fix autodict

author: van Hauser <vh@thc.org> 2020-06-29 00:58:05 +0200
committer: van Hauser <vh@thc.org> 2020-06-29 00:58:05 +0200
commit: e5e485fcdb039fc77842b0753a4adf42d6063388 (patch)
tree: a8b52645422ac6b75cbd3dd648af865112fdf66f
parent: 16f3df7cc6c429e302af2c21ecd5eb6ba9a58c6b (diff)
download: afl++-e5e485fcdb039fc77842b0753a4adf42d6063388.tar.gz
9 files changed, 62 insertions, 30 deletions
diff --git a/GNUmakefile b/GNUmakefile
index d95eaab1..748cd73c 100644
--- a/GNUmakefile
+++ b/GNUmakefile
@@ -394,8 +394,8 @@ afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86
 
 
 # document all mutations and only do one run (use with only one input file!)
-document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o | test_x86
-	$(CC) -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS)
+document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-performance.o | test_x86
+	$(CC) -D_DEBUG=\"1\" -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.c src/afl-performance.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS)
 
 test/unittests/unit_maybe_alloc.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_maybe_alloc.c $(AFL_FUZZ_FILES)
 	@$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_maybe_alloc.c -o test/unittests/unit_maybe_alloc.o
diff --git a/examples/persistent_demo/persistent_demo_new.c b/examples/persistent_demo/persistent_demo_new.c
index 98909442..e4e328b0 100644
--- a/examples/persistent_demo/persistent_demo_new.c
+++ b/examples/persistent_demo/persistent_demo_new.c
@@ -49,9 +49,13 @@ int main(int argc, char **argv) {
 
     len = __AFL_FUZZ_TESTCASE_LEN;
 
+    fprintf(stderr, "input: %zd \"%s\"\n", len, buf);
+
     /* do we have enough data? */
     if (len < 8) continue;
 
+    if (strcmp((char *)buf, "thisisateststring") == 0) printf("teststring\n");
+
     if (buf[0] == 'f') {
 
       printf("one\n");
diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h
index a9de3ba2..fa6c9b70 100644
--- a/include/afl-prealloc.h
+++ b/include/afl-prealloc.h
@@ -60,7 +60,7 @@ typedef enum prealloc_status {
                                                                                \
     if ((prealloc_counter) >= (prealloc_size)) {                               \
                                                                                \
-      el_ptr = (element_t *) malloc(sizeof(*el_ptr));                                        \
+      el_ptr = (element_t *)malloc(sizeof(*el_ptr));                           \
       if (!el_ptr) { FATAL("error in list.h -> out of memory for element!"); } \
       el_ptr->pre_status = PRE_STATUS_MALLOC;                                  \
                                                                                \
diff --git a/include/alloc-inl.h b/include/alloc-inl.h
index decc2d43..832b2de4 100644
--- a/include/alloc-inl.h
+++ b/include/alloc-inl.h
@@ -170,10 +170,10 @@ static inline u8 *DFL_ck_strdup(u8 *str) {
   size = strlen((char *)str) + 1;
 
   ALLOC_CHECK_SIZE(size);
-  ret = (u8*) malloc(size);
+  ret = (u8 *)malloc(size);
   ALLOC_CHECK_RESULT(ret, size);
 
-  return (u8*)memcpy(ret, str, size);
+  return (u8 *)memcpy(ret, str, size);
 
 }
 
@@ -204,7 +204,7 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
   if (!mem || !size) { return NULL; }
 
   ALLOC_CHECK_SIZE(size);
-  ret = (u8*) malloc(size + 1);
+  ret = (u8 *)malloc(size + 1);
   ALLOC_CHECK_RESULT(ret, size);
 
   memcpy(ret, mem, size);
diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c
index 184dcd0f..f81d13ee 100644
--- a/llvm_mode/afl-llvm-rt.o.c
+++ b/llvm_mode/afl-llvm-rt.o.c
@@ -395,6 +395,9 @@ static void __afl_start_snapshots(void) {
 
     if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1);
 
+    if (getenv("AFL_DEBUG"))
+      fprintf(stderr, "target forkserver recv: %08x\n", was_killed);
+
     if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) ==
         (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) {
 
@@ -594,6 +597,9 @@ static void __afl_start_forkserver(void) {
 
     if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1);
 
+    if (getenv("AFL_DEBUG"))
+      fprintf(stderr, "target forkserver recv: %08x\n", was_killed);
+
     if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) ==
         (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) {
 
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index bb7a6797..c5709b33 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -596,9 +596,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
 
           // this is not afl-fuzz - we deny and return
           if (fsrv->use_shmem_fuzz)
-            status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ);
+            status = (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ);
           else
-            status = (FS_OPT_ENABLED | FS_OPT_AUTODICT);
+            status = (FS_OPT_ENABLED);
           if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) {
 
