Merge pull request #28 from JoeyJiao/mine_android

Port for Android

11 files changed, 116 insertions, 3 deletions

diff --git a/Android.mk b/Android.mk
new file mode 120000
index 00000000..33ceb8f0
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1 @@
+Makefile
\ No newline at end of file
diff --git a/afl-analyze.c b/afl-analyze.c
index 53b694ec..0e8c9fb0 100644
--- a/afl-analyze.c
+++ b/afl-analyze.c
@@ -21,6 +21,9 @@
 
 #define AFL_MAIN
 
+#ifdef __ANDROID__
+  #include "android-ashmem.h"
+#endif
 #include "config.h"
 #include "types.h"
 #include "debug.h"
diff --git a/afl-fuzz.c b/afl-fuzz.c
index e9fb8bf0..0e252bea 100644
--- a/afl-fuzz.c
+++ b/afl-fuzz.c
@@ -28,6 +28,9 @@
 #endif
 #define _FILE_OFFSET_BITS 64
 
+#ifdef __ANDROID__
+  #include "android-ashmem.h"
+#endif
 #include "config.h"
 #include "types.h"
 #include "debug.h"
@@ -11318,6 +11321,7 @@ static void check_term_size(void) {
 
   if (ioctl(1, TIOCGWINSZ, &ws)) return;
 
+  if (ws.ws_row == 0 || ws.ws_col == 0) return;
   if (ws.ws_row < 24 || ws.ws_col < 79) term_too_small = 1;
 
 }
@@ -12370,8 +12374,8 @@ int main(int argc, char** argv) {
     if (unicorn_mode) FATAL("-U and -n are mutually exclusive");
 
   }
-
-  if (index(argv[optind], '/') == NULL) WARNF(cLRD "Target binary called without a prefixed path, make sure you are fuzzing the right binary: " cRST "%s", argv[optind]);
+  
+  if (strchr(argv[optind], '/') == NULL) WARNF(cLRD "Target binary called without a prefixed path, make sure you are fuzzing the right binary: " cRST "%s", argv[optind]);
 
   OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" Eissfeldt and Andrea Fioraldi");
   OKF("afl++ is open source, get it at https://github.com/vanhauser-thc/AFLplusplus");
diff --git a/afl-gotcpu.c b/afl-gotcpu.c
index 4163ad65..8c04b205 100644
--- a/afl-gotcpu.c
+++ b/afl-gotcpu.c
@@ -28,6 +28,9 @@
 #define AFL_MAIN
 #define _GNU_SOURCE
 
+#ifdef __ANDROID__
+  #include "android-ashmem.h"
+#endif
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
diff --git a/afl-showmap.c b/afl-showmap.c
index bce7cb4e..a490bca6 100644
--- a/afl-showmap.c
+++ b/afl-showmap.c
@@ -23,6 +23,9 @@
 
 #define AFL_MAIN
 
+#ifdef __ANDROID__
+  #include "android-ashmem.h"
+#endif
 #include "config.h"
 #include "types.h"
 #include "debug.h"
diff --git a/afl-tmin.c b/afl-tmin.c
index 94f3bb3f..a36acd10 100644
--- a/afl-tmin.c
+++ b/afl-tmin.c
@@ -21,6 +21,9 @@
 
 #define AFL_MAIN
 
+#ifdef __ANDROID__
+  #include "android-ashmem.h"
+#endif
 #include "config.h"
 #include "types.h"
 #include "debug.h"
diff --git a/afl-whatsup b/afl-whatsup
index a4d30418..c1e41529 100755
--- a/afl-whatsup
+++ b/afl-whatsup
@@ -54,7 +54,7 @@ fi
 
 CUR_TIME=`date +%s`
 
-TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || exit 1
+TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1
 
