diff options
| author | van Hauser <vh@thc.org> | 2019-11-11 23:50:31 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2019-11-11 23:50:31 +0100 |
| commit | 760d4991f331c1a6719ce82df9b612e94c9a387c (patch) | |
| tree | 5a4817dd720ae791927a3305131196ef63cca0e4 | |
| parent | 613ab3ba2a9dcf70839e69ab2c4b32fc4b4a8a7f (diff) | |
| download | afl++-760d4991f331c1a6719ce82df9b612e94c9a387c.tar.gz | |
Android PR integration
| -rwxr-xr-x | afl-whatsup | 2 | ||||
| -rw-r--r-- | docs/ChangeLog | 1 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 2 | ||||
| -rw-r--r-- | include/android-ashmem.h | 4 | ||||
| -rw-r--r-- | include/config.h | 9 | ||||
| -rw-r--r-- | llvm_mode/afl-clang-fast.c | 1 | ||||
| -rw-r--r-- | src/afl-as.c | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-bitmap.c | 24 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 4 | ||||
| -rw-r--r-- | src/afl-gcc.c | 6 | ||||
| -rw-r--r-- | src/afl-gotcpu.c | 2 |
11 files changed, 33 insertions, 26 deletions
diff --git a/afl-whatsup b/afl-whatsup index 2666d208..01f28aab 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -61,7 +61,7 @@ fi CUR_TIME=`date +%s` -TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1 +TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1 ALIVE_CNT=0 DEAD_CNT=0 diff --git a/docs/ChangeLog b/docs/ChangeLog index c488c612..d7963d4d 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -27,6 +27,7 @@ Version ++2.58d (dev): - ripped regex.dictionary from Google afl PR - qemu and unicorn download scripts now try to download until the full download succeeded. f*ckin travis fails downloading 40% of the time! + - added the few Android stuff we didnt have already from Google afl repository - removed unnecessary warnings - added the radamsa stage diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 342205df..8717519b 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -552,7 +552,7 @@ u8 has_new_bits(u8*); u32 count_bits(u8*); u32 count_bytes(u8*); u32 count_non_255_bytes(u8*); -#ifdef __x86_64__ +#ifdef WORD_SIZE_64 void simplify_trace(u64*); void classify_counts(u64*); #else diff --git a/include/android-ashmem.h b/include/android-ashmem.h index f4d31739..984df4d4 100644 --- a/include/android-ashmem.h +++ b/include/android-ashmem.h @@ -63,7 +63,7 @@ static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) { } static inline int shmget(key_t __key, size_t __size, int __shmflg) { - + (void) __shmflg; int fd, ret; char ourkey[11]; @@ -86,7 +86,7 @@ error: } static inline void *shmat(int __shmid, const void *__shmaddr, int __shmflg) { - + (void) __shmflg; int size; void *ptr; diff --git a/include/config.h b/include/config.h index 144d3810..9c90155f 100644 --- a/include/config.h +++ b/include/config.h @@ -52,13 +52,18 @@ #define EXEC_TM_ROUND 20 +/* 64bit arch MACRO */ +#if (defined (__x86_64__) || defined (__arm64__) || defined (__aarch64__)) +#define WORD_SIZE_64 1 +#endif + /* Default memory limit for child process (MB): */ -#ifndef __x86_64__ +#ifndef WORD_SIZE_64 #define MEM_LIMIT 25 #else #define MEM_LIMIT 50 -#endif /* ^!__x86_64__ */ +#endif /* ^!WORD_SIZE_64 */ /* Default memory limit when running in QEMU mode (MB): */ diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index b2243492..b245cefa 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -205,6 +205,7 @@ static void edit_params(u32 argc, char** argv) { u8* cur = *(++argv); if (!strcmp(cur, "-m32")) bit_mode = 32; + if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32; if (!strcmp(cur, "-m64")) bit_mode = 64; if (!strcmp(cur, "-x")) x_set = 1; diff --git a/src/afl-as.c b/src/afl-as.c index 312ae0a7..a0ebb2e0 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -71,7 +71,7 @@ static u32 inst_ratio = 100, /* Instrumentation probability (%) */ instrumentation for whichever mode we were compiled with. This is not perfect, but should do the trick for almost all use cases. */ -#ifdef __x86_64__ +#ifdef WORD_SIZE_64 static u8 use_64bit = 1; @@ -83,7 +83,7 @@ static u8 use_64bit = 0; #error "Sorry, 32-bit Apple platforms are not supported." #endif /* __APPLE__ */ -#endif /* ^__x86_64__ */ +#endif /* ^WORD_SIZE_64 */ /* Examine and modify parameters