diff options
| author | Dominik Maier <domenukk@gmail.com> | 2020-04-13 08:54:59 +0200 |
|---|---|---|
| committer | Dominik Maier <domenukk@gmail.com> | 2020-04-13 08:54:59 +0200 |
| commit | 995e556065375c34206f6f05c8572e0758c288ef (patch) | |
| tree | 1e1748465fdf498a93b8e7b12a2d5e8e245fba7c | |
| parent | a93268acec3e244413ec2a38bb0ff80cdf554369 (diff) | |
| download | afl++-995e556065375c34206f6f05c8572e0758c288ef.tar.gz | |
cmplog forkserver tidying
| -rw-r--r-- | include/forkserver.h | 3 | ||||
| -rw-r--r-- | src/afl-analyze.c | 2 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 38 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 26 | ||||
| -rw-r--r-- | src/afl-sharedmem.c | 2 | ||||
| -rw-r--r-- | src/third_party/libradamsa/libradamsa.c | 6 | ||||
| -rw-r--r-- | src/third_party/libradamsa/radamsa.h | 14 | ||||
| -rw-r--r-- | test/unittests/unit_maybe_alloc.c | 2 |
8 files changed, 53 insertions, 40 deletions
diff --git a/include/forkserver.h b/include/forkserver.h index 444f92df..6fbaf612 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -80,10 +80,11 @@ typedef struct afl_forkserver { } afl_forkserver_t; void afl_fsrv_init(afl_forkserver_t *fsrv); +void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from); void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, volatile u8 *stop_soon_p, u8 debug_child_output); +void afl_fsrv_killall(void); void afl_fsrv_deinit(afl_forkserver_t *fsrv); -void afl_fsrv_killall(); #ifdef __APPLE__ #define MSG_FORK_ON_APPLE \ diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 66dbefab..510ec94a 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -639,7 +639,7 @@ static void handle_stop_sig(int sig) { /* Do basic preparations - persistent fds, filenames, etc. */ -static void set_up_environment() { +static void set_up_environment(void) { u8 *x; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index a7067791..9c964bf3 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -74,7 +74,6 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { fsrv->exec_tmout = EXEC_TIMEOUT; fsrv->mem_limit = MEM_LIMIT; fsrv->child_pid = -1; - fsrv->out_dir_fd = -1; fsrv->map_size = MAP_SIZE; fsrv->use_fauxsrv = 0; fsrv->prev_timed_out = 0; @@ -85,6 +84,32 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { } +/* Initialize a new forkserver instance, duplicating "global" settings */ +void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { + + fsrv_to->use_stdin = from->use_stdin; + fsrv_to->dev_null_fd = from->dev_null_fd; + fsrv_to->exec_tmout = from->exec_tmout; + fsrv_to->mem_limit = from->mem_limit; + fsrv_to->map_size = from->map_size; + +#ifndef HAVE_ARC4RANDOM + fsrv_to->dev_urandom_fd = from->dev_urandom_fd; +#endif + + // These are forkserver specific. + fsrv_to->out_fd = -1; + fsrv_to->out_dir_fd = -1; + fsrv_to->child_pid = -1; + fsrv_to->use_fauxsrv = 0; + fsrv_to->prev_timed_out = 0; + + fsrv_to->init_child_func = fsrv_exec_child; + + list_append(&fsrv_list, fsrv_to); + +} + /* Internal forkserver for dumb_mode=1 and non-forkserver mode runs. It execvs for each fork, forwarding exit codes and child pids to afl. */ @@ -599,11 +624,19 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } +static void afl_fsrv_kill(afl_forkserver_t *fsrv) { + + if (fsrv->child_pid > 0) kill(fsrv->child_pid, SIGKILL); + if (fsrv->fsrv_pid > 0) kill(fsrv->fsrv_pid, SIGKILL); + if (waitpid(fsrv->fsrv_pid, NULL, 0) <= 0) { WARNF("error waitpid\n"); } + +} + void afl_fsrv_killall() { LIST_FOREACH(&fsrv_list, afl_forkserver_t, { - if (el->child_pid > 0) kill(el->child_pid, SIGKILL); + afl_fsrv_kill(el); }); @@ -611,6 +644,7 @@ void afl_fsrv_killall() { void afl_fsrv_deinit(afl_forkserver_t *fsrv) { + afl_fsrv_kill(fsrv); list_remove(&fsrv_list, fsrv); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 73a38215..6eae2675 