diff options
| author | vanhauser-thc <vh@thc.org> | 2024-06-18 15:24:38 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2024-06-18 15:24:38 +0200 |
| commit | 304e84502d9bd8a5ac33328ceb63235f42b887ad (patch) | |
| tree | c22a9536a67813ea1830626b565b8b5d8d04bbb8 | |
| parent | dd762726dc7055f4b1c48da2ee1b22ff6fdde35e (diff) | |
| download | afl++-304e84502d9bd8a5ac33328ceb63235f42b887ad.tar.gz | |
fast resume option
| -rw-r--r-- | docs/env_variables.md | 2 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 2 | ||||
| -rw-r--r-- | include/envs.h | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 12 |
5 files changed, 21 insertions, 4 deletions
diff --git a/docs/env_variables.md b/docs/env_variables.md index 22e0ce0f..6db31df0 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -514,6 +514,8 @@ checks or alter some of the more exotic semantics of the tool: - `AFL_NO_SNAPSHOT` will advise afl-fuzz not to use the snapshot feature if the snapshot lkm is loaded. + - `AFL_NO_FASTRESUME` will not try to read or write a fast resume file. + - Setting `AFL_NO_UI` inhibits the UI altogether and just periodically prints some basic stats. This behavior is also automatically triggered when the output from afl-fuzz is redirected to a file or to a pipe. diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 3f3d6da0..6d03a74c 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -454,7 +454,7 @@ typedef struct afl_env_vars { afl_no_startup_calibration, afl_no_warn_instability, afl_post_process_keep_original, afl_crashing_seeds_as_new_crash, afl_final_sync, afl_ignore_seed_problems, afl_disable_redundant, - afl_sha1_filenames, afl_no_sync; + afl_sha1_filenames, afl_no_sync, afl_no_fastresume; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, diff --git a/include/envs.h b/include/envs.h index 45b080cb..928f4185 100644 --- a/include/envs.h +++ b/include/envs.h @@ -115,7 +115,7 @@ static char *afl_environment_variables[] = { "AFL_TRACE_PC", "AFL_USE_ASAN", "AFL_USE_MSAN", "AFL_USE_TRACE_PC", "AFL_USE_UBSAN", "AFL_USE_TSAN", "AFL_USE_CFISAN", "AFL_USE_LSAN", "AFL_WINE_PATH", "AFL_NO_SNAPSHOT", "AFL_EXPAND_HAVOC_NOW", "AFL_USE_FASAN", - "AFL_USE_QASAN", "AFL_PRINT_FILENAMES", "AFL_PIZZA_MODE", NULL + "AFL_USE_QASAN", "AFL_PRINT_FILENAMES", "AFL_PIZZA_MODE", "AFL_NO_FASTRESUME", NULL }; diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index fbe6d32a..dd684a19 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -286,6 +286,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_no_sync = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_NO_FASTRESUME", + + afl_environment_variable_len)) { + + afl->afl_env.afl_no_fastresume = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_ONLY", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index d8be5721..8fd3a407 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -335,6 +335,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_STATSD_PORT: change default statsd port (default: 8125)\n" "AFL_STATSD_TAGS_FLAVOR: set statsd tags format (default: disable tags)\n" " suported formats: dogstatsd, librato, signalfx, influxdb\n" + "AFL_NO_FASTRESUME: do not read or write a fast resume file\n" "AFL_NO_SYNC: disables all syncing\n" "AFL_SYNC_TIME: sync time between fuzzing instances (in minutes)\n" "AFL_FINAL_SYNC: sync a final time when exiting (will delay the exit!)\n" @@ -2107,7 +2108,7 @@ int main(int argc, char **argv_orig, char **envp) { u64 prev_target_hash = 0; s32 fast_resume = 0, fr_fd = -1; - if (afl->in_place_resume) { + if (afl->in_place_resume && !afl->afl_env.afl_no_fastresume) { u8 fn[PATH_MAX], buf[32]; snprintf(fn, PATH_MAX, "%s/target_hash", afl->out_dir); @@ -2128,7 +2129,7 @@ int main(int argc, char **argv_orig, char **envp) { write_setup_file(afl, argc, argv); - if (afl->in_place_resume) { + if (afl->in_place_resume && !afl->afl_env.afl_no_fastresume) { u64 target_hash = get_binary_hash(afl->fsrv.target_path); @@ -2166,6 +2167,10 @@ int main(int argc, char **argv_orig, char **envp) { } + // If the fast resume file is not valid we will be unable to start, so + // we remove the file but keep the file descriptor open. + unlink(fn); + } } @@ -3204,9 +3209,11 @@ stop_fuzzing: fclose(afl->fsrv.det_plot_file); #endif + if (!afl->afl_env.afl_no_fastresume) { /* create fastresume.bin */ u8 fr[PATH_MAX]; snprintf(fr, PATH_MAX, "%s/fastresume.bin", afl->out_dir); + ACTF("Writing %s ...", fr); if ((fr_fd = open(fr, O_WRONLY | O_TRUNC | O_CREAT, DEFAULT_PERMISSION)) >= 0) { @@ -3260,6 +3267,7 @@ stop_fuzzing: WARNF("Could not create fastresume.bin"); } + } destroy_queue(afl); destroy_extras(afl); |