diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-01-06 11:46:23 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-01-06 11:46:23 +0100 |
| commit | b95cd8968d765bf71fffb13e3cdc8d13e24949d1 (patch) | |
| tree | cfcd46a3395dd091b8aa48ec665e0df57ccf8b62 | |
| parent | 67cbeeb395c7e0aa8820e79c92f5e8e1322f8be0 (diff) | |
| parent | e7fc1ef49e8c9d8fa563f321f5e5906ce8fad69d (diff) | |
| download | afl++-b95cd8968d765bf71fffb13e3cdc8d13e24949d1.tar.gz | |
Merge branch 'master' of github.com:vanhauser-thc/AFLplusplus
65 files changed, 212 insertions, 118 deletions
diff --git a/.custom-format.py b/.custom-format.py index 70107997..f493a2d9 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -6,7 +6,7 @@ # Written and maintaned by Andrea Fioraldi <andreafioraldi@gmail.com> # # Copyright 2015, 2016, 2017 Google Inc. All rights reserved. -# Copyright 2019 AFLplusplus Project. All rights reserved. +# Copyright 2019-2020 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -129,6 +129,7 @@ cc_library_static { vendor_available: true, host_supported: true, recovery_available: true, + sdk_version: "9", defaults: [ "afl-defaults", @@ -104,9 +104,9 @@ endif COMM_HDR = include/alloc-inl.h include/config.h include/debug.h include/types.h -ifeq "$(shell echo '\#include <Python.h>@int main() {return 0; }' | tr @ '\n' | $(CC) -x c - -o .test -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB) 2>/dev/null && echo 1 || echo 0 )" "1" +ifeq "$(shell echo '\#include <Python.h>@int main() {return 0; }' | tr @ '\n' | $(CC) -x c - -o .test -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB) 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" PYTHON_OK=1 - PYFLAGS=-DUSE_PYTHON -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB) + PYFLAGS=-DUSE_PYTHON -I$(PYTHON_INCLUDE) $(LDFLAGS) $(PYTHON_LIB) -DPYTHON_VERSION=\"$(PYTHON_VERSION)\" else PYTHON_OK=0 PYFLAGS= @@ -122,7 +122,7 @@ ifdef STATIC LDFLAGS += -lm -lrt -lpthread -lz -lutil endif -ifeq "$(shell echo '\#include <sys/ipc.h>@\#include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 )" "1" +ifeq "$(shell echo '\#include <sys/ipc.h>@\#include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1" SHMAT_OK=1 else SHMAT_OK=0 @@ -145,6 +145,7 @@ man: $(MANPAGES) tests: source-only @cd test ; ./test.sh + @rm -f test/errors performance-tests: performance-test test-performance: performance-test @@ -325,7 +326,7 @@ clean: $(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/libcompcov clean $(MAKE) -C src/third_party/libradamsa/ clean - -$(MAKE) -C unicorn_mode/unicorn clean + -rm -rf unicorn_mode/unicorn distrib: all radamsa -$(MAKE) -C llvm_mode @@ -399,7 +400,7 @@ endif set -e; if [ -f afl-clang-fast ] ; then ln -sf afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang++ ; else ln -sf afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang++; fi mkdir -m 0755 -p ${DESTDIR}$(MAN_PATH) - install -m0644 -D *.8 ${DESTDIR}$(MAN_PATH) + install -m0644 *.8 ${DESTDIR}$(MAN_PATH) install -m 755 afl-as $${DESTDIR}$(HELPER_PATH) ln -sf afl-as $${DESTDIR}$(HELPER_PATH)/as @@ -2,9 +2,9 @@  - Release Version: 2.59c + Release Version: 2.60c - Github Version: 2.59d + Github Version: 2.60d includes all necessary/interesting changes from Google's afl 2.56b @@ -71,9 +71,9 @@ (1) only in LLVM >= 9.0 due to a bug in llvm in previous versions - (2) gcc create non-performant code, hence it is disabled in gcc_plugin + (2) gcc creates non-performant code, hence it is disabled in gcc_plugin - So all in all this is the best-of AFL that is currently out there :-) + So all in all this is the best-of afl that is currently out there :-) For new versions and additional information, check out: [https://github.com/vanhauser-thc/AFLplusplus](https://github.com/vanhauser-thc/AFLplusplus) @@ -124,7 +124,7 @@ afl++ binaries by passing the STATIC=1 argument to make: $ make all STATIC=1 ``` -Note that afl++ is faster and better the newer the compilers used. +Note that afl++ is faster and better the newer the compilers used are. Hence gcc-9 and especially llvm-9 should be the compilers of choice. If your distribution does not have them, you can use the Dockerfile: diff --git a/docs/ChangeLog b/docs/ChangeLog index 92fd08ec..d3b27e35 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -14,12 +14,25 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. -------------------------- -Version ++2.59d (develop): +Version ++2.60d (develop): -------------------------- + - afl-fuzz: + - now prints the real python version support compiled in + - added fix from Debian project to compile libdislocator and libtokencap + + +-------------------------- +Version ++2.60c (release): +-------------------------- + + - fixed a critical bug in afl-tmin that was introduced during ++2.53d + - added test cases for afl-cmin and afl-tmin to test/test.sh - added ./experimental/argv_fuzzing ld_preload library by Kjell Braden - added preeny's desock_dup ld_preload library as ./experimental/socket_fuzzing for network fuzzing + - added AFL_AS_FORCE_INSTRUMENT environment variable for afl-as - this is + for the retrorewrite project - we now set QEMU_SET_ENV from AFL_PRELOAD when qemu_mode is used diff --git a/docs/env_variables.txt b/docs/env_variables.txt index 427f8cca..a6162767 100644 --- a/docs/env_variables.txt +++ b/docs/env_variables.txt @@ -65,6 +65,10 @@ tools make fairly broad use of environmental variables: mkdir assembly_here TMPDIR=$PWD/assembly_here AFL_KEEP_ASSEMBLY=1 make clean all + - If you are a weird person that wants to compile and instrument asm + text files then use the AFL_AS_FORCE_INSTRUMENT variable: + AFL_AS_FORCE_INSTRUMENT=1 afl-gcc foo.s -o foo + - Setting AFL_QUIET will prevent afl-cc and afl-as banners from being displayed during compilation, in case you find them distracting. diff --git a/experimental/argv_fuzzing/Makefile b/experimental/argv_fuzzing/Makefile index 22e74f97..7f9378e8 100644 --- a/experimental/argv_fuzzing/Makefile +++ b/experimental/argv_fuzzing/Makefile @@ -2,7 +2,7 @@ # american fuzzy lop++ - argvfuzz # -------------------------------- # -# Copyright 2019 Kjell Braden <afflux@pentabarf.de> +# Copyright 2019-2020 Kjell Braden <afflux@pentabarf.de> # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/experimental/argv_fuzzing/argvfuzz.c b/experimental/argv_fuzzing/argvfuzz.c index 939bd540..4251ca4c 100644 --- a/experimental/argv_fuzzing/argvfuzz.c +++ b/experimental/argv_fuzzing/argvfuzz.c @@ -2,7 +2,7 @@ american fuzzy lop++ - LD_PRELOAD for fuzzing argv in binaries ------------------------------------------------------------ - Copyright 2019 Kjell Braden <afflux@pentabarf.de> + Copyright 2019-2020 Kjell Braden <afflux@pentabarf.de> Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/gcc_plugin/Makefile b/gcc_plugin/Makefile index 13857eb5..156dd023 100644 --- a/gcc_plugin/Makefile +++ b/gcc_plugin/Makefile @@ -35,7 +35,7 @@ CXX ?= g++ PLUGIN_FLAGS = -fPIC -fno-rtti -I"$(shell $(CC) -print-file-name=plugin)/include" -ifeq "$(shell echo '\#include <sys/ipc.h>@\#include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 )" "1" +ifeq "$(shell echo '\#include <sys/ipc.h>@\#include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1" SHMAT_OK=1 else SHMAT_OK=0 @@ -126,5 +126,5 @@ vpath % .. ln -sf afl-gcc-fast.8 ../afl-g++-fast.8 clean: - rm -f *.o *.so *~ a.out core core.[1-9][0-9]* test-instr .test-instr0 .test-instr1 + rm -f *.o *.so *~ a.out core core.[1-9][0-9]* test-instr .test-instr0 .test-instr1 .test2 rm -f $(PROGS) ../afl-g++-fast ../afl-g*-fast.8 diff --git a/gcc_plugin/afl-gcc-pass.so.cc b/gcc_plugin/afl-gcc-pass.so.cc index f46579a3..f77af5fa 100644 --- a/gcc_plugin/afl-gcc-pass.so.cc +++ b/gcc_plugin/afl-gcc-pass.so.cc @@ -14,7 +14,7 @@ Written by Austin Seipp <aseipp@pobox.com> with bits from Emese Revfy <re.emese@gmail.com> - Fixed by Heiko Eißfeldt 2019 for AFL++ + Fixed by Heiko Eißfeldt 2019-2020 for AFL++ GCC integration design is based on the LLVM design, which comes from Laszlo Szekeres. Some of the boilerplate code below for diff --git a/include/afl-as.h b/include/afl-as.h index f0263312..3af42205 100644 --- a/include/afl-as.h +++ b/include/afl-as.h @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 39398c18..9ecf1f29 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -271,6 +271,7 @@ extern u64 mem_limit; /* Memory cap for child (MB) */ extern u8 cal_cycles, /* Calibration cycles defaults */ cal_cycles_long, /* Calibration cycles defaults */ no_unlink, /* do not unlink cur_input */ + use_stdin, /* use stdin for sending data */ debug, /* Debug mode */ custom_only, /* Custom mutator only mode */ python_only; /* Python-only mode */ diff --git a/include/alloc-inl.h b/include/alloc-inl.h index f5bb7246..48598ed3 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/android-ashmem.h