diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-09-02 18:49:43 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-09-02 18:49:43 +0200 |
| commit | b24639d0113e15933e749ea0f96abe3f25a134a0 (patch) | |
| tree | 4272020625c80c0d6982d3787bebc573c0da01b8 /llvm_mode/afl-llvm-rt.o.c | |
| parent | 2ae4ca91b48407add0e940ee13bd8b385e319a7a (diff) | |
| download | afl++-b24639d0113e15933e749ea0f96abe3f25a134a0.tar.gz | |
run code formatter
Diffstat (limited to 'llvm_mode/afl-llvm-rt.o.c')
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 55 |
1 files changed, 31 insertions, 24 deletions
diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index e6d9b993..bc38f1ec 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -20,7 +20,7 @@ */ #ifdef __ANDROID__ - #include "android-ashmem.h" +# include "android-ashmem.h" #endif #include "config.h" #include "types.h" @@ -50,10 +50,9 @@ #include <sys/mman.h> #include <fcntl.h> - /* Globals needed by the injected instrumentation. The __afl_area_initial region - is used for instrumentation output before __afl_map_shm() has a chance to run. - It will end up as .comm, so it shouldn't be too wasteful. */ + is used for instrumentation output before __afl_map_shm() has a chance to + run. It will end up as .comm, so it shouldn't be too wasteful. */ u8 __afl_area_initial[MAP_SIZE]; u8* __afl_area_ptr = __afl_area_initial; @@ -64,43 +63,46 @@ u32 __afl_prev_loc; __thread u32 __afl_prev_loc; #endif - /* Running in persistent mode? */ static u8 is_persistent; - /* SHM setup. */ static void __afl_map_shm(void) { - u8 *id_str = getenv(SHM_ENV_VAR); + u8* id_str = getenv(SHM_ENV_VAR); /* If we're running under AFL, attach to the appropriate region, replacing the early-stage __afl_area_initial region that is needed to allow some really hacky .init code to work correctly in projects such as OpenSSL. */ if (id_str) { + #ifdef USEMMAP - const char *shm_file_path = id_str; - int shm_fd = -1; - unsigned char *shm_base = NULL; + const char* shm_file_path = id_str; + int shm_fd = -1; + unsigned char* shm_base = NULL; /* create the shared memory segment as if it was a file */ shm_fd = shm_open(shm_file_path, O_RDWR, 0600); if (shm_fd == -1) { + printf("shm_open() failed\n"); exit(1); + } /* map the shared memory segment to the address space of the process */ shm_base = mmap(0, MAP_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, shm_fd, 0); if (shm_base == MAP_FAILED) { + close(shm_fd); shm_fd = -1; printf("mmap() failed\n"); exit(2); + } __afl_area_ptr = shm_base; @@ -112,7 +114,7 @@ static void __afl_map_shm(void) { /* Whooooops. */ - if (__afl_area_ptr == (void *)-1) _exit(1); + if (__afl_area_ptr == (void*)-1) _exit(1); /* Write something into the bitmap so that even with low AFL_INST_RATIO, our parent doesn't give up on us. */ @@ -123,16 +125,15 @@ static void __afl_map_shm(void) { } - /* Fork server logic. */ static void __afl_start_forkserver(void) { static u8 tmp[4]; - s32 child_pid; + s32 child_pid; + + u8 child_stopped = 0; - u8 child_stopped = 0; - void (*old_sigchld_handler)(int) = signal(SIGCHLD, SIG_DFL); /* Phone home and tell the parent that we're OK. If parent isn't there, @@ -154,8 +155,10 @@ static void __afl_start_forkserver(void) { process. */ if (child_stopped && was_killed) { + child_stopped = 0; if (waitpid(child_pid, &status, 0) < 0) _exit(1); + } if (!child_stopped) { @@ -168,12 +171,13 @@ static void __afl_start_forkserver(void) { /* In child process: close fds, resume execution. */ if (!child_pid) { + signal(SIGCHLD, old_sigchld_handler); close(FORKSRV_FD); close(FORKSRV_FD + 1); return; - + } } else { @@ -207,7 +211,6 @@ static void __afl_start_forkserver(void) { } - /* A simplified persistent mode handler, used as explained in README.llvm. */ int __afl_persistent_loop(unsigned int max_cnt) { @@ -227,9 +230,10 @@ int __afl_persistent_loop(unsigned int max_cnt) { memset(__afl_area_ptr, 0, MAP_SIZE); __afl_area_ptr[0] = 1; __afl_prev_loc = 0; + } - cycle_cnt = max_cnt; + cycle_cnt = max_cnt; first_pass = 0; return 1; @@ -262,7 +266,6 @@ int __afl_persistent_loop(unsigned int max_cnt) { } - /* This one can be called from user code when deferred forkserver mode is enabled. */ @@ -280,7 +283,6 @@ void __afl_manual_init(void) { } - /* Proper initialization routine. */ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) { @@ -293,7 +295,6 @@ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) { } - /* The following stuff deals with supporting -fsanitize-coverage=trace-pc-guard. It remains non-operational in the traditional, plugin-backed LLVM mode. For more info about 'trace-pc-guard', see README.llvm. @@ -302,9 +303,10 @@ __attribute__((constructor(CONST_PRIO))) void __afl_auto_init(void) { edge (as opposed to every basic block). */ void __sanitizer_cov_trace_pc_guard(uint32_t* guard) { + __afl_area_ptr[*guard]++; -} +} /* Init callback. Populates instrumentation IDs. Note that we're using ID of 0 as a special value to indicate non-instrumented bits. That may @@ -321,8 +323,10 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) { if (x) inst_ratio = atoi(x); if (!inst_ratio || inst_ratio > 100) { + fprintf(stderr, "[-] ERROR: Invalid AFL_INST_RATIO (must be 1-100).\n"); abort(); + } /* Make sure that the first element in the range is always set - we use that @@ -333,11 +337,14 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t* start, uint32_t* stop) { while (start < stop) { - if (R(100) < inst_ratio) *start = R(MAP_SIZE - 1) + 1; - else *start = 0; + if (R(100) < inst_ratio) + *start = R(MAP_SIZE - 1) + 1; + else + *start = 0; start++; } } + |