ||
      queue_cur->passed_det) {

-    if (use_radamsa > 1)
-      goto radamsa_stage;
-    else
 #ifdef USE_PYTHON
-      goto python_stage;
+    goto python_stage;
 #else
-      goto havoc_stage;
+    goto havoc_stage;
 #endif

  }
@ -557,13 +556,10 @@ u8 fuzz_one_original(char** argv) {

  if (master_max && (queue_cur->exec_cksum % master_max) != master_id - 1) {

-    if (use_radamsa > 1)
-      goto radamsa_stage;
-    else
 #ifdef USE_PYTHON
-      goto python_stage;
+    goto python_stage;
 #else
-      goto havoc_stage;
+    goto havoc_stage;
 #endif

  }
@ -2266,13 +2262,10 @@ retry_splicing:
    out_buf = ck_alloc_nozero(len);
    memcpy(out_buf, in_buf, len);

-    if (use_radamsa > 1)
-      goto radamsa_stage;
-    else
 #ifdef USE_PYTHON
-      goto python_stage;
+    goto python_stage;
 #else
-      goto havoc_stage;
+    goto havoc_stage;
 #endif

  }
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -1,5 +1,5 @@
 /*
-   american fuzzy lop - fuzzer code
+   american fuzzy lop++ - fuzzer code
   --------------------------------

   Originally written by Michal Zalewski
@ -144,7 +144,8 @@ static void usage(u8* argv0) {
      argv0, EXEC_TIMEOUT, MEM_LIMIT);

 #ifdef USE_PYTHON
-  SAYF("Compiled with Python %s module support, see docs/python_mutators.txt\n", (char*)PYTHON_VERSION);
+  SAYF("Compiled with Python %s module support, see docs/python_mutators.txt\n",
+       (char*)PYTHON_VERSION);
 #endif

  SAYF("For additional help please consult %s/README.md\n\n", doc_path);
@ -591,7 +592,7 @@ int main(int argc, char** argv) {
  if (optind == argc || !in_dir || !out_dir) usage(argv[0]);

  OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" "
-      "Eissfeldt and Andrea Fioraldi");
+      "Eißfeldt and Andrea Fioraldi");
  OKF("afl++ is open source, get it at "
      "https://github.com/vanhauser-thc/AFLplusplus");
  OKF("Power schedules from github.com/mboehme/aflfast");
--- a/src/afl-gotcpu.c
+++ b/src/afl-gotcpu.c
@ -1,5 +1,5 @@
 /*
-   american fuzzy lop - free CPU gizmo
+   american fuzzy lop++ - free CPU gizmo
   -----------------------------------

   Originally written by Michal Zalewski
--- a/test-instr.c
+++ b/test-instr.c
@ -1,10 +1,11 @@
 /*
-   american fuzzy lop - a trivial program to test the build
+   american fuzzy lop++ - a trivial program to test the build
   --------------------------------------------------------

-   Written by Michal Zalewski
+   Originally written by Michal Zalewski

   Copyright 2014 Google Inc. All rights reserved.
+   Copyright 2019-2020 AFLplusplus Project. All rights reserved.

   Licensed under the Apache License, Version 2.0 (the "License");
   you may not use this file except in compliance with the License.
--- a/test/test.sh
+++ b/test/test.sh
@ -13,6 +13,8 @@ OK=OK
 diff -q test.1 test.2 >/dev/null 2>&1 || OK=
 rm -f test.1 test.2
 test -z "$OK" && { echo Error: diff -q is not working ; exit 1 ; }
+test -z "$LLVM_CONFIG" && LLVM_CONFIG=llvm-config
+

 ECHO="printf %b\\n"
 $ECHO \\101 2>&1 | grep -qE '^A' || {
@ -179,7 +181,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && {
  if which clang >/dev/null; then
    export AFL_CC=`which clang`
  else
-    export AFL_CC=`llvm-config --bindir`/clang
+    export AFL_CC=`$LLVM_CONFIG --bindir`/clang
  fi
  ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1
  AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1