diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-10-08 12:40:05 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-10-08 12:40:05 +0200 |
| commit | 125a59df91bb09f3288371185c15a48a08376bfe (patch) | |
| tree | 18d703d66d32c55706f7f7bd30a813a9742327f2 | |
| parent | eae4a9e1f89f82ea79568635842617cc64081bfc (diff) | |
| parent | 20f009e927b8d98a595575e5d4366a437d6e7247 (diff) | |
| download | afl++-125a59df91bb09f3288371185c15a48a08376bfe.tar.gz | |
Merge branch 'master' of github.com:vanhauser-thc/AFLplusplus
| -rw-r--r-- | docs/ChangeLog | 3 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 1 | ||||
| -rw-r--r-- | src/afl-fuzz-bitmap.c | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-globals.c | 3 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 8 | ||||
| -rwxr-xr-x | test/test.sh | 1 |
7 files changed, 18 insertions, 4 deletions
diff --git a/docs/ChangeLog b/docs/ChangeLog index 75f07ce6..7ccc8b66 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -21,10 +21,11 @@ Version ++2.54d (dev): - custom mutator library is now a standard mutator, to exclusivly use it add AFL_CUSTOM_MUTATOR_ONLY (that will trigger the previous behaviour) - new library qemu_mode/unsigaction which filters sigaction events + - afl-fuzz: new command line option -I to execute a command on a new crash - no more unlinking the input file, this way the input file can also be a FIFO or disk partition - setting LLVM_CONFIG for llvm_mode will now again switch to the selected - llvm version. If you setup is correct. + llvm version. If your setup is correct. - fuzzing strategy yields for custom mutator were missing from the UI, added them :) - added "make tests" which will perform checks to see that all functionality is working as expected. this is currently the starting point, its not complete :) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 4680d122..e856b23e 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -251,6 +251,7 @@ extern u8 *in_dir, /* Input directory with test cases */ *file_extension, /* File extension */ *orig_cmdline, /* Original command line */ *doc_path, /* Path to documentation dir */ + *infoexec, /* Command to execute on a new crash */ *out_file; /* File to fuzz, if any */ extern u32 exec_tmout; /* Configurable exec timeout (ms) */ diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index d867a318..746fc982 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -683,6 +683,10 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) { #endif /* ^!SIMPLE_FILES */ ++unique_crashes; + + if (infoexec) // if the user wants to be informed on new crashes - do that + if (system(infoexec) == -1) + hnb += 0; // we dont care if system errors, but we dont want a compiler warning either last_crash_time = get_cur_time(); last_crash_execs = total_execs; diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index a8c17922..a5ccfdf9 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -74,7 +74,8 @@ u8 *in_dir, /* Input directory with test cases */ *file_extension, /* File extension */ *orig_cmdline; /* Original command line */ u8 *doc_path, /* Path to documentation dir */ - *out_file; /* File to fuzz, if any */ + *infoexec, /* Command to execute on a new crash */ + *out_file; /* File to fuzz, if any */ u32 exec_tmout = EXEC_TIMEOUT; /* Configurable exec timeout (ms) */ u32 hang_tmout = EXEC_TIMEOUT; /* Timeout used for hang det (ms) */ diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 5e773e96..f1bc1c8a 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -421,7 +421,7 @@ void show_stats(void) { together, but then cram them into a fixed-width field - so we need to put them in a temporary buffer first. */ - sprintf(tmp, "%s%s%u (%0.02f%%)", DI(current_entry), + sprintf(tmp, "%s%s%u (%0.01f%%)", DI(current_entry), queue_cur->favored ? "." : "*", queue_cur->fuzz_level, ((double)current_entry * 100) / queued_paths); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 027db2f0..3460f91d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -76,6 +76,7 @@ static void usage(u8* argv0) { "Other stuff:\n" " -T text - text banner to show on the screen\n" " -M / -S id - distributed mode (see parallel_fuzzing.txt)\n" + " -I command - execute this command/script when a new crash is found\n" " -B bitmap.txt - mutate a specific test case, use the out/fuzz_bitmap " "file\n" " -C - crash exploration mode (the peruvian rabbit thing)\n" @@ -133,10 +134,15 @@ int main(int argc, char** argv) { init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid(); while ((opt = getopt(argc, argv, - "+i:o:f:m:t:T:dnCB:S:M:x:QUWe:p:s:V:E:L:h")) > 0) + "+i:I:o:f:m:t:T:dnCB:S:M:x:QUWe:p:s:V:E:L:h")) > 0) switch (opt) { + case 'I': + + infoexec = optarg; + break; + case 's': { init_seed = strtoul(optarg, 0L, 10); diff --git a/test/test.sh b/test/test.sh index 0fcb7087..44236b63 100755 --- a/test/test.sh +++ b/test/test.sh @@ -238,6 +238,7 @@ test -e ../afl-qemu-trace && { } || $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" $ECHO "$YELLOW[?] we need a test case for qemu_mode persistent mode" + $ECHO "$YELLOW[?] we need a test case for qemu_mode unsigaction library" # This works but there are already problems with persistent (e.g. stability) #$ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds" #{ |