add AFL_USE_TSAN

author: vanhauser-thc <vh@thc.org> 2021-11-04 15:53:17 +0100
committer: vanhauser-thc <vh@thc.org> 2021-11-04 15:53:17 +0100
commit: 6ce3d7fede6b32b522b6cc4403f7c0101cf4a4bc (patch)
tree: a043ea65c1d25dd0b5bc35ee5e4a00497c2042bb /frida_mode
parent: 5e0e385e6290e44eebef32e8b1a2438ebde572e5 (diff)
download: afl++-6ce3d7fede6b32b522b6cc4403f7c0101cf4a4bc.tar.gz
9 files changed, 63 insertions, 50 deletions
diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c
index 81d85aa1..eeebe545 100644
--- a/frida_mode/src/instrument/instrument.c
+++ b/frida_mode/src/instrument/instrument.c
@@ -347,8 +347,8 @@ void instrument_init(void) {
 #else
     tid = syscall(SYS_gettid);
 #endif
-    instrument_hash_seed = g_get_monotonic_time() ^
-                           (((guint64)getpid()) << 32) ^ tid;
+    instrument_hash_seed =
+        g_get_monotonic_time() ^ (((guint64)getpid()) << 32) ^ tid;
 
   }
 
diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c
index 4b0a648e..395d56c1 100644
--- a/frida_mode/src/instrument/instrument_arm32.c
+++ b/frida_mode/src/instrument/instrument_arm32.c
@@ -23,7 +23,9 @@ void instrument_coverage_optimize(const cs_insn *   instr,
 }
 
 void instrument_coverage_optimize_init(void) {
+
   WARNF("Optimized coverage not supported on this architecture");
+
 }
 
 void instrument_flush(GumStalkerOutput *output) {
diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c
index 80d1d845..358e8e6b 100644
--- a/frida_mode/src/instrument/instrument_arm64.c
+++ b/frida_mode/src/instrument/instrument_arm64.c
@@ -96,6 +96,7 @@ void instrument_coverage_optimize(const cs_insn *   instr,
 }
 
 void instrument_coverage_optimize_init(void) {
+
 }
 
 void instrument_flush(GumStalkerOutput *output) {
diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c
index a7eb650a..19ec81b2 100644
--- a/frida_mode/src/instrument/instrument_x64.c
+++ b/frida_mode/src/instrument/instrument_x64.c
@@ -4,12 +4,12 @@
 #include <sys/shm.h>
 
 #if defined(__linux__)
-#if !defined(__ANDROID__)
-#include <asm/prctl.h>
-#include <sys/syscall.h>
-#else
-#include <linux/ashmem.h>
-#endif
+  #if !defined(__ANDROID__)
+    #include <asm/prctl.h>
+    #include <sys/syscall.h>
+  #else
+    #include <linux/ashmem.h>
+  #endif
 #endif
 
 #include "frida-gumjs.h"
@@ -22,13 +22,13 @@
 
 #if defined(__x86_64__)
 
-#ifndef MAP_FIXED_NOREPLACE
-  #ifdef MAP_EXCL
-    #define MAP_FIXED_NOREPLACE MAP_EXCL | MAP_FIXED
-  #else
-    #define MAP_FIXED_NOREPLACE MAP_FIXED
+  #ifndef MAP_FIXED_NOREPLACE
+    #ifdef MAP_EXCL
+      #define MAP_FIXED_NOREPLACE MAP_EXCL | MAP_FIXED
+    #else
+      #define MAP_FIXED_NOREPLACE MAP_FIXED
+    #endif
   #endif
-#endif
 
 gboolean instrument_is_coverage_optimize_supported(void) {
 
@@ -53,15 +53,12 @@ typedef struct {
   //    0x7ffff6cfb08b:      pushf
   //    0x7ffff6cfb08c:      push   rsi
   //    0x7ffff6cfb08d:      mov    rsi,0x228
-  //    0x7ffff6cfb094:      xchg   QWORD PTR [rip+0x3136a5],rsi        # 0x7ffff700e740
-  //    0x7ffff6cfb09b:      xor    rsi,0x451
-  //    0x7ffff6cfb0a2:      add    BYTE PTR [rsi+0x10000],0x1
-  //    0x7ffff6cfb0a9:      adc    BYTE PTR [rsi+0x10000],0x0
-  //    0x7ffff6cfb0b0:      pop    rsi
-  //    0x7ffff6cfb0b1:      popf
+  //    0x7ffff6cfb094:      xchg   QWORD PTR [rip+0x3136a5],rsi        #
+  //    0x7ffff700e740 0x7ffff6cfb09b:      xor    rsi,0x451 0x7ffff6cfb0a2: add
+  //    BYTE PTR [rsi+0x10000],0x1 0x7ffff6cfb0a9:      adc    BYTE PTR
+  //    [rsi+0x10000],0x0 0x7ffff6cfb0b0:      pop    rsi 0x7ffff6cfb0b1: popf
   //    0x7ffff6cfb0b2:      lea    rsp,[rsp+0x80]
 
