diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-01-31 18:49:22 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-01-31 18:49:22 +0100 |
| commit | f5d46187023b23beff9797e8b461a9a041db3e9f (patch) | |
| tree | 663721ab16157c5d6e5ebae5580d501a93b985e6 | |
| parent | e5f081586d64a1ee4734a9d95dd2ab86d9e486c4 (diff) | |
| download | afl++-f5d46187023b23beff9797e8b461a9a041db3e9f.tar.gz | |
stop the fuzzer if AFL_QEMU_PERSISTENT_ADDR is wrong
| -rw-r--r-- | qemu_mode/patches/afl-qemu-cpu-inl.h | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 6 |
2 files changed, 9 insertions, 1 deletions
diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index ec8ce735..73be87ce 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -272,6 +272,8 @@ static void afl_forkserver(CPUState *cpu) { if (write(FORKSRV_FD + 1, tmp, 4) != 4) return; afl_forksrv_pid = getpid(); + + int first_run = 1; /* All right, let's await orders... */ @@ -349,6 +351,8 @@ static void afl_forkserver(CPUState *cpu) { again. */ if (WIFSTOPPED(status)) child_stopped = 1; + else if(unlikely(first_run)) exit(12); // Persistent is wrong + first_run = 0; if (write(FORKSRV_FD + 1, &status, 4) != 4) exit(7); diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 79573932..95c2c5d4 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -189,7 +189,11 @@ u8 run_target(char** argv, u32 timeout) { " - The binary, at least in some circumstances, exits in a way " "that\n" " also kills the parent process - raise() could be the " - "culprit.\n\n" + "culprit.\n" + " - If using persistent mode with QEMU, AFL_QEMU_PERSISTENT_ADDR " + "is\n" + " probably not valid (hint: add the base address in case of PIE)" + "\n\n" "If all else fails you can disable the fork server via " "AFL_NO_FORKSRV=1.\n", mem_limit); |