diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-08-06 20:26:06 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-08-06 20:26:06 +0200 |
| commit | d94681186dc4c3ff4d2fe873a744c4972f49fd56 (patch) | |
| tree | a49a272d5ec38cf08139023a8214444f3c966a97 /llvm_mode | |
| parent | 58a710d192167dfd9b5e8805c050588e9c0b0baa (diff) | |
| parent | 716eb226b282c06c47853d20e46a62bc2f75435a (diff) | |
| download | afl++-d94681186dc4c3ff4d2fe873a744c4972f49fd56.tar.gz | |
Merge branch 'dev' of github.com:vanhauser-thc/AFLplusplus into dev
Diffstat (limited to 'llvm_mode')
| -rw-r--r-- | llvm_mode/README.persistent_mode.md | 26 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 2 |
2 files changed, 27 insertions, 1 deletions
diff --git a/llvm_mode/README.persistent_mode.md b/llvm_mode/README.persistent_mode.md index 4f0bcb2e..5ed59a58 100644 --- a/llvm_mode/README.persistent_mode.md +++ b/llvm_mode/README.persistent_mode.md @@ -115,6 +115,32 @@ will keep working normally when compiled with a tool other than afl-clang-fast. Finally, recompile the program with afl-clang-fast (afl-gcc or afl-clang will *not* generate a deferred-initialization binary) - and you should be all set! +*NOTE:* In the code between `main` and `__AFL_INIT()` should not be any code +run that is instrumented - otherwise a crash might occure. +In case this is useful (e.g. for expensive one time initialization) you can +try to do the following: + +Add after the includes: +``` +extern unsigned char *__afl_area_ptr; +#define MAX_DUMMY_SIZE 256000 + +__attribute__((constructor(10))) void __afl_protect(void) { +#ifdef MAP_FIXED_NOREPLACE + __afl_area_ptr = (unsigned char*) mmap((void *)0x10000, MAX_DUMMY_SIZE, PROT_READ | PROT_WRITE, MAP_FIXED_NOREPLACE | MAP_SHARED | MAP_ANONYMOUS, -1, 0); + if ((uint64_t)__afl_area_ptr == -1) +#endif + __afl_area_ptr = (unsigned char*) mmap((void *)0x10000, MAX_DUMMY_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0); + if ((uint64_t)__afl_area_ptr == -1) + __afl_area_ptr = (unsigned char*) mmap(NULL, MAX_DUMMY_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0); +} + +``` +and just before `__AFL_INIT()`: +``` + munmap(__afl_area_ptr, MAX_DUMMY_SIZE); +``` + ## 4) persistent mode Some libraries provide APIs that are stateless, or whose state can be reset in diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 47a2881b..d67862f8 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -101,7 +101,7 @@ __thread u32 __afl_cmp_counter; int __afl_sharedmem_fuzzing __attribute__((weak)); -struct cmp_map *__afl_cmp_map; +struct cmp_map *__afl_cmp_map = (struct cmp_map *) __afl_area_initial; /* Running in persistent mode? */ |