diff options
| author | van Hauser <vh@thc.org> | 2020-12-18 09:36:22 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-18 09:36:22 +0100 |
| commit | 3ee12009c0ef79e8a48e8e1066d9ff9193b37d3a (patch) | |
| tree | cd53e186830019befe67bb90a2a01d4be781c439 | |
| parent | 0011f2047bdd3e1adc25de4388edd609dc27bc85 (diff) | |
| parent | 79c98731c9864d457df06cfb4e1c15137e0cf832 (diff) | |
| download | afl++-3ee12009c0ef79e8a48e8e1066d9ff9193b37d3a.tar.gz | |
Merge pull request #641 from AFLplusplus/dev
Dev
| -rwxr-xr-x | afl-cmin | 44 | ||||
| -rw-r--r-- | docs/Changelog.md | 1 | ||||
| -rw-r--r-- | src/afl-common.c | 5 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 2 | ||||
| -rwxr-xr-x | test/test-llvm.sh | 1 | ||||
| -rw-r--r-- | utils/afl_untracer/afl-untracer.c | 4 |
6 files changed, 34 insertions, 23 deletions
diff --git a/afl-cmin b/afl-cmin index 292d9d9d..eef2b7ef 100755 --- a/afl-cmin +++ b/afl-cmin @@ -366,33 +366,35 @@ BEGIN { cp_tool = "cp" } - # Make sure that we can actually get anything out of afl-showmap before we - # waste too much time. + if (!ENVIRON["AFL_SKIP_BIN_CHECK"]) { + # Make sure that we can actually get anything out of afl-showmap before we + # waste too much time. - print "[*] Testing the target binary..." + print "[*] Testing the target binary..." - if (!stdin_file) { - system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"first_file"\"") - } else { - system("cp "in_dir"/"first_file" "stdin_file) - system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -A \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") - } + if (!stdin_file) { + system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"first_file"\"") + } else { + system("cp "in_dir"/"first_file" "stdin_file) + system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -A \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") + } - first_count = 0 + first_count = 0 - runtest = trace_dir"/.run_test" - while ((getline < runtest) > 0) { - ++first_count - } + runtest = trace_dir"/.run_test" + while ((getline < runtest) > 0) { + ++first_count + } - if (first_count) { - print "[+] OK, "first_count" tuples recorded." - } else { - print "[-] Error: no instrumentation output detected (perhaps crash or timeout)." > "/dev/stderr" - if (!ENVIRON["AFL_KEEP_TRACES"]) { - system("rm -rf "trace_dir" 2>/dev/null") + if (first_count) { + print "[+] OK, "first_count" tuples recorded." + } else { + print "[-] Error: no instrumentation output detected (perhaps crash or timeout)." > "/dev/stderr" + if (!ENVIRON["AFL_KEEP_TRACES"]) { + system("rm -rf "trace_dir" 2>/dev/null") + } + exit 1 } - exit 1 } # Let's roll! diff --git a/docs/Changelog.md b/docs/Changelog.md index c2ed0a12..ac75c68d 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,6 +10,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. ### Version ++3.01a (release) + - fix crash for very, very fast targets+systems, thanks for reporting @mhlakhani - added dummy Makefile to instrumentation/ - allow instrumenting LLVMFuzzerTestOneInput diff --git a/src/afl-common.c b/src/afl-common.c index 4df22394..6dc8abe0 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -26,6 +26,7 @@ #include <stdlib.h> #include <stdio.h> #include <strings.h> +#include <math.h> #include "debug.h" #include "alloc-inl.h" @@ -786,6 +787,10 @@ u8 *u_stringify_float(u8 *buf, double val) { sprintf(buf, "%0.01f", val); + } else if (unlikely(isnan(val) || isfinite(val))) { + + strcpy(buf, "999.9"); + } else { return u_stringify_int(buf, (u64)val); diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 321bbb35..50e2ef15 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -371,6 +371,8 @@ void show_stats(afl_state_t *afl) { if (!afl->stats_last_execs) { + if (unlikely(cur_ms == afl->start_time)) --afl->start_time; + afl->stats_avg_exec = ((double)afl->fsrv.total_execs) * 1000 / (cur_ms - afl->start_time); diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 4fcaf367..d9b26763 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -133,6 +133,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { } rm -f test-instr.instrim test.out } || { + cat test.out $ECHO "$RED[!] llvm_mode InsTrim compilation failed" CODE=1 } diff --git a/utils/afl_untracer/afl-untracer.c b/utils/afl_untracer/afl-untracer.c index cb6f948c..695f8dd1 100644 --- a/utils/afl_untracer/afl-untracer.c +++ b/utils/afl_untracer/afl-untracer.c @@ -568,7 +568,7 @@ void setup_trap_instrumentation(void) { lib_addr[offset] = 0xcc; // replace instruction with debug trap if (debug) fprintf(stderr, - "Patch entry: %p[%x] = %p = %02x -> SHADOW(%p) #%d -> %08x\n", + "Patch entry: %p[%lx] = %p = %02x -> SHADOW(%p) #%d -> %08x\n", lib_addr, offset, lib_addr + offset, orig_byte, shadow, bitmap_index, *shadow); @@ -582,7 +582,7 @@ void setup_trap_instrumentation(void) { *patch_bytes = 0xd4200000; // replace instruction with debug trap if (debug) fprintf(stderr, - "Patch entry: %p[%x] = %p = %02x -> SHADOW(%p) #%d -> %016x\n", + "Patch entry: %p[%lx] = %p = %02x -> SHADOW(%p) #%d -> %016x\n", lib_addr, offset, lib_addr + offset, orig_bytes, shadow, bitmap_index, *shadow); |