b/include/android-ashmem.h index 2b9c811c..35a5ba5e 100755 --- a/include/android-ashmem.h +++ b/include/android-ashmem.h @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/common.h b/include/common.h index 7c3d4517..8ab78b41 100644 --- a/include/common.h +++ b/include/common.h @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/config.h b/include/config.h index e0b2555b..c5139dbd 100644 --- a/include/config.h +++ b/include/config.h @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ /* Version string: */ -#define VERSION "++2.59d" // c = release, d = volatile github dev +#define VERSION "++2.60d" // c = release, d = volatile github dev /****************************************************** * * diff --git a/include/debug.h b/include/debug.h index ed6c29e9..68109927 100644 --- a/include/debug.h +++ b/include/debug.h @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/forkserver.h b/include/forkserver.h index 9cabe58e..17bc65af 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -11,7 +11,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/sharedmem.h b/include/sharedmem.h index cec6c025..69291330 100644 --- a/include/sharedmem.h +++ b/include/sharedmem.h @@ -11,7 +11,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/include/types.h b/include/types.h index 6e23edef..eba47be7 100644 --- a/include/types.h +++ b/include/types.h @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/libdislocator/Makefile b/libdislocator/Makefile index dd52b31d..a7507918 100644 --- a/libdislocator/Makefile +++ b/libdislocator/Makefile @@ -18,8 +18,8 @@ HELPER_PATH = $(PREFIX)/lib/afl VERSION = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2) -CFLAGS ?= -O3 -funroll-loops -I ../include/ -CFLAGS += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign +CFLAGS ?= -O3 -funroll-loops +CFLAGS += -I ../include/ -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign ifdef USEHUGEPAGE CFLAGS += -DUSEHUGEPAGE diff --git a/libtokencap/Makefile b/libtokencap/Makefile index df594e8e..858f0dcb 100644 --- a/libtokencap/Makefile +++ b/libtokencap/Makefile @@ -18,8 +18,8 @@ HELPER_PATH = $(PREFIX)/lib/afl VERSION = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2) -CFLAGS ?= -O3 -funroll-loops -I ../include/ -CFLAGS += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign +CFLAGS ?= -O3 -funroll-loops +CFLAGS += -I ../include/ -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign ifeq "$(shell uname)" "Linux" TARGETS = libtokencap.so diff --git a/libtokencap/libtokencap.so.c b/libtokencap/libtokencap.so.c index d67e4e16..e4f531c8 100644 --- a/libtokencap/libtokencap.so.c +++ b/libtokencap/libtokencap.so.c @@ -142,6 +142,9 @@ static void __tokencap_load_mappings(void) { } + base += size; + size = 0; + } } @@ -687,6 +690,20 @@ bool strcsequal(const void* s1, const void* s2) { } +/* bcmp/memcmp BSD flavors, similar to CRYPTO_memcmp */ + +int timingsafe_bcmp(const void* mem1, const void* mem2, size_t len) { + + return bcmp(mem1, mem2, len); + +} + +int timingsafe_memcmp(const void* mem1, const void* mem2, size_t len) { + + return memcmp(mem1, mem2, len); + +} + /* Init code to open the output file (or default to stderr). */ __attribute__((constructor)) void __tokencap_init(void) { diff --git a/llvm_mode/Makefile b/llvm_mode/Makefile index ce0faf9b..0e290ffc 100644 --- a/llvm_mode/Makefile +++ b/llvm_mode/Makefile @@ -115,7 +115,7 @@ endif CLANGVER = $(shell $(CC) --version | sed -E -ne '/^.*version\ ([0-9]\.[0-9]\.[0-9]).*/s//\1/p') -ifeq "$(shell echo '\#include <sys/ipc.h>@\#include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 )" "1" +ifeq "$(shell echo '\#include <sys/ipc.h>@\#include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1" SHMAT_OK=1 else SHMAT_OK=0 @@ -261,5 +261,5 @@ vpath % .. ln -sf afl-clang-fast.8 ../afl-clang-fast++.8 clean: - rm -f *.o *.so *~ a.out core core.[1-9][0-9]* .test2 test-instr .test-instr0 .test-instr1 + rm -f *.o *.so *~ a.out core core.