diff options
| author | van Hauser <vh@thc.org> | 2022-03-04 09:37:21 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-04 09:37:21 +0100 |
| commit | 09123d861731a47cc6474763a0eb5ddd4cc09b6d (patch) | |
| tree | 5f87fb9784307b84a2bcfa721d58aeaa6f038bfa | |
| parent | 7e67545b9de14ae6e425d184581bec93ccf84c6a (diff) | |
| parent | 713b069f40094482fb41ef17b44150162c062249 (diff) | |
| download | afl++-09123d861731a47cc6474763a0eb5ddd4cc09b6d.tar.gz | |
Merge pull request #1344 from schumilo/dev
support Nyx crash logs
| -rw-r--r-- | include/forkserver.h | 2 | ||||
| -rw-r--r-- | instrumentation/compare-transform-pass.so.cc | 3 | ||||
| -rw-r--r-- | nyx_mode/LIBNYX_VERSION | 2 | ||||
| -rw-r--r-- | nyx_mode/PACKER_VERSION | 2 | ||||
| m--------- | nyx_mode/QEMU-Nyx | 0 | ||||
| -rw-r--r-- | nyx_mode/QEMU_NYX_VERSION | 2 | ||||
| m--------- | nyx_mode/libnyx | 0 | ||||
| m--------- | nyx_mode/packer | 0 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 8 | ||||
| -rw-r--r-- | src/afl-fuzz-bitmap.c | 16 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 4 |
11 files changed, 33 insertions, 6 deletions
diff --git a/include/forkserver.h b/include/forkserver.h index fd4d283c..cb68ce4f 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -70,6 +70,7 @@ typedef struct { enum NyxReturnValue (*nyx_exec)(void *qemu_process); uint8_t *(*nyx_get_bitmap_buffer)(void *qemu_process); size_t (*nyx_get_bitmap_buffer_size)(void *qemu_process); + uint32_t (*nyx_get_aux_string)(void *nyx_process, uint8_t *buffer, uint32_t size); } nyx_plugin_handler_t; @@ -173,6 +174,7 @@ typedef struct afl_forkserver { void * nyx_runner; /* nyx runner object */ u32 nyx_id; /* nyx runner id (0 -> master) */ u32 nyx_bind_cpu_id; /* nyx runner cpu id */ + char* nyx_aux_string; #endif } afl_forkserver_t; diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index c668ba95..9a4e4f00 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -76,8 +76,7 @@ class CompareTransform : public ModulePass { #endif - //#if LLVM_MAJOR >= 11 /* use new pass manager - / /*/ + //#if LLVM_MAJOR >= 11 /* use new pass manager */ // PreservedAnalyses run(Module &M, ModuleAnalysisManager &MAM); //#else bool runOnModule(Module &M) override; diff --git a/nyx_mode/LIBNYX_VERSION b/nyx_mode/LIBNYX_VERSION index b45b4e90..65e119c9 100644 --- a/nyx_mode/LIBNYX_VERSION +++ b/nyx_mode/LIBNYX_VERSION @@ -1 +1 @@ -2e45754 +8a77c71 diff --git a/nyx_mode/PACKER_VERSION b/nyx_mode/PACKER_VERSION index 43488114..d67dee20 100644 --- a/nyx_mode/PACKER_VERSION +++ b/nyx_mode/PACKER_VERSION @@ -1 +1 @@ -76100c5 +5d143ee diff --git a/nyx_mode/QEMU-Nyx b/nyx_mode/QEMU-Nyx -Subproject c2c69cfc528398d9db9363b92f8c50db4008c98 +Subproject c08e4ac94244a9739b4484b3010abc06b372923 diff --git a/nyx_mode/QEMU_NYX_VERSION b/nyx_mode/QEMU_NYX_VERSION index be13a784..2d9ee5e3 100644 --- a/nyx_mode/QEMU_NYX_VERSION +++ b/nyx_mode/QEMU_NYX_VERSION @@ -1 +1 @@ -c2c69cfc52 +c08e4ac942 diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx -Subproject 2e45754e271463f446c31a6f467231d8657910e +Subproject 8a77c71dc8a8c0b73abd8fb9c22e30d565184ef diff --git a/nyx_mode/packer b/nyx_mode/packer -Subproject 76100c52db96429350693a6c7284c5c6cbcb6b0 +Subproject 5d143eee4e4dcd12a1fc5d6786dd8da25cbb995 diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 8997781d..54f28852 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -450,6 +450,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->nyx_handlers->nyx_option_set_timeout(fsrv->nyx_runner, 2, 0); fsrv->nyx_handlers->nyx_option_apply(fsrv->nyx_runner); + fsrv->nyx_aux_string = malloc(0x1000); + memset(fsrv->nyx_aux_string, 0, 0x1000); + /* dry run */ fsrv->nyx_handlers->nyx_set_afl_input(fsrv->nyx_runner, "INIT", 4); switch (fsrv->nyx_handlers->nyx_exec(fsrv->nyx_runner)) { @@ -1253,7 +1256,10 @@ void afl_fsrv_kill(afl_forkserver_t *fsrv) { fsrv->child_pid = -1; #ifdef __linux__ - if (fsrv->nyx_mode) { fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner); } + if (fsrv->nyx_mode) { + free(fsrv->nyx_aux_string); + fsrv->nyx_handlers->nyx_shutdown(fsrv->nyx_runner); + } #endif } diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index b963caf8..226dfa5c 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -771,6 +771,22 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { ck_write(fd, mem, len, fn); close(fd); +#ifdef __linux__ + if(afl->fsrv.nyx_mode && fault == FSRV_RUN_CRASH) { + u8 fn_log[PATH_MAX]; + + snprintf(fn_log, PATH_MAX, "%s.log", fn); + + fd = open(fn_log, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", fn_log); } + + u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string(afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, 0x1000); + + ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, fn_log); + close(fd); + } +#endif + return keeping; } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a3f57c1e..df6e5404 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -468,6 +468,10 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) { dlsym(handle, "nyx_get_bitmap_buffer_size"); if (plugin->nyx_get_bitmap_buffer_size == NULL) { goto fail; } + plugin->nyx_get_aux_string = + dlsym(handle, "nyx_get_aux_string"); + if (plugin->nyx_get_aux_string == NULL) { goto fail; } + OKF("libnyx plugin is ready!"); return plugin; |