diff options
| author | van Hauser <vh@thc.org> | 2020-06-05 09:42:17 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-06-05 09:42:17 +0200 |
| commit | e01cad2f7de77c4704243d7011de2bff95fd59f7 (patch) | |
| tree | abcb7cc5dae9b35b3199d871136e343c528521b9 | |
| parent | a1beb72cad5a9993e4bd437c55523824d515a72f (diff) | |
| download | afl++-e01cad2f7de77c4704243d7011de2bff95fd59f7.tar.gz | |
qemu debug
| -rw-r--r-- | examples/aflpp_driver/aflpp_qemu_driver.c | 2 | ||||
| -rw-r--r-- | examples/qemu_persistent_hook/read_into_rdi.c | 1 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-cpu-inl.h | 2 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 16 |
4 files changed, 12 insertions, 9 deletions
diff --git a/examples/aflpp_driver/aflpp_qemu_driver.c b/examples/aflpp_driver/aflpp_qemu_driver.c index ee7dde10..4f3e5f71 100644 --- a/examples/aflpp_driver/aflpp_qemu_driver.c +++ b/examples/aflpp_driver/aflpp_qemu_driver.c @@ -6,7 +6,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv); -static const size_t kMaxAflInputSize = 1 << 20; +static const size_t kMaxAflInputSize = 1 * 1024 * 1024; static uint8_t AflInputBuf[kMaxAflInputSize]; void __attribute__((noinline)) afl_qemu_driver_stdin_input(void) { diff --git a/examples/qemu_persistent_hook/read_into_rdi.c b/examples/qemu_persistent_hook/read_into_rdi.c index 180d9f00..bd6d3f45 100644 --- a/examples/qemu_persistent_hook/read_into_rdi.c +++ b/examples/qemu_persistent_hook/read_into_rdi.c @@ -1,6 +1,7 @@ #include <stdint.h> #include <stdio.h> #include <unistd.h> +#include <string.h> #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) #define h2g(x) ((uint64_t)(x)-guest_base) diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index d3893066..8feb7613 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -341,6 +341,8 @@ void afl_forkserver(CPUState *cpu) { status |= (FS_OPT_SET_MAPSIZE(MAP_SIZE) | FS_OPT_MAPSIZE); if (sharedmem_fuzzing != 0) status |= FS_OPT_SHDMEM_FUZZ; if (status) status |= (FS_OPT_ENABLED); + if (getenv("AFL_DEBUG")) + fprintf(stderr, "Debug: Sending status %08x\n", status); memcpy(tmp, &status, 4); /* Tell the parent that we're alive. If the parent doesn't want diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 7f89f0dc..505fb7a3 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -277,8 +277,8 @@ static void report_error_and_exit(int error) { break; case FS_ERROR_MMAP: FATAL( - "the fuzzing target reports that the mmap() call to the shared memory " - "failed."); + "the fuzzing target reports that the mmap() call to the shared " + "memory failed."); break; default: FATAL("unknown error code %u from fuzzing target!", error); @@ -488,16 +488,16 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!be_quiet) { OKF("All right - fork server is up."); } - if ((status & FS_OPT_ERROR) == FS_OPT_ERROR) - report_error_and_exit(FS_OPT_GET_ERROR(status)); + if (getenv("AFL_DEBUG")) { - if ((status & FS_OPT_ENABLED) == FS_OPT_ENABLED) { + ACTF("Extended forkserver functions received (%08x).", status); - if (getenv("AFL_DEBUG")) { + } - ACTF("Extended forkserver functions received (%08x).", status); + if ((status & FS_OPT_ERROR) == FS_OPT_ERROR) + report_error_and_exit(FS_OPT_GET_ERROR(status)); - } + if ((status & FS_OPT_ENABLED) == FS_OPT_ENABLED) { if ((status & FS_OPT_SNAPSHOT) == FS_OPT_SNAPSHOT) { |