[1-9][0-9]* .test2 test-instr .test-instr0 .test-instr1 afl-llvm-pass.dwo rm -f $(PROGS) ../afl-clang-fast++ ../afl-clang-fast*.8 diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index ef98bf25..724ae1a9 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -50,7 +50,11 @@ static void find_obj(u8* argv0) { if (afl_path) { +#ifdef __ANDROID__ + tmp = alloc_printf("%s/afl-llvm-rt.so", afl_path); +#else tmp = alloc_printf("%s/afl-llvm-rt.o", afl_path); +#endif if (!access(tmp, R_OK)) { @@ -74,7 +78,11 @@ static void find_obj(u8* argv0) { dir = ck_strdup(argv0); *slash = '/'; +#ifdef __ANDROID__ + tmp = alloc_printf("%s/afl-llvm-rt.so", afl_path); +#else tmp = alloc_printf("%s/afl-llvm-rt.o", dir); +#endif if (!access(tmp, R_OK)) { @@ -89,8 +97,14 @@ static void find_obj(u8* argv0) { } +#ifdef __ANDROID__ + if (!access(AFL_PATH "/afl-llvm-rt.so", R_OK)) { + +#else if (!access(AFL_PATH "/afl-llvm-rt.o", R_OK)) { +#endif + obj_path = AFL_PATH; return; @@ -359,7 +373,7 @@ static void edit_params(u32 argc, char** argv) { } - //#ifndef __ANDROID__ // not sure, we might need these ifdefs for Android +#ifndef __ANDROID__ switch (bit_mode) { case 0: @@ -384,7 +398,7 @@ static void edit_params(u32 argc, char** argv) { } - //#endif +#endif } diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 94a87db5..6f2bc448 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -13,7 +13,7 @@ # counters by Andrea Fioraldi <andreafioraldi@gmail.com> # # Copyright 2015, 2016, 2017 Google Inc. All rights reserved. -# Copyright 2019 AFLplusplus Project. All rights reserved. +# Copyright 2019-2020 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/Makefile b/qemu_mode/libcompcov/Makefile index 6fd94f52..07bab99d 100644 --- a/qemu_mode/libcompcov/Makefile +++ b/qemu_mode/libcompcov/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi <andreafioraldi@gmail.com> # -# Copyright 2019 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2020 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 171e4526..faea75e5 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -2,7 +2,7 @@ //
// Author: Mateusz Jurczyk (mjurczyk@google.com)
//
-// Copyright 2019 Google LLC
+// Copyright 2019-2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
diff --git a/qemu_mode/libcompcov/libcompcov.so.c b/qemu_mode/libcompcov/libcompcov.so.c index dee8cfda..ceb0a041 100644 --- a/qemu_mode/libcompcov/libcompcov.so.c +++ b/qemu_mode/libcompcov/libcompcov.so.c @@ -5,7 +5,7 @@ Written and maintained by Andrea Fioraldi <andreafioraldi@gmail.com> - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/patches/afl-qemu-common.h b/qemu_mode/patches/afl-qemu-common.h index bddf0515..4d651385 100644 --- a/qemu_mode/patches/afl-qemu-common.h +++ b/qemu_mode/patches/afl-qemu-common.h @@ -12,7 +12,7 @@ counters by Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index 70f5ef9d..ec8ce735 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -12,7 +12,7 @@ counters by Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h index 62858724..6d42bf3d 100644 --- a/qemu_mode/patches/afl-qemu-cpu-translate-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-translate-inl.h @@ -12,7 +12,7 @@ counters by Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/patches/afl-qemu-floats.h b/qemu_mode/patches/afl-qemu-floats.h index 7fea04e7..f88bbf4a 100644 --- a/qemu_mode/patches/afl-qemu-floats.h +++ b/qemu_mode/patches/afl-qemu-floats.h @@ -12,7 +12,7 @@ counters by Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/patches/afl-qemu-tcg-inl.h b/qemu_mode/patches/afl-qemu-tcg-inl.h index 8ac993a2..3019dafb 100644 --- a/qemu_mode/patches/afl-qemu-tcg-inl.h +++ b/qemu_mode/patches/afl-qemu-tcg-inl.h @@ -12,7 +12,7 @@ counters by Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/patches/afl-qemu-translate-inl.h b/qemu_mode/patches/afl-qemu-translate-inl.h index 881dbc8d..93a1379d 100644 --- a/qemu_mode/patches/afl-qemu-translate-inl.h +++ b/qemu_mode/patches/afl-qemu-translate-inl.h @@ -12,7 +12,7 @@ counters by Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/qemu_mode/unsigaction/Makefile b/qemu_mode/unsigaction/Makefile index 7ea57b52..31fa8c55 100644 --- a/qemu_mode/unsigaction/Makefile +++ b/qemu_mode/unsigaction/Makefile @@ -4,7 +4,7 @@ # # Written by Andrea Fioraldi <andreafioraldi@gmail.com> # -# Copyright 2019 Andrea Fioraldi. All rights reserved. +# Copyright 2019-2020 Andrea Fioraldi. