ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 02:28:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #689 from AFLplusplus/cmplog_merge

Browse Source 
cmplog merge
This commit is contained in:
van Hauser
2021-01-21 12:03:21 +01:00
committed by GitHub
parent b39b87b2f7 0d472adef0
commit fc3f06caec
26 changed files with 3081 additions and 548 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
src/afl-fuzz.c
View File

@ -77,13 +77,8 @@ static void at_exit() {
}
int kill_signal = SIGKILL;
/* AFL_KILL_SIGNAL should already be a valid int at this point */
if (getenv("AFL_KILL_SIGNAL")) {
kill_signal = atoi(getenv("AFL_KILL_SIGNAL"));
}
if ((ptr = getenv("AFL_KILL_SIGNAL"))) { kill_signal = atoi(ptr); }
if (pid1 > 0) { kill(pid1, kill_signal); }
if (pid2 > 0) { kill(pid2, kill_signal); }
@ -103,13 +98,14 @@ static void usage(u8 *argv0, int more_help) {
"Execution control settings:\n"
" -p schedule - power schedules compute a seed's performance score:\n"
" <fast(default), rare, exploit, seek, mmopt, coe, "
"explore,\n"
" lin, quad> -- see docs/power_schedules.md\n"
" fast(default), explore, exploit, seek, rare, mmopt, "
"coe, lin\n"
" quad -- see docs/power_schedules.md\n"
" -f file - location read by the fuzzed program (default: stdin "
"or @@)\n"
" -t msec - timeout for each run (auto-scaled, 50-%u ms)\n"
" -m megs - memory limit for child process (%u MB, 0 = no limit)\n"
" -m megs - memory limit for child process (%u MB, 0 = no limit "
"[default])\n"
" -Q - use binary-only instrumentation (QEMU mode)\n"
" -U - use unicorn-based instrumentation (Unicorn mode)\n"
" -W - use qemu-based instrumentation with Wine (Wine "
@ -125,7 +121,9 @@ static void usage(u8 *argv0, int more_help) {
" See docs/README.MOpt.md\n"
" -c program - enable CmpLog by specifying a binary compiled for "
"it.\n"
" if using QEMU, just use -c 0.\n\n"
" if using QEMU, just use -c 0.\n"
" -l cmplog_level - set the complexity/intensivity of CmpLog.\n"
" Values: 1 (default), 2 (intensive) and 3 (heavy)\n\n"
"Fuzzing behavior settings:\n"
" -Z - sequential queue selection instead of weighted "
@ -357,7 +355,8 @@ int main(int argc, char **argv_orig, char **envp) {
while ((opt = getopt(
argc, argv,
"+b:c:i:I:o:f:F:m:t:T:dDnCB:S:M:x:QNUWe:p:s:V:E:L:hRP:Z")) > 0) {
"+b:B:c:CdDe:E:hi:I:f:F:l:L:m:M:nNo:p:P:RQs:S:t:T:UV:Wx:Z")) >
0) {
switch (opt) {
@ -786,6 +785,26 @@ int main(int argc, char **argv_orig, char **envp) {
} break;
case 'l': {
afl->cmplog_lvl = atoi(optarg);
if (afl->cmplog_lvl < 1 || afl->cmplog_lvl > CMPLOG_LVL_MAX) {
FATAL(
"Bad complog level value, accepted values are 1 (default), 2 and "
"%u.",
CMPLOG_LVL_MAX);
}
if (afl->cmplog_lvl == CMPLOG_LVL_MAX) {
afl->cmplog_max_filesize = MAX_FILE;
}
} break;
case 'L': { /* MOpt mode */
if (afl->limit_time_sig) { FATAL("Multiple -L options not supported"); }
@ -1075,6 +1094,8 @@ int main(int argc, char **argv_orig, char **envp) {
}
if (afl->shm.cmplog_mode) { OKF("CmpLog level: %u", afl->cmplog_lvl); }
/* Dynamically allocate memory for AFLFast schedules */
if (afl->schedule >= FAST && afl->schedule <= RARE) {
@ -1634,6 +1655,14 @@ int main(int argc, char **argv_orig, char **envp) {
if (afl->use_splicing) {
++afl->cycles_wo_finds;
if (unlikely(afl->shm.cmplog_mode &&
afl->cmplog_max_filesize < MAX_FILE)) {
afl->cmplog_max_filesize <<= 4;
}
switch (afl->expand_havoc) {
case 0:
@ -1651,6 +1680,7 @@ int main(int argc, char **argv_orig, char **envp) {
}
afl->expand_havoc = 2;
if (afl->cmplog_lvl < 2) afl->cmplog_lvl = 2;
break;
case 2:
// if (!have_p) afl->schedule = EXPLOIT;
@ -1664,11 +1694,14 @@ int main(int argc, char **argv_orig, char **envp) {
afl->expand_havoc = 4;
break;
case 4:
// if not in sync mode, enable deterministic mode?
// if (!afl->sync_id) afl->skip_deterministic = 0;
afl->expand_havoc = 5;
if (afl->cmplog_lvl < 3) afl->cmplog_lvl = 3;
break;
case 5:
// if not in sync mode, enable deterministic mode?
if (!afl->sync_id) afl->skip_deterministic = 0;
afl->expand_havoc = 6;
case 6:
// nothing else currently
break;