Merge remote-tracking branch 'github/master' into custom_mutator

# Conflicts: # Makefile # afl-fuzz.c
author: Khaled Yakdan <yakdan@code-intelligence.de> 2019-08-01 14:22:48 +0200
committer: Khaled Yakdan <yakdan@code-intelligence.de> 2019-08-01 14:22:48 +0200
commit: ebf2c8caa590468e1eafbc257e44dc30af82e5f8 (patch)
tree: 2b277b9bde32b82c2cedf684869c96424baa005f /afl-showmap.c
parent: a949b40d11956f34c51f4546412a73e0400d1ffc (diff)
parent: 7ca22cd552ff21ac0ef7cc1ab5e6e71912752a58 (diff)
download: afl++-ebf2c8caa590468e1eafbc257e44dc30af82e5f8.tar.gz
1 files changed, 18 insertions, 86 deletions
diff --git a/afl-showmap.c b/afl-showmap.c
index 316490d8..baf8352e 100644
--- a/afl-showmap.c
+++ b/afl-showmap.c
@@ -28,6 +28,8 @@
 #include "debug.h"
 #include "alloc-inl.h"
 #include "hash.h"
+#include "sharedmem.h"
+#include "afl-common.h"
 
 #include <stdio.h>
 #include <unistd.h>
@@ -48,7 +50,7 @@
 
 static s32 child_pid;                 /* PID of the tested program         */
 
-static u8* trace_bits;                /* SHM with instrumentation bitmap   */
+       u8* trace_bits;                /* SHM with instrumentation bitmap   */
 
 static u8 *out_file,                  /* Trace output file                 */
           *doc_path,                  /* Path to docs                      */
@@ -59,8 +61,6 @@ static u32 exec_tmout;                /* Exec timeout (ms)                 */
 
 static u64 mem_limit = MEM_LIMIT;     /* Memory limit (MB)                 */
 
-static s32 shm_id;                    /* ID of the SHM region              */
-
 static u8  quiet_mode,                /* Hide non-essential messages?      */
            edges_only,                /* Ignore hit counts?                */
            cmin_mode,                 /* Generate output in afl-cmin mode? */
@@ -126,39 +126,6 @@ static void classify_counts(u8* mem, const u8* map) {
 }
 
 
-/* Get rid of shared memory (atexit handler). */
-
-static void remove_shm(void) {
-
-  shmctl(shm_id, IPC_RMID, NULL);
-
-}
-
-
-/* Configure shared memory. */
-
-static void setup_shm(void) {
-
-  u8* shm_str;
-
-  shm_id = shmget(IPC_PRIVATE, MAP_SIZE, IPC_CREAT | IPC_EXCL | 0600);
-
-  if (shm_id < 0) PFATAL("shmget() failed");
-
-  atexit(remove_shm);
-
-  shm_str = alloc_printf("%d", shm_id);
-
-  setenv(SHM_ENV_VAR, shm_str, 1);
-
-  ck_free(shm_str);
-
-  trace_bits = shmat(shm_id, NULL, 0);
-  
-  if (!trace_bits) PFATAL("shmat() failed");
-
-}
-
 /* Write results. */
 
 static u32 write_results(void) {
@@ -413,50 +380,6 @@ static void setup_signal_handlers(void) {
 }
 
 
-/* Detect @@ in args. */
-
-static void detect_file_args(char** argv) {
-
-  u32 i = 0;
-  u8* cwd = getcwd(NULL, 0);
-
-  if (!cwd) PFATAL("getcwd() failed");
-
-  while (argv[i]) {
-
-    u8* aa_loc = strstr(argv[i], "@@");
-
-    if (aa_loc) {
-
-      u8 *aa_subst, *n_arg;
-
-      if (!at_file) FATAL("@@ syntax is not supported by this tool.");
-
-      /* Be sure that we're always using fully-qualified paths. */
-
-      if (at_file[0] == '/') aa_subst = at_file;
-      else aa_subst = alloc_printf("%s/%s", cwd, at_file);
-
-      /* Construct a replacement argv value. */
-
-      *aa_loc = 0;
-      n_arg = alloc_printf("%s%s%s", argv[i], aa_subst, aa_loc + 2);
-      argv[i] = n_arg;
-      *aa_loc = '@';
-
-      if (at_file[0] != '/') ck_free(aa_subst);
-
-    }
-
-    i++;
-
-  }
-
-  free(cwd); /* not tracked */
-
-}
-
-
 /* Show banner. */
 
 static void show_banner(void) {
@@ -481,7 +404,9 @@ static void usage(u8* argv0) {
 
        "  -t msec       - timeout for each run (none)\n"
        "  -m megs       - memory limit for child process (%u MB)\n"
-       "  -Q            - use binary-only instrumentation (QEMU mode)\n\n"
+       "  -Q            - use binary-only instrumentation (QEMU mode)\n"
+       "  -U            - use Unicorn-based instrumentation (Unicorn mode)\n"
+       "                  (Not necessary, here for consistency with other afl-* tools)\n\n"  
 
        "Other settings:\n\n"
 
@@ -610,19 +535,18 @@ static char** get_qemu_argv(u8* own_loc, char** argv, int argc) {
 
 }
 
-
 /* Main entry point */
 
 int main(int argc, char** argv) {
 
   s32 opt;
-  u8  mem_limit_given = 0, timeout_given = 0, qemu_mode = 0;
+  u8  mem_limit_given = 0, timeout_given = 0, qemu_mode = 0, unicorn_mode = 0;
   u32 tcnt;
   char** use_argv;
 
   doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
 
-  while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQbc")) > 0)
+  while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQUbc")) > 0)
 
     switch (opt) {
 
@@ -719,6 +643,14 @@ int main(int argc, char** argv) {
         qemu_mode = 1;
         break;
 
+      case 'U':
+
+        if (unicorn_mode) FATAL("Multiple -U options not supported");
+        if (!mem_limit_given) mem_limit = MEM_LIMIT_UNICORN;
+
+        unicorn_mode = 1;
+        break;
+
       case 'b':
 
         /* Secret undocumented mode. Writes output in raw binary format
@@ -741,7 +673,7 @@ int main(int argc, char** argv) {
 
   if (optind == argc || !out_file) usage(argv[0]);
 
-  setup_shm();
+  setup_shm(0);
   setup_signal_handlers();
 
   set_up_environment();
@@ -753,7 +685,7 @@ int main(int argc, char** argv) {
     ACTF("Executing '%s'...\n", target_path);
   }
 
-  detect_file_args(argv + optind);
+  detect_file_args(argv + optind, at_file);
 
   if (qemu_mode)
     use_argv = get_qemu_argv(argv[0], argv + optind, argc - optind);
author	Khaled Yakdan <yakdan@code-intelligence.de>	2019-08-01 14:22:48 +0200
committer	Khaled Yakdan <yakdan@code-intelligence.de>	2019-08-01 14:22:48 +0200
commit	ebf2c8caa590468e1eafbc257e44dc30af82e5f8 (patch)
tree	2b277b9bde32b82c2cedf684869c96424baa005f /afl-showmap.c
parent	a949b40d11956f34c51f4546412a73e0400d1ffc (diff)
parent	7ca22cd552ff21ac0ef7cc1ab5e6e71912752a58 (diff)
download	afl++-ebf2c8caa590468e1eafbc257e44dc30af82e5f8.tar.gz