diff options
| author | van Hauser <vh@thc.org> | 2020-12-09 11:07:14 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-12-09 11:07:14 +0100 |
| commit | 39a4fac941177387578ec856aacea2187588fc13 (patch) | |
| tree | cef83df4ebfb797eb9f49066c0007a92baa4b035 | |
| parent | 2641082a76ca33e22f0edcededa006f437b646ea (diff) | |
| download | afl++-39a4fac941177387578ec856aacea2187588fc13.tar.gz | |
better examples
| -rw-r--r-- | instrumentation/afl-compiler-rt.o.c | 8 | ||||
| -rw-r--r-- | src/afl-sharedmem.c | 8 | ||||
| -rw-r--r-- | utils/persistent_mode/persistent_demo.c | 8 | ||||
| -rw-r--r-- | utils/persistent_mode/persistent_demo_new.c | 8 | ||||
| -rw-r--r-- | utils/persistent_mode/test-instr.c | 8 |
5 files changed, 29 insertions, 11 deletions
diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index c29861e6..99dcbb67 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -174,8 +174,8 @@ static void __afl_map_shm_fuzz() { u8 *map = NULL; #ifdef USEMMAP - const char * shm_file_path = id_str; - int shm_fd = -1; + const char *shm_file_path = id_str; + int shm_fd = -1; /* create the shared memory segment as if it was a file */ shm_fd = shm_open(shm_file_path, O_RDWR, 0600); @@ -414,8 +414,8 @@ static void __afl_map_shm(void) { if (id_str) { #ifdef USEMMAP - const char * shm_file_path = id_str; - int shm_fd = -1; + const char * shm_file_path = id_str; + int shm_fd = -1; struct cmp_map *shm_base = NULL; /* create the shared memory segment as if it was a file */ diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index cef908e0..3e671df5 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -252,10 +252,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, shm_str = alloc_printf("%d", shm->shm_id); - /* If somebody is asking us to fuzz instrumented binaries in non-instrumented - mode, we don't want them to detect instrumentation, since we won't be - sending fork server commands. This should be replaced with better - auto-detection later on, perhaps? */ + /* If somebody is asking us to fuzz instrumented binaries in + non-instrumented mode, we don't want them to detect instrumentation, + since we won't be sending fork server commands. This should be replaced + with better auto-detection later on, perhaps? */ setenv(SHM_ENV_VAR, shm_str, 1); diff --git a/utils/persistent_mode/persistent_demo.c b/utils/persistent_mode/persistent_demo.c index 4cedc32c..f5e43728 100644 --- a/utils/persistent_mode/persistent_demo.c +++ b/utils/persistent_mode/persistent_demo.c @@ -27,9 +27,15 @@ #include <unistd.h> #include <signal.h> #include <string.h> +#include <limits.h> /* Main entry point. */ +/* To ensure checks are not optimized out it is recommended to disable + code optimization for the fuzzer harness main() */ +#pragma clang optimize off +#pragma GCC optimize("O0") + int main(int argc, char **argv) { ssize_t len; /* how much input did we read? */ @@ -42,7 +48,7 @@ int main(int argc, char **argv) { and similar hiccups. */ __AFL_INIT(); - while (__AFL_LOOP(1000)) { + while (__AFL_LOOP(UINT_MAX)) { /*** PLACEHOLDER CODE ***/ diff --git a/utils/persistent_mode/persistent_demo_new.c b/utils/persistent_mode/persistent_demo_new.c index 0d24a51e..7e694696 100644 --- a/utils/persistent_mode/persistent_demo_new.c +++ b/utils/persistent_mode/persistent_demo_new.c @@ -27,6 +27,7 @@ #include <unistd.h> #include <signal.h> #include <string.h> +#include <limits.h> /* this lets the source compile without afl-clang-fast/lto */ #ifndef __AFL_FUZZ_TESTCASE_LEN @@ -47,6 +48,11 @@ __AFL_FUZZ_INIT(); /* Main entry point. */ +/* To ensure checks are not optimized out it is recommended to disable + code optimization for the fuzzer harness main() */ +#pragma clang optimize off +#pragma GCC optimize("O0") + int main(int argc, char **argv) { ssize_t len; /* how much input did we read? */ @@ -60,7 +66,7 @@ int main(int argc, char **argv) { __AFL_INIT(); buf = __AFL_FUZZ_TESTCASE_BUF; // this must be assigned before __AFL_LOOP! - while (__AFL_LOOP(1000)) { // increase if you have good stability + while (__AFL_LOOP(UINT_MAX)) { // increase if you have good stability len = __AFL_FUZZ_TESTCASE_LEN; // do not use the macro directly in a call! diff --git a/utils/persistent_mode/test-instr.c b/utils/persistent_mode/test-instr.c index a6188b22..6da511de 100644 --- a/utils/persistent_mode/test-instr.c +++ b/utils/persistent_mode/test-instr.c @@ -17,15 +17,21 @@ #include <sys/types.h> #include <sys/stat.h> #include <fcntl.h> +#include <limits.h> __AFL_FUZZ_INIT(); +/* To ensure checks are not optimized out it is recommended to disable + code optimization for the fuzzer harness main() */ +#pragma clang optimize off +#pragma GCC optimize("O0") + int main(int argc, char **argv) { __AFL_INIT(); unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF; - while (__AFL_LOOP(2147483647)) { // MAX_INT if you have 100% stability + while (__AFL_LOOP(UINT_MAX)) { // if you have 100% stability unsigned int len = __AFL_FUZZ_TESTCASE_LEN; |