to pass to 'as'. Note that the file name is always the last parameter passed by GCC, so we exploit this property diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 22876626..5d629cc0 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -73,7 +73,7 @@ void read_bitmap(u8* fname) { u8 has_new_bits(u8* virgin_map) { -#ifdef __x86_64__ +#ifdef WORD_SIZE_64 u64* current = (u64*)trace_bits; u64* virgin = (u64*)virgin_map; @@ -87,7 +87,7 @@ u8 has_new_bits(u8* virgin_map) { u32 i = (MAP_SIZE >> 2); -#endif /* ^__x86_64__ */ +#endif /* ^WORD_SIZE_64 */ u8 ret = 0; @@ -107,7 +107,7 @@ u8 has_new_bits(u8* virgin_map) { /* Looks like we have not found any new bytes yet; see if any non-zero bytes in current[] are pristine in virgin[]. */ -#ifdef __x86_64__ +#ifdef WORD_SIZE_64 if ((cur[0] && vir[0] == 0xff) || (cur[1] && vir[1] == 0xff) || (cur[2] && vir[2] == 0xff) || (cur[3] && vir[3] == 0xff) || @@ -125,7 +125,7 @@ u8 has_new_bits(u8* virgin_map) { else ret = 1; -#endif /* ^__x86_64__ */ +#endif /* ^WORD_SIZE_64 */ } @@ -244,7 +244,7 @@ const u8 simplify_lookup[256] = { }; -#ifdef __x86_64__ +#ifdef WORD_SIZE_64 void simplify_trace(u64* mem) { @@ -306,7 +306,7 @@ void simplify_trace(u32* mem) { } -#endif /* ^__x86_64__ */ +#endif /* ^WORD_SIZE_64 */ /* Destructively classify execution counts in a trace. This is used as a preprocessing step for any newly acquired traces. Called on every exec, @@ -339,7 +339,7 @@ void init_count_class16(void) { } -#ifdef __x86_64__ +#ifdef WORD_SIZE_64 void classify_counts(u64* mem) { @@ -391,7 +391,7 @@ void classify_counts(u32* mem) { } -#endif /* ^__x86_64__ */ +#endif /* ^WORD_SIZE_64 */ /* Compact trace bytes into a smaller bitmap. We effectively just drop the count information here. This is called only sporadically, for some @@ -595,11 +595,11 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) { if (!dumb_mode) { -#ifdef __x86_64__ +#ifdef WORD_SIZE_64 simplify_trace((u64*)trace_bits); #else simplify_trace((u32*)trace_bits); -#endif /* ^__x86_64__ */ +#endif /* ^WORD_SIZE_64 */ if (!has_new_bits(virgin_tmout)) return keeping; @@ -658,11 +658,11 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) { if (!dumb_mode) { -#ifdef __x86_64__ +#ifdef WORD_SIZE_64 simplify_trace((u64*)trace_bits); #else simplify_trace((u32*)trace_bits); -#endif /* ^__x86_64__ */ +#endif /* ^WORD_SIZE_64 */ if (!has_new_bits(virgin_crash)) return keeping; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index e12b06eb..c5035b63 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -221,11 +221,11 @@ u8 run_target(char** argv, u32 timeout) { tb4 = *(u32*)trace_bits; -#ifdef __x86_64__ +#ifdef WORD_SIZE_64 classify_counts((u64*)trace_bits); #else classify_counts((u32*)trace_bits); -#endif /* ^__x86_64__ */ +#endif /* ^WORD_SIZE_64 */ prev_timed_out = child_timed_out; diff --git a/src/afl-gcc.c b/src/afl-gcc.c index e0706a5f..9663b758 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -121,7 +121,7 @@ static void edit_params(u32 argc, char** argv) { u8 fortify_set = 0, asan_set = 0; u8* name; -#if defined(__FreeBSD__) && defined(__x86_64__) +#if defined(__FreeBSD__) && defined(WORD_SIZE_64) u8 m32_set = 0; #endif @@ -228,7 +228,7 @@ static void edit_params(u32 argc, char** argv) { if (!strcmp(cur, "-pipe")) continue; -#if defined(__FreeBSD__) && defined(__x86_64__) +#if defined(__FreeBSD__) && defined(WORD_SIZE_64) if (!strcmp(cur, "-m32")) m32_set = 1; #endif @@ -288,7 +288,7 @@ static void edit_params(u32 argc, char** argv) { if (!getenv("AFL_DONT_OPTIMIZE")) { -#if defined(__FreeBSD__) && defined(__x86_64__) +#if defined(__FreeBSD__) && defined(WORD_SIZE_64) /* On 64-bit FreeBSD systems, clang -g -m32 is broken, but -m32 itself works OK. This has nothing to do with us, but let's avoid triggering diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index fe5d035f..e09f0980 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -204,7 +204,7 @@ int main(int argc, char** argv) { #if defined(__linux__) if (sched_setaffinity(0, sizeof(c), &c)) - PFATAL("sched_setaffinity failed"); + PFATAL("sched_setaffinity failed for cpu %d", i); #endif util_perc = measure_preemption(CTEST_CORE_TRG_MS); |