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/qemu_mode/unsigaction/README.md b/qemu_mode/unsigaction/README.md index 0f3707fd..db7eac83 100644 --- a/qemu_mode/unsigaction/README.md +++ b/qemu_mode/unsigaction/README.md @@ -1,7 +1,7 @@ -# unsigation +# unsigaction -This library disable sigaction when preloaded. +This library disables sigaction handlers when preloaded. Mainly needed by Wine mode but can be used as a separate tool. -A similar solution can be found in is [preeny](https://github.com/zardus/preeny). +A similar solution can be found in [preeny](https://github.com/zardus/preeny). diff --git a/src/afl-analyze.c b/src/afl-analyze.c index f71893d8..3d4e636e 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -75,7 +75,7 @@ static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ static s32 dev_null_fd = -1; /* FD to /dev/null */ -static u8 edges_only, /* Ignore hit counts? */ +u8 edges_only, /* Ignore hit counts? */ use_hex_offsets, /* Show hex offsets? */ use_stdin = 1; /* Use stdin for program input? */ diff --git a/src/afl-as.c b/src/afl-as.c index 9abe3fc2..77ac2f97 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -208,8 +208,12 @@ static void edit_params(int argc, char** argv) { NSS. */ if (strncmp(input_file, tmp_dir, strlen(tmp_dir)) && - strncmp(input_file, "/var/tmp/", 9) && strncmp(input_file, "/tmp/", 5)) + strncmp(input_file, "/var/tmp/", 9) && + strncmp(input_file, "/tmp/", 5) && + getenv("AFL_AS_FORCE_INSTRUMENT") == NULL) pass_thru = 1; + else if (getenv("AFL_AS_FORCE_INSTRUMENT")) + unsetenv("AFL_AS_FORCE_INSTRUMENT"); } diff --git a/src/afl-common.c b/src/afl-common.c index ec010c2d..8c2f2b9a 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -35,7 +35,8 @@ #include <unistd.h> #endif -u8* target_path; /* Path to target binary */ +u8* target_path; /* Path to target binary */ +extern u8 use_stdin; void detect_file_args(char** argv, u8* prog_in) { @@ -78,6 +79,8 @@ void detect_file_args(char** argv, u8* prog_in) { else aa_subst = alloc_printf("%s/%s", cwd, prog_in); + use_stdin = 0; + /* Construct a replacement argv value. */ *aa_loc = 0; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 5e20e50b..de50c73c 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -11,7 +11,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -43,6 +43,8 @@ /* a program that includes afl-forkserver needs to define these */ extern u8 uses_asan; extern u8 *trace_bits; +extern u8 use_stdin; + extern s32 forksrv_pid, child_pid, fsrv_ctl_fd, fsrv_st_fd; extern s32 out_fd, out_dir_fd, dev_null_fd; /* initialize these with -1 */ #ifndef HAVE_ARC4RANDOM @@ -211,7 +213,7 @@ void init_forkserver(char **argv) { } - if (out_file) { + if (!use_stdin) { dup2(dev_null_fd, 0); diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index c1aeb9ac..0f611cdf 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 23b2c235..fcc7749d 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index de716098..b3476778 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -86,6 +86,7 @@ u8 cal_cycles = CAL_CYCLES, /* Calibration cycles defaults */ cal_cycles_long = CAL_CYCLES_LONG, /* Calibration cycles defaults */ debug, /* Debug mode */ no_unlink, /* do not unlink cur_input */ + use_stdin = 1, /* use stdin for sending data */ custom_only, /* Custom mutator only mode */ python_only; /* Python-only mode */ diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 825169cf..5fe3689e 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-misc.c b/src/afl-fuzz-misc.c index f45642f4..b8f376be 100644 --- a/src/afl-fuzz-misc.c +++ b/src/afl-fuzz-misc.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index f7cfbbe1..87a1418c 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -482,6 +482,9 @@ u8 fuzz_one_original(char** argv) { if (use_radamsa > 1) goto radamsa_stage; + +//custom_stage: // not used - yet + if (custom_mutator) { stage_short = "custom"; @@ -541,9 +544,6 @@ u8 fuzz_one_original(char** argv) { : havoc_max_mult * 100)) || queue_cur->passed_det) { - if (use_radamsa > 1) - goto radamsa_stage; - else #ifdef USE_PYTHON goto python_stage; #else @@ -557,9 +557,6 @@ u8 fuzz_one_original(char** argv) { if (master_max && (queue_cur->exec_cksum % master_max) != master_id - 1) { - if (use_radamsa > 1) - goto radamsa_stage; - else #ifdef USE_PYTHON goto python_stage; #else @@ -2266,9 +2263,6 @@ retry_splicing: out_buf = ck_alloc_nozero(len); memcpy(out_buf, in_buf, len); - if (use_radamsa > 1) - goto radamsa_stage; - else #ifdef USE_PYTHON goto python_stage; #else diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 6800c0c0..f1cdecde 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 9f036186..1b51e3aa 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 8f72d0fe..fa7a872a 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index fa4be50f..18f32ae8 