 ALIVE_CNT=0
 DEAD_CNT=0
diff --git a/android-ashmem.h b/android-ashmem.h
new file mode 100644
index 00000000..a787c04b
--- /dev/null
+++ b/android-ashmem.h
@@ -0,0 +1,81 @@
+#ifndef _ANDROID_ASHMEM_H
+#define _ANDROID_ASHMEM_H
+
+#include <fcntl.h>
+#include <linux/shm.h>
+#include <linux/ashmem.h>
+#include <sys/ioctl.h>
+#include <sys/mman.h>
+
+#if __ANDROID_API__ >= 26
+#define shmat bionic_shmat
+#define shmctl bionic_shmctl
+#define shmdt bionic_shmdt
+#define shmget bionic_shmget
+#endif
+ #include <sys/shm.h>
+#undef shmat
+#undef shmctl
+#undef shmdt
+#undef shmget
+#include <stdio.h>
+
+#define ASHMEM_DEVICE	"/dev/ashmem"
+
+static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf)
+{
+		int ret = 0;
+		if (__cmd == IPC_RMID) {
+			int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL);
+			struct ashmem_pin pin = {0, length};
+			ret = ioctl(__shmid, ASHMEM_UNPIN, &pin);
+			close(__shmid);
+		}
+
+		return ret;
+}
+
+static inline int shmget (key_t __key, size_t __size, int __shmflg)
+{
+	int fd,ret;
+	char ourkey[11];
+
+	fd = open(ASHMEM_DEVICE, O_RDWR);
+	if (fd < 0)
+		return fd;
+
+	sprintf(ourkey,"%d",__key);
+	ret = ioctl(fd, ASHMEM_SET_NAME, ourkey);
+	if (ret < 0)
+		goto error;
+
+	ret = ioctl(fd, ASHMEM_SET_SIZE, __size);
+	if (ret < 0)
+		goto error;
+
+	return fd;
+
+error:
+	close(fd);
+	return ret;
+}
+
+static inline void *shmat (int __shmid, const void *__shmaddr, int __shmflg)
+{
+  int size;
+  void *ptr;
+  
+  size = ioctl(__shmid, ASHMEM_GET_SIZE, NULL);
+  if (size < 0) {
+    return NULL;
+  }
+
+  ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, __shmid, 0);
+  if (ptr == MAP_FAILED) {
+    return NULL;
+  }
+  
+  return ptr;
+}
+
+#endif
diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc
index cfeff968..bdad835f 100644
--- a/llvm_mode/afl-llvm-pass.so.cc
+++ b/llvm_mode/afl-llvm-pass.so.cc
@@ -129,9 +129,14 @@ bool AFLCoverage::runOnModule(Module &M) {
       new GlobalVariable(M, PointerType::get(Int8Ty, 0), false,
                          GlobalValue::ExternalLinkage, 0, "__afl_area_ptr");
 
+#ifdef __ANDROID__
+  GlobalVariable *AFLPrevLoc = new GlobalVariable(
+      M, Int32Ty, false, GlobalValue::ExternalLinkage, 0, "__afl_prev_loc");
+#else
   GlobalVariable *AFLPrevLoc = new GlobalVariable(
       M, Int32Ty, false, GlobalValue::ExternalLinkage, 0, "__afl_prev_loc",
       0, GlobalVariable::GeneralDynamicTLSModel, 0, false);
+#endif
 
   /* Instrument all the things! */
 
diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c
index debde204..67208454 100644
--- a/llvm_mode/afl-llvm-rt.o.c
+++ b/llvm_mode/afl-llvm-rt.o.c
@@ -19,6 +19,9 @@
 
 */
 
+#ifdef __ANDROID__
+  #include "android-ashmem.h"
+#endif
 #include "../config.h"
 #include "../types.h"
 
@@ -55,7 +58,11 @@
 u8  __afl_area_initial[MAP_SIZE];
 u8* __afl_area_ptr = __afl_area_initial;
 
+#ifdef __ANDROID__
+u32 __afl_prev_loc;
+#else
 __thread u32 __afl_prev_loc;
+#endif
 
 
 /* Running in persistent mode? */
diff --git a/sharedmem.c b/sharedmem.c
index 3fd38444..ce3b76e6 100644
--- a/sharedmem.c
+++ b/sharedmem.c
@@ -4,6 +4,9 @@
 
 #define AFL_MAIN
 
+#ifdef __ANDROID__
+  #include "android-ashmem.h"
+#endif
 #include "config.h"
 #include "types.h"
 #include "debug.h"