-
   uint8_t lea_rsp_rsp_sub_rz[5];
   uint8_t push_fq;
   uint8_t push_rsi;
@@ -160,16 +157,25 @@ static void instrument_coverage_optimize_map_mmap(char *   shm_file_path,
 
   __afl_area_ptr = NULL;
 
-#if !defined(__ANDROID__)
+  #if !defined(__ANDROID__)
   shm_fd = shm_open(shm_file_path, O_RDWR, DEFAULT_PERMISSION);
   if (shm_fd == -1) { FATAL("shm_open() failed\n"); }
-#else
+  #else
   shm_fd = open("/dev/ashmem", O_RDWR);
   if (shm_fd == -1) { FATAL("open() failed\n"); }
-  if (ioctl(shm_fd, ASHMEM_SET_NAME, shm_file_path) == -1) { FATAL("ioctl(ASHMEM_SET_NAME) failed"); }
-  if (ioctl(shm_fd, ASHMEM_SET_SIZE, __afl_map_size) == -1) { FATAL("ioctl(ASHMEM_SET_SIZE) failed"); }
+  if (ioctl(shm_fd, ASHMEM_SET_NAME, shm_file_path) == -1) {
 
-#endif
+    FATAL("ioctl(ASHMEM_SET_NAME) failed");
+
+  }
+
+  if (ioctl(shm_fd, ASHMEM_SET_SIZE, __afl_map_size) == -1) {
+
+    FATAL("ioctl(ASHMEM_SET_SIZE) failed");
+
+  }
+
+  #endif
 
   __afl_area_ptr = mmap(address, __afl_map_size, PROT_READ | PROT_WRITE,
                         MAP_FIXED_NOREPLACE | MAP_SHARED, shm_fd, 0);
diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c
index 1ff5c920..f90c01c2 100644
--- a/frida_mode/src/instrument/instrument_x86.c
+++ b/frida_mode/src/instrument/instrument_x86.c
@@ -84,6 +84,7 @@ void instrument_coverage_optimize(const cs_insn *   instr,
 }
 
 void instrument_coverage_optimize_init(void) {
+
 }
 
 void instrument_flush(GumStalkerOutput *output) {
diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c
index c8183d8f..3599143b 100644
--- a/frida_mode/src/main.c
+++ b/frida_mode/src/main.c
@@ -126,15 +126,16 @@ static void afl_print_cmdline(void) {
   g_free(fname);
   g_free(buffer);
 #elif defined(__APPLE__)
-  int idx;
+  int    idx;
   char **argv = *_NSGetArgv();
-  int nargv = *_NSGetArgc();
+  int    nargv = *_NSGetArgc();
 
-  for (idx = 0; idx < nargv; idx ++) {
+  for (idx = 0; idx < nargv; idx++) {
 
     OKF("AFL - COMMANDLINE: argv[%d] = %s", idx, argv[idx]);
 
   }
+
 #endif
 
 }
diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c
index c30ca65c..1ddbd5ed 100644
--- a/frida_mode/src/prefetch.c
+++ b/frida_mode/src/prefetch.c
@@ -44,8 +44,8 @@ static void gum_afl_stalker_backpatcher_notify(GumStalkerObserver *self,
       sizeof(prefetch_data->backpatch_data) - prefetch_data->backpatch_size;
   if (sizeof(gsize) + size > remaining) { return; }
 
-  gsize *dst_backpatch_size = (gsize *)
-      &prefetch_data->backpatch_data[prefetch_data->backpatch_size];
+  gsize *dst_backpatch_size =
+      (gsize *)&prefetch_data->backpatch_data[prefetch_data->backpatch_size];
   *dst_backpatch_size = size;
   prefetch_data->backpatch_size += sizeof(gsize);
 