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1020,7 +1020,9 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->cmplog_binary) { SAYF("Spawning cmplog forkserver"); - memcpy(&afl->cmplog_fsrv, &afl->fsrv, sizeof(afl->fsrv)); + afl_fsrv_init_dup(&afl->cmplog_fsrv, &afl->fsrv); + // TODO: this is semi-nice + afl->cmplog_fsrv.cmplog_binary = afl->cmplog_binary; afl->cmplog_fsrv.init_child_func = cmplog_exec_child; afl_fsrv_start(&afl->cmplog_fsrv, afl->argv, &afl->stop_soon, afl->afl_env.afl_debug_child_output); @@ -1123,28 +1125,6 @@ int main(int argc, char **argv_orig, char **envp) { } - // if (afl->queue_cur) show_stats(afl); - - /* - * ATTENTION - the following 10 lines were copied from a PR to Google's afl - * repository - and slightly fixed. - * These lines have nothing to do with the purpose of original PR though. - * Looks like when an exit condition was completed (AFL_BENCH_JUST_ONE, - * AFL_EXIT_WHEN_DONE or AFL_BENCH_UNTIL_CRASH) the child and forkserver - * where not killed? - */ - /* if we stopped programmatically, we kill the forkserver and the current - runner. if we stopped manually, this is done by the signal handler */ - if (afl->stop_soon == 2) { - - if (afl->fsrv.child_pid > 0) kill(afl->fsrv.child_pid, SIGKILL); - if (afl->fsrv.fsrv_pid > 0) kill(afl->fsrv.fsrv_pid, SIGKILL); - /* Now that we've killed the forkserver, we wait for it to be able to get - * rusage stats. */ - if (waitpid(afl->fsrv.fsrv_pid, NULL, 0) <= 0) { WARNF("error waitpid\n"); } - - } - write_bitmap(afl); maybe_update_plot_file(afl, 0, 0); save_auto(afl); diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index 7bdf8d03..9db84e77 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -95,7 +95,7 @@ void afl_shm_deinit(sharedmem_t *shm) { /* At exit, remove all leftover maps */ -void afl_shm_atexit() { +void afl_shm_atexit(void) { LIST_FOREACH(&shm_list, sharedmem_t, { afl_shm_deinit(el); }); diff --git a/src/third_party/libradamsa/libradamsa.c b/src/third_party/libradamsa/libradamsa.c index fe91594e..27cf91bc 100644 --- a/src/third_party/libradamsa/libradamsa.c +++ b/src/third_party/libradamsa/libradamsa.c @@ -2177,7 +2177,7 @@ static uint llen(word *ptr) { return len; } -static void set_signal_handler() { +static void set_signal_handler(void) { struct sigaction sa; sa.sa_handler = signal_handler; sigemptyset(&sa.sa_mask); @@ -2312,7 +2312,7 @@ static word prim_set(word wptr, hval pos, word val) { return (word) new; } -static void setdown() { +static void setdown(void) { tcsetattr(0, TCSANOW, &tsettings); /* return stdio settings */ } @@ -30773,7 +30773,7 @@ int secondary(int nargs, char **argv) { return 127; } -void radamsa_init() { +void radamsa_init(void) { int nobjs=0, nwords=0; hp = (byte *) &heap; /* builtin heap */ state = IFALSE; diff --git a/src/third_party/libradamsa/radamsa.h b/src/third_party/libradamsa/radamsa.h index d54fa2ec..33cccde4 100644 --- a/src/third_party/libradamsa/radamsa.h +++ b/src/third_party/libradamsa/radamsa.h @@ -1,15 +1,13 @@ #include <inttypes.h> #include <stddef.h> -extern void radamsa_init(); +extern void radamsa_init(void); -extern size_t radamsa(uint8_t *ptr, size_t len, - uint8_t *target, size_t max, +extern size_t radamsa(uint8_t *ptr, size_t len, + uint8_t *target, size_t max, unsigned int seed); -extern size_t radamsa_inplace(uint8_t *ptr, - size_t len, - size_t max, +extern size_t radamsa_inplace(uint8_t *ptr, + size_t len, + size_t max, unsigned int seed); - - diff --git a/test/unittests/unit_maybe_alloc.c b/test/unittests/unit_maybe_alloc.c index a856fa08..d9c037a0 100644 --- a/test/unittests/unit_maybe_alloc.c +++ b/test/unittests/unit_maybe_alloc.c @@ -71,7 +71,7 @@ static void test_nonpow2_size(void **state) { } -static void test_zero_size() { +static void test_zero_size(void **state) { char *buf = NULL; size_t size = 0; |