diff options
| author | van Hauser <vh@thc.org> | 2020-05-25 16:40:55 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-05-25 16:40:55 +0200 |
| commit | 707145c491366825b5595eada29fbb2e87e800fd (patch) | |
| tree | d18c72f88e2d69b171a71815d62e3dedf92b0270 /include | |
| parent | 4c394a9d7b0477811531e8567dccb043a9c4a279 (diff) | |
| download | afl++-707145c491366825b5595eada29fbb2e87e800fd.tar.gz | |
persistent mode: shared memory test case transfer
Diffstat (limited to 'include')
| -rw-r--r-- | include/afl-fuzz.h | 1 | ||||
| -rw-r--r-- | include/config.h | 4 | ||||
| -rw-r--r-- | include/forkserver.h | 8 | ||||
| -rw-r--r-- | include/types.h | 3 |
4 files changed, 15 insertions, 1 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 6e74f824..32ae2a58 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -342,6 +342,7 @@ typedef struct afl_state { afl_forkserver_t fsrv; sharedmem_t shm; + sharedmem_t * shm_fuzz; afl_env_vars_t afl_env; char **argv; /* argv if needed */ diff --git a/include/config.h b/include/config.h index 6fde8b36..57efd0f6 100644 --- a/include/config.h +++ b/include/config.h @@ -304,6 +304,10 @@ #define SHM_ENV_VAR "__AFL_SHM_ID" +/* Environment variable used to pass SHM FUZZ ID to the called program. */ + +#define SHM_FUZZ_ENV_VAR "__AFL_SHM_FUZZ_ID" + /* Other less interesting, internal-only variables. */ #define CLANG_ENV_VAR "__AFL_CLANG_MODE" diff --git a/include/forkserver.h b/include/forkserver.h index e8ac2837..00555d7e 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -73,10 +73,18 @@ typedef struct afl_forkserver { u8 last_kill_signal; /* Signal that killed the child */ + u8 use_shdmen_fuzz; /* use shared mem for test cases */ + + u8 support_shdmen_fuzz; /* set by afl-fuzz */ + u8 use_fauxsrv; /* Fauxsrv for non-forking targets? */ u8 qemu_mode; /* if running in qemu mode or not */ + u32 shdmem_fuzz_len; /* length of the fuzzing test case */ + + u8 *shdmem_fuzz; /* allocated memory for fuzzing */ + char *cmplog_binary; /* the name of the cmplog binary */ /* Function to kick off the forkserver child */ diff --git a/include/types.h b/include/types.h index f95c4be2..95ca2689 100644 --- a/include/types.h +++ b/include/types.h @@ -43,10 +43,11 @@ typedef uint32_t u32; #define FS_ERROR_MMAP 16 /* Reporting options */ -#define FS_OPT_ENABLED 0x8f000001 +#define FS_OPT_ENABLED 0x80000001 #define FS_OPT_MAPSIZE 0x40000000 #define FS_OPT_SNAPSHOT 0x20000000 #define FS_OPT_AUTODICT 0x10000000 +#define FS_OPT_SHDMEM_FUZZ 0x01000000 // FS_OPT_MAX_MAPSIZE is 8388608 = 0x800000 = 2^23 = 1 << 22 #define FS_OPT_MAX_MAPSIZE ((0x00fffffe >> 1) + 1) #define FS_OPT_GET_MAPSIZE(x) (((x & 0x00fffffe) >> 1) + 1) |