@@ -117,7 +117,7 @@ static void prefetch_read_patches(void) {
        remaining = prefetch_data->backpatch_size - offset) {
 
     gsize *src_backpatch_data = (gsize *)&prefetch_data->backpatch_data[offset];
-    gsize size = *src_backpatch_data;
+    gsize  size = *src_backpatch_data;
     offset += sizeof(gsize);
 
     if (prefetch_data->backpatch_size - offset < size) {
diff --git a/frida_mode/src/seccomp/seccomp_callback.c b/frida_mode/src/seccomp/seccomp_callback.c
index 4232d842..ac0fb8bb 100644
--- a/frida_mode/src/seccomp/seccomp_callback.c
+++ b/frida_mode/src/seccomp/seccomp_callback.c
@@ -1,8 +1,8 @@
 #if defined(__linux__) && !defined(__ANDROID__)
 
-#if !defined(__MUSL__)
-  #include <execinfo.h>
-#endif
+  #if !defined(__MUSL__)
+    #include <execinfo.h>
+  #endif
   #include <fcntl.h>
 
   #include "seccomp.h"
@@ -16,12 +16,13 @@ static void seccomp_callback_filter(struct seccomp_notif *     req,
   GumDebugSymbolDetails details = {0};
   if (req->data.nr == SYS_OPENAT) {
 
-#if UINTPTR_MAX == 0xffffffffffffffffu
+  #if UINTPTR_MAX == 0xffffffffffffffffu
     seccomp_print("SYS_OPENAT: (%s)\n", (char *)req->data.args[1]);
-#endif
-#if UINTPTR_MAX == 0xffffffff
+  #endif
+  #if UINTPTR_MAX == 0xffffffff
     seccomp_print("SYS_OPENAT: (%s)\n", (char *)(__u32)req->data.args[1]);
-#endif
+  #endif
+
   }
 
   seccomp_print(
@@ -31,7 +32,7 @@ static void seccomp_callback_filter(struct seccomp_notif *     req,
       req->data.args[0], req->data.args[1], req->data.args[2],
       req->data.args[3], req->data.args[4], req->data.args[5]);
 
-#if !defined(__MUSL__)
+  #if !defined(__MUSL__)
   seccomp_print("FRAMES: (%u)\n", frames->len);
   char **syms = backtrace_symbols(frames->items, frames->len);
   if (syms == NULL) { FATAL("Failed to get symbols"); }
@@ -52,23 +53,24 @@ static void seccomp_callback_filter(struct seccomp_notif *     req,
   }
 
   free(syms);
-#else
+  #else
   void **syms = (void **)__builtin_frame_address(0);
-  void *framep = __builtin_frame_address(1);
-  int i = 0;
+  void * framep = __builtin_frame_address(1);
+  int    i = 0;
 
   syms = framep;
   while (syms) {
-   
-    framep = *syms;   
+
+    framep = *syms;
     syms = framep;
 
     if (!syms) break;
 
-    seccomp_print("\%3d. %s\n", i ++, (char *)framep);
+    seccomp_print("\%3d. %s\n", i++, (char *)framep);
 
   }
-#endif
+
+  #endif
 
   resp->error = 0;
   resp->val = 0;
diff --git a/frida_mode/src/seccomp/seccomp_filter.c b/frida_mode/src/seccomp/seccomp_filter.c
index 7ee5ead1..0dcc4cbb 100644
--- a/frida_mode/src/seccomp/seccomp_filter.c
+++ b/frida_mode/src/seccomp/seccomp_filter.c
@@ -2,9 +2,9 @@
 
   #include <alloca.h>
   #include <errno.h>
-#if !defined(__MUSL__)
-  #include <execinfo.h>
-#endif
+  #if !defined(__MUSL__)
+    #include <execinfo.h>
+  #endif
   #include <linux/filter.h>
   #include <sys/ioctl.h>
   #include <sys/prctl.h>
author	vanhauser-thc <vh@thc.org>	2021-11-04 15:53:17 +0100
committer	vanhauser-thc <vh@thc.org>	2021-11-04 15:53:17 +0100
commit	6ce3d7fede6b32b522b6cc4403f7c0101cf4a4bc (patch)
tree	a043ea65c1d25dd0b5bc35ee5e4a00497c2042bb /frida_mode
parent	5e0e385e6290e44eebef32e8b1a2438ebde572e5 (diff)
download	afl++-6ce3d7fede6b32b522b6cc4403f7c0101cf4a4bc.tar.gz