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 59892559..e75ab48a 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -84,13 +84,6 @@ static u8* get_libradamsa_path(u8* own_loc) { static void usage(u8* argv0) { -#ifdef USE_PYTHON -#define PHYTON_SUPPORT \ - "Compiled with Python 2.7 module support, see docs/python_mutators.txt\n" -#else -#define PHYTON_SUPPORT "" -#endif - SAYF( "\n%s [ options ] -- /path/to/fuzzed_app [ ... ]\n\n" @@ -146,13 +139,15 @@ static void usage(u8* argv0) { "file\n" " -C - crash exploration mode (the peruvian rabbit thing)\n" " -e ext - File extension for the temporarily generated test " - "case\n\n" + "case\n\n", - PHYTON_SUPPORT + argv0, EXEC_TIMEOUT, MEM_LIMIT); - "For additional tips, please consult %s/README\n\n", +#ifdef USE_PYTHON + SAYF("Compiled with Python %s module support, see docs/python_mutators.txt\n", (char*)PYTHON_VERSION); +#endif - argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path); + SAYF("For additional help please consult %s/README.md\n\n", doc_path); exit(1); #undef PHYTON_SUPPORT @@ -304,6 +299,7 @@ int main(int argc, char** argv) { if (out_file) FATAL("Multiple -f options not supported"); out_file = optarg; + use_stdin = 0; break; case 'x': /* dictionary */ @@ -595,7 +591,7 @@ int main(int argc, char** argv) { if (optind == argc || !in_dir || !out_dir) usage(argv[0]); OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" " - "Eissfeldt and Andrea Fioraldi"); + "Eißfeldt and Andrea Fioraldi"); OKF("afl++ is open source, get it at " "https://github.com/vanhauser-thc/AFLplusplus"); OKF("Power schedules from github.com/mboehme/aflfast"); @@ -836,6 +832,8 @@ int main(int argc, char** argv) { if (aa_loc && !out_file) { + use_stdin = 0; + if (file_extension) { out_file = alloc_printf("%s/.cur_input.%s", out_dir, file_extension); diff --git a/src/afl-gcc.c b/src/afl-gcc.c index 9663b758..301e2034 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index da574ed8..9a56159c 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -9,7 +9,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index e11221a4..16eb14a7 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -11,7 +11,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 94bbd421..8c899c9d 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -11,7 +11,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -72,11 +72,12 @@ static u32 total, highest; /* tuple content information */ static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ -static u8 quiet_mode, /* Hide non-essential messages? */ +u8 quiet_mode, /* Hide non-essential messages? */ edges_only, /* Ignore hit counts? */ raw_instr_output, /* Do not apply AFL filters */ cmin_mode, /* Generate output in afl-cmin mode? */ binary_mode, /* Write output as a binary map */ + use_stdin = 1, /* use stdin - unused here */ keep_cores; /* Allow coredumps? */ static volatile u8 stop_soon, /* Ctrl-C pressed? */ @@ -535,7 +536,7 @@ int main(int argc, char** argv) { doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - while ((opt = getopt(argc, argv, "+o:m:t:A:eqZQUWbcrh")) > 0) + while ((opt = getopt(argc, argv, "+o:f:m:t:A:eqZQUWbcrh")) > 0) switch (opt) { @@ -583,6 +584,13 @@ int main(int argc, char** argv) { break; + case 'f': // only in here to avoid a compiler warning for use_stdin + + use_stdin = 0; + FATAL("Option -f is not supported in afl-showmap"); + + break; + case 't': if (timeout_given) FATAL("Multiple -t options not supported"); diff --git a/src/afl-tmin.c b/src/afl-tmin.c index b98208f9..3e33b72f 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -11,7 +11,7 @@ Andrea Fioraldi <andreafioraldi@gmail.com> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -88,7 +88,7 @@ u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ s32 dev_null_fd = -1; /* FD to /dev/null */ -static u8 crash_mode, /* Crash-centric mode? */ +u8 crash_mode, /* Crash-centric mode? */ exit_crash, /* Treat non-zero exit as crash? */ edges_only, /* Ignore hit counts? */ exact_mode, /* Require path match for crashes? */ diff --git a/test-instr.c b/test-instr.c index eaa71440..7d59fd9c 100644 --- a/test-instr.c +++ b/test-instr.c @@ -27,6 +27,7 @@ int main(int argc, char** argv) { if (argc > 1) { buf = argv[1]; + printf("Input %s - ", buf); } else if (read(0, buf, sizeof(buf)) < 1) { diff --git a/test/test.sh b/test/test.sh index a75f991d..86a76529 100755 --- a/test/test.sh +++ b/test/test.sh @@ -13,6 +13,8 @@ OK=OK diff -q test.1 test.2 >/dev/null 2>&1 || OK= rm -f test.1 test.2 test -z "$OK" && { echo Error: diff -q is not working ; exit 1 ; } +test -z "$LLVM_CONFIG" && LLVM_CONFIG=llvm-config + ECHO="printf %b\\n" $ECHO \\101 2>&1 | grep -qE '^A' || { @@ -25,6 +27,7 @@ $ECHO \\101 2>&1 | grep -qE '^A' || { test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; } CODE=0 +INCOMPLETE=0 export AFL_EXIT_WHEN_DONE=1 export AFL_SKIP_CPUFREQ=1 @@ -69,9 +72,9 @@ export PATH=$PATH:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin $ECHO "${RESET}${GREY}[*] starting afl++ test framework ..." -test -z "$SYS" && $ECHO "$YELLOW[!] uname -m did not succeed" +test -z "$SYS" && $ECHO "$YELLOW[-] uname -m did not succeed" -$ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap and afl-fuzz" +$ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" && { test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 @@ -122,7 +125,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" && { # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X @@ -145,11 +148,28 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" && { $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" CODE=1 } - rm -rf in out errors + echo 000000000000000000000000 > in/in2 + mkdir -p in2 + ../afl-cmin -i in -o in2 -- ./test-instr.plain > /dev/null 2>&1 + CNT=`ls in2/ | wc -l` + test "$CNT" = 1 && $ECHO "$GREEN[+] afl-cmin correctly minimized testcase numbers" + test "$CNT" = 1 || { + $ECHO "$RED[!] afl-cmin did not correctly minimize testcase numbers" + CODE=1 + } + ../afl-tmin -i in/in2 -o in2/in2 -- ./test-instr.plain > /dev/null 2>&1 + SIZE=`ls -l in2/in2 2> /dev/null | awk '{print$5}'` + test "$SIZE" = 1 && $ECHO "$GREEN[+] afl-tmin correctly minimized the testcase" + test "$SIZE" = 1 || { + $ECHO "$RED[!] afl-tmin did incorrectly minimize the testcase to $SIZE" + CODE=1 + } + rm -rf in out errors in2 } rm -f test-instr.plain } || { $ECHO "$YELLOW[-] afl is not compiled, cannot test" + INCOMPLETE=1 } } || { $ECHO "$YELLOW[-] not an intel platform, cannot test afl-gcc" @@ -161,7 +181,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { if which clang >/dev/null; then export AFL_CC=`which clang` else - export AFL_CC=`llvm-config --bindir`/clang + export AFL_CC=`$LLVM_CONFIG --bindir`/clang fi ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 @@ -206,7 +226,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { } # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X @@ -290,6 +310,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { rm -f test-persistent } || { $ECHO "$YELLOW[-] llvm_mode not compiled, cannot test" + INCOMPLETE=1 } $ECHO "$BLUE[*] Testing: gcc_plugin" @@ -312,7 +333,7 @@ test -e ../afl-gcc-fast -a -e ../afl-gcc-rt.o && { $ECHO "$GREEN[+] gcc_plugin run reported $TUPLES instrumented locations which is fine" } || { $ECHO "$RED[!] gcc_plugin instrumentation produces a weird number of instrumented locations: $TUPLES" - $ECHO "$YELLOW[!] the gcc_plugin instrumentation issue is not flagged as an error because travis builds would all fail otherwise :-(" + $ECHO "$YELLOW[-] the gcc_plugin instrumentation issue is not flagged as an error because travis builds would all fail otherwise :-(" #CODE=1 } } @@ -340,7 +361,7 @@ test -e ../afl-gcc-fast -a -e ../afl-gcc-rt.o && { } # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X @@ -398,6 +419,7 @@ test -e ../afl-gcc-fast -a -e ../afl-gcc-rt.o && { rm -f test-persistent } || { $ECHO "$YELLOW[-] gcc_plugin not compiled, cannot test" + INCOMPLETE=1 } $ECHO "$BLUE[*] Testing: shared library extensions" @@ -413,6 +435,7 @@ test -e ../libtokencap.so && { rm -f token.out } || { $ECHO "$YELLOW[-] libtokencap is not compiled, cannot test" + INCOMPLETE=1 } test -e ../libdislocator.so && { { @@ -429,6 +452,7 @@ test -e ../libdislocator.so && { rm -f test.out core test-compcov.core core.test-compcov } || { $ECHO "$YELLOW[-] libdislocator is not compiled, cannot test" + INCOMPLETE=1 } rm -f test-compcov test -e ../libradamsa.so && { @@ -454,9 +478,11 @@ test -e ../libradamsa.so && { rm -rf in out errors test-instr.plain } || { $ECHO "$YELLOW[-] compilation of test target failed, cannot test libradamsa" + INCOMPLETE=1 } } || { $ECHO "$YELLOW[-] libradamsa is not compiled, cannot test" + INCOMPLETE=1 } $ECHO "$BLUE[*] Testing: qemu_mode" @@ -501,6 +527,7 @@ test -e ../afl-qemu-trace && { } } || { $ECHO "$YELLOW[-] we cannot test qemu_mode libcompcov because it is not present" + INCOMPLETE=1 } rm -f errors @@ -519,10 +546,10 @@ test -e ../afl-qemu-trace && { test "$SLOW" -lt "$FAST" && { $ECHO "$GREEN[+] persistent qemu_mode was noticeable faster than standard qemu_mode" } || { - $ECHO "$YELLOW[?] persistent qemu_mode was not noticeable faster than standard qemu_mode" + $ECHO "$YELLOW[-] persistent qemu_mode was not noticeable faster than standard qemu_mode" } } || { - $ECHO "$YELLOW[?] we got no data on executions performed? weird!" + $ECHO "$YELLOW[-] we got no data on executions performed? weird!" } } || { echo CUT------------------------------------------------------------------CUT @@ -532,17 +559,18 @@ test -e ../afl-qemu-trace && { CODE=1 exit 1 } - $ECHO "$YELLOW[?] we need a test case for qemu_mode unsigaction library" + $ECHO "$YELLOW[-] we need a test case for qemu_mode unsigaction library" rm -rf in out errors } } || { - $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" + $ECHO "$RED[!] gcc compilation of test targets failed - what is going on??" CODE=1 } rm -f test-instr test-compcov } || { $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" + INCOMPLETE=1 } $ECHO "$BLUE[*] Testing: unicorn_mode" @@ -557,6 +585,7 @@ test -d ../unicorn_mode/unicorn && { $ECHO "$GREY[*] Using python binary $PY" if ! $PY -c 'import unicornafl' 2> /dev/null ; then $ECHO "$YELLOW[-] we cannot test unicorn_mode because it is not present" + INCOMPLETE=1 else { $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 25 seconds" @@ -596,15 +625,18 @@ test -d ../unicorn_mode/unicorn && { fi } } || { - $ECHO "$RED[-] missing sample binaries in unicorn_mode/samples/ - what is going on??" + $ECHO "$RED[!] missing sample binaries in unicorn_mode/samples/ - what is going on??" CODE=1 } } || { $ECHO "$YELLOW[-] unicorn_mode is not compiled, cannot test" + INCOMPLETE=1 } $ECHO "$GREY[*] all test cases completed.$RESET" +test "$INCOMPLETE" = "0" && $ECHO "$GREEN[+] all test cases executed" +test "$INCOMPLETE" = "1" && $ECHO "$YELLOW[-] not all test cases were executed" test "$CODE" = "0" && $ECHO "$GREEN[+] all tests were successful :-)$RESET" -test "$CODE" = "0" || $ECHO "$RED[-] failure in tests :-($RESET" +test "$CODE" = "0" || $ECHO "$RED[!] failure in tests :-($RESET" exit $CODE diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh index e46cf54f..c796525c 100755 --- a/unicorn_mode/build_unicorn_support.sh +++ b/unicorn_mode/build_unicorn_support.sh @@ -14,7 +14,7 @@ # <andreafioraldi@gmail.com> # # Copyright 2017 Battelle Memorial Institute. All rights reserved. -# Copyright 2019 AFLplusplus Project. All rights reserved. +# Copyright 2019-2020 AFLplusplus Project. All rights reserved. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/unicorn_mode/patches/afl-unicorn-common.h b/unicorn_mode/patches/afl-unicorn-common.h index 66d03803..7cdab7f6 100644 --- a/unicorn_mode/patches/afl-unicorn-common.h +++ b/unicorn_mode/patches/afl-unicorn-common.h @@ -11,7 +11,7 @@ <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/unicorn_mode/patches/afl-unicorn-cpu-inl.h b/unicorn_mode/patches/afl-unicorn-cpu-inl.h index 72092e29..04d820af 100644 --- a/unicorn_mode/patches/afl-unicorn-cpu-inl.h +++ b/unicorn_mode/patches/afl-unicorn-cpu-inl.h @@ -11,7 +11,7 @@ <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/unicorn_mode/patches/afl-unicorn-cpu-translate-inl.h b/unicorn_mode/patches/afl-unicorn-cpu-translate-inl.h index 70472a72..0a1c034d 100644 --- a/unicorn_mode/patches/afl-unicorn-cpu-translate-inl.h +++ b/unicorn_mode/patches/afl-unicorn-cpu-translate-inl.h @@ -11,7 +11,7 @@ <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/unicorn_mode/patches/afl-unicorn-tcg-op-inl.h b/unicorn_mode/patches/afl-unicorn-tcg-op-inl.h index 8f4a8748..7069b756 100644 --- a/unicorn_mode/patches/afl-unicorn-tcg-op-inl.h +++ b/unicorn_mode/patches/afl-unicorn-tcg-op-inl.h @@ -11,7 +11,7 @@ <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h b/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h index 0b7954d0..d3dbbb3a 100644 --- a/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h +++ b/unicorn_mode/patches/afl-unicorn-tcg-runtime-inl.h @@ -11,7 +11,7 @@ <andreafioraldi@gmail.com> Copyright 2015, 2016, 2017 Google Inc. All rights reserved. - Copyright 2019 AFLplusplus Project. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. |