             FATAL("Writing to forkserver failed.");
@@ -610,7 +610,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
         }
 
         if (!be_quiet) { ACTF("Using AUTODICT feature."); }
-        status = (FS_OPT_ENABLED | FS_OPT_AUTODICT);
+
+        if (fsrv->use_shmem_fuzz)
+          status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ);
+        else
+          status = (FS_OPT_ENABLED | FS_OPT_AUTODICT);
+
         if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) {
 
           FATAL("Writing to forkserver failed.");
@@ -862,16 +867,21 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) {
     *fsrv->shmem_fuzz_len = len;
     memcpy(fsrv->shmem_fuzz, buf, len);
 #ifdef _DEBUG
-    fprintf(stderr, "FS crc: %08x len: %u\n",
-            hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705),
-            *fsrv->shmem_fuzz_len);
-    fprintf(stderr, "SHM :");
-    for (int i = 0; i < *fsrv->shmem_fuzz_len; i++)
-      fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]);
-    fprintf(stderr, "\nORIG:");
-    for (int i = 0; i < *fsrv->shmem_fuzz_len; i++)
-      fprintf(stderr, "%02x", buf[i]);
-    fprintf(stderr, "\n");
+    if (getenv("AFL_DEBUG")) {
+
+      fprintf(stderr, "FS crc: %016llx len: %u\n",
+              hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705),
+              *fsrv->shmem_fuzz_len);
+      fprintf(stderr, "SHM :");
+      for (int i = 0; i < *fsrv->shmem_fuzz_len; i++)
+        fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]);
+      fprintf(stderr, "\nORIG:");
+      for (int i = 0; i < *fsrv->shmem_fuzz_len; i++)
+        fprintf(stderr, "%02x", buf[i]);
+      fprintf(stderr, "\n");
+
+    }
+
 #endif
 
   } else {
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 52931a39..2a1664e2 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -156,16 +156,22 @@ static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at,
     *afl->fsrv.shmem_fuzz_len = len - skip_len;
 
 #ifdef _DEBUG
-    fprintf(stderr, "FS crc: %08x len: %u\n",
-            hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705),
-            *fsrv->shmem_fuzz_len);
-    fprintf(stderr, "SHM :");
-    for (int i = 0; i < *fsrv->shmem_fuzz_len; i++)
-      fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]);
-    fprintf(stderr, "\nORIG:");
-    for (int i = 0; i < *fsrv->shmem_fuzz_len; i++)
-      fprintf(stderr, "%02x", buf[i]);
-    fprintf(stderr, "\n");
+    if (afl->debug) {
+
+      fprintf(
+          stderr, "FS crc: %16llx len: %u\n",
+          hash64(afl->fsrv.shmem_fuzz, *afl->fsrv.shmem_fuzz_len, 0xa5b35705),
+          *afl->fsrv.shmem_fuzz_len);
+      fprintf(stderr, "SHM :");
+      for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++)
+        fprintf(stderr, "%02x", afl->fsrv.shmem_fuzz[i]);
+      fprintf(stderr, "\nORIG:");
+      for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++)
+        fprintf(stderr, "%02x", (u8)((u8 *)mem)[i]);
+      fprintf(stderr, "\n");
+
+    }
+
 #endif
 
     return;
diff --git a/src/afl-performance.c b/src/afl-performance.c
index 0832dc39..0c1697a8 100644
--- a/src/afl-performance.c
+++ b/src/afl-performance.c
@@ -143,8 +143,10 @@ void long_jump(afl_state_t *afl) {
 
 #ifdef _DEBUG
 u32 hash32(u8 *key, u32 len, u32 seed) {
+
 #else
 u32 inline hash32(u8 *key, u32 len, u32 seed) {
+
 #endif
 
   return (u32)XXH64(key, len, seed);
@@ -153,8 +155,10 @@ u32 inline hash32(u8 *key, u32 len, u32 seed) {
 
 #ifdef _DEBUG
 u64 hash64(u8 *key, u32 len, u64 seed) {
+
 #else
 u64 inline hash64(u8 *key, u32 len, u64 seed) {
+
 #endif
 
   return XXH64(key, len, seed);
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 994d80eb..883398ff 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -985,10 +985,12 @@ int main(int argc, char **argv_orig, char **envp) {
 
       if (read_file(infile)) {
 
-        if (wait_for_gdb) { 
+        if (wait_for_gdb) {
+
           fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid);
           fprintf(stderr, "exec: kill -CONT %d\n", getpid());
           kill(0, SIGSTOP);
+
         }
 
         showmap_run_target_forkserver(fsrv, use_argv, in_data, in_len);
author	van Hauser <vh@thc.org>	2020-06-29 00:58:05 +0200
committer	van Hauser <vh@thc.org>	2020-06-29 00:58:05 +0200
commit	e5e485fcdb039fc77842b0753a4adf42d6063388 (patch)
tree	a8b52645422ac6b75cbd3dd648af865112fdf66f
parent	16f3df7cc6c429e302af2c21ecd5eb6ba9a58c6b (diff)
download	afl++-e5e485fcdb039fc77842b0753a4adf42d6063388.tar.gz