variable AFL_USE_LSAN.
AFL_USE_LSAN introduces the macro __AFL_CHECK_LEAK() which will check
for a memory leak when the macro is run. This is especially helpful
when using __AFL_LOOP().
If __AFL_LEAK_CHECK() is not used when AFL_USE_LSAN=1 is set,
the leak checker will run when the program exits.
In QEMU mode (-Q), setting AFL_QEMU_CUSTOM_BIN cause afl-fuzz to skip
prepending afl-qemu-trace to your command line. Use this if you wish to use a
custom afl-qemu-trace or if you need to modify the afl-qemu-trace arguments.
This environment variable allows rejection of
specific regions from instrumentation.
It takes priority over AFL_INST_LIBS and AFL_QEMU_INST_RANGES,
so it can be used to poke a "hole" in previously included sections.
* Adding AFL_KILL_SIGNAL environment variable
Controlling the kill signal used to end forked processes.
* Checking validity of AFL_KILL_SIGNAL env variable
This commit also sets a valid value in the environment to avoid
duplicating code in at_exit(). Changing data type of
fsrv->kill_signal to u8 to match last_kill_signal.
* Adding afl_kill_signal to AFL (environment) state
This commit simply introduces a struct member for future use. The
env variable is not used from the afl struct but from fsrv, where
its validity is checked, resulting in a FATAL in case of errors.
When we started using AFL, it did not have an integrated GCC plugin.
There was one proposed by Austin Seipp, but for various reasons we
ended up using some of its infrastructure (runtime and wrapper), but
writing the GCC plugin proper from scratch.
With AFL++'s renewed interest in a GCC plugin, we rebased ours, with
some features that are or were missing in the one that was integrated:
* efficient, fully-functional inline and out-of-line instrumentation
Inline instrumentation was work in progress in the original plugin.
Controlled by AFL_GCC_OUT_OF_LINE.
* reproducible instrumentation
Obey -frandom-seed for pseudorandom number generation.
* licensing clarity and strict compliance
GPLv3+ for the plugin, that uses GCC internals; add a copy of the
license, as required.
* allow/deny list support
Copied and adjusted from the LLVM plugin implementation.
* neverZero support
Not as compact as the asm-wrapper version, but likely more efficient.
Both are quite thread-unsafe, with different caveats.
Controlled with AFL_GCC_SKIP_NEVERZERO.
* Addition of AFL_FORKSRV_INIT_TMOUT env var
This commit introduces a new environment variable which allows to
specify the timespan AFL should wait for initial contact with the
forkserver.
This is useful for fuzz-targets requiring a rather long setup time
before the actual fuzzing can be started (e.g., unicorn).
* add .swp files to .gitignore
* Inherit init_tmout in afl_fsrv_init_dup
Without this patch, the forkserver would spawn with a timeout of 0 in
cmplog mode, leading to an immediate crash.
Additionally, this commit removes a spurious whitespace.
* Initialize afl->fsrv.init_tmout in afl_fsrv_init
Not all afl-components will need the new AFL_FORKSRV_INIT_TMOUT
environment variable. Hence, it's initialized to the safe "default"
value from before in afl_fsrv_init now.
