diff options
| author | vanhauser-thc <vh@thc.org> | 2021-03-24 18:18:05 +0100 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-03-24 18:18:05 +0100 |
| commit | 958436be4ba057e8409787e7ff4ddcfa095c46da (patch) | |
| tree | 9d61e6f2bdd6dfd1ccc20795d730aacbc6f2395e | |
| parent | d3f69ab4c6d4f1e2eb3349eec3f1cb9313081151 (diff) | |
| download | afl++-958436be4ba057e8409787e7ff4ddcfa095c46da.tar.gz | |
ifdef for record
| -rw-r--r-- | include/config.h | 9 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 8 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 30 |
3 files changed, 40 insertions, 7 deletions
diff --git a/include/config.h b/include/config.h index 60872785..f6dbfae0 100644 --- a/include/config.h +++ b/include/config.h @@ -60,6 +60,15 @@ /* Now non-cmplog configuration options */ + +/* If a persistent target keeps state and found crashes are not reproducable + then enable this option and set the AFL_PERSISTENT_RECORD env variable + to a number. These number of testcases prior the crash will be kept and + also written to the crash/ directory */ + +#define AFL_PERSISTENT_RECORD + + /* console output colors: There are three ways to configure its behavior * 1. default: colored outputs fixed on: defined USE_COLOR && defined * ALWAYS_COLORED The env var. AFL_NO_COLOR will have no effect diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 2ab1304e..4e4f92d6 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -365,6 +365,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!be_quiet) { ACTF("Spinning up the fork server..."); } +#ifdef AFL_PERSISTENT_RECORD if (unlikely(fsrv->persistent_record)) { fsrv->persistent_record_data = @@ -379,6 +380,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } } +#endif if (fsrv->use_fauxsrv) { @@ -1014,6 +1016,7 @@ u32 afl_fsrv_get_mapsize(afl_forkserver_t *fsrv, char **argv, void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { +#ifdef AFL_PERSISTENT_RECORD if (unlikely(fsrv->persistent_record)) { fsrv->persistent_record_len[fsrv->persistent_record_idx] = len; @@ -1036,6 +1039,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { } } +#endif if (likely(fsrv->use_shmem_fuzz && fsrv->shmem_fuzz)) { @@ -1149,6 +1153,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, } +#ifdef AFL_PERSISTENT_RECORD // end of persistent loop? if (unlikely(fsrv->persistent_record && fsrv->persistent_record_pid != fsrv->child_pid)) { @@ -1165,6 +1170,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, fsrv->persistent_record_len[idx] = val; } +#endif if (fsrv->child_pid <= 0) { @@ -1264,6 +1270,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, (fsrv->uses_crash_exitcode && WEXITSTATUS(fsrv->child_status) == fsrv->crash_exitcode))) { +#ifdef AFL_PERSISTENT_RECORD if (unlikely(fsrv->persistent_record)) { char fn[PATH_MAX]; @@ -1293,6 +1300,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, ++fsrv->persistent_record_cnt; } +#endif /* For a proper crash, set last_kill_signal to WTERMSIG, else set it to 0 */ fsrv->last_kill_signal = diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index b2c81580..d622db71 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -218,7 +218,9 @@ static void usage(u8 *argv0, int more_help) { "AFL_PATH: path to AFL support binaries\n" "AFL_PYTHON_MODULE: mutate and trim inputs with the specified Python module\n" "AFL_QUIET: suppress forkserver status messages\n" +#ifdef AFL_PERSISTENT_RECORD "AFL_PERSISTENT_RECORD: record the last X inputs to every crash in out/crashes\n" +#endif "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n" @@ -249,7 +251,13 @@ static void usage(u8 *argv0, int more_help) { SAYF("Compiled with %s module support, see docs/custom_mutator.md\n", (char *)PYTHON_VERSION); #else - SAYF("Compiled without python module support\n"); + SAYF("Compiled without python module support.\n"); +#endif + +#ifdef AFL_PERSISTENT_RECORD + SAYF("Compiled with AFL_PERSISTENT_RECORD support.\n"); +#else + SAYF("Compiled without AFL_PERSISTENT_RECORD support.\n"); #endif #ifdef USEMMAP @@ -259,27 +267,27 @@ static void usage(u8 *argv0, int more_help) { #endif #ifdef ASAN_BUILD - SAYF("Compiled with ASAN_BUILD\n\n"); + SAYF("Compiled with ASAN_BUILD.\n"); #endif #ifdef NO_SPLICING - SAYF("Compiled with NO_SPLICING\n\n"); + SAYF("Compiled with NO_SPLICING.\n"); #endif #ifdef PROFILING - SAYF("Compiled with PROFILING\n\n"); + SAYF("Compiled with PROFILING.\n"); #endif #ifdef INTROSPECTION - SAYF("Compiled with INTROSPECTION\n\n"); + SAYF("Compiled with INTROSPECTION.\n"); #endif #ifdef _DEBUG - SAYF("Compiled with _DEBUG\n\n"); + SAYF("Compiled with _DEBUG.\n"); #endif #ifdef _AFL_DOCUMENT_MUTATIONS - SAYF("Compiled with _AFL_DOCUMENT_MUTATIONS\n\n"); + SAYF("Compiled with _AFL_DOCUMENT_MUTATIONS.\n"); #endif SAYF("For additional help please consult %s/README.md :)\n\n", doc_path); @@ -989,6 +997,8 @@ int main(int argc, char **argv_orig, char **envp) { if (unlikely(afl->afl_env.afl_persistent_record)) { +#ifdef AFL_PERSISTENT_RECORD + afl->fsrv.persistent_record = atoi(afl->afl_env.afl_persistent_record); if (afl->fsrv.persistent_record < 2) { @@ -999,6 +1009,12 @@ int main(int argc, char **argv_orig, char **envp) { } +#else + + FATAL("afl-fuzz was not compiled with AFL_PERSISTENT_RECORD enabled in config.h!"); + +#endif + } if (afl->fsrv.qemu_mode && getenv("AFL_USE_QASAN")) { |