diff options
| author | Heiko Eißfeldt <heikoi@hexco.de> | 2019-06-30 10:06:20 +0200 |
|---|---|---|
| committer | Heiko Eißfeldt <heikoi@hexco.de> | 2019-06-30 10:37:14 +0200 |
| commit | d9ff84e39ecad47deec8808ea127fd90d9f5e8ef (patch) | |
| tree | 410806806488ae623f0544044336a2a6f5f4c632 /llvm_mode | |
| parent | c083fd895c67bcf2abd1574e50fe0859361066ea (diff) | |
| download | afl++-d9ff84e39ecad47deec8808ea127fd90d9f5e8ef.tar.gz | |
Refactor to use an alternative method for shared memory.
If USEMMAP is defined, the shared memory segment is created/attached etc. now by shm_open() and mmap(). This API is hopefully more often available (at least for iOS). In order to reduce code duplication I have added new files sharedmem.[ch] which now encapsulate the shared memory method. This is based on the work of Proteas to support iOS fuzzing (thanks). https://github.com/Proteas/afl-ios/commit/866af8ad1cb230d5d753b546380a4af1e55d6946 Currently this is in an experimental status yet. Please report whether this variant works on 32 and 64 bit and on the supported platforms. This branch enables USEMMAP and has been tested on Linux. There is no auto detection for the mmap API yet.
Diffstat (limited to 'llvm_mode')
| -rw-r--r-- | llvm_mode/Makefile | 2 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 27 |
2 files changed, 28 insertions, 1 deletions
diff --git a/llvm_mode/Makefile b/llvm_mode/Makefile index 6b277536..0cb2e1c5 100644 --- a/llvm_mode/Makefile +++ b/llvm_mode/Makefile @@ -33,7 +33,7 @@ endif CFLAGS ?= -O3 -funroll-loops CFLAGS += -Wall -D_FORTIFY_SOURCE=2 -g -Wno-pointer-sign \ -DAFL_PATH=\"$(HELPER_PATH)\" -DBIN_PATH=\"$(BIN_PATH)\" \ - -DVERSION=\"$(VERSION)\" + -DVERSION=\"$(VERSION)\" -DUSEMMAP=1 -lrt ifdef AFL_TRACE_PC CFLAGS += -DUSE_TRACE_PC=1 endif diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 342dcc90..debde204 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -44,6 +44,9 @@ # define CONST_PRIO 0 #endif /* ^USE_TRACE_PC */ +#include <sys/mman.h> +#include <fcntl.h> + /* Globals needed by the injected instrumentation. The __afl_area_initial region is used for instrumentation output before __afl_map_shm() has a chance to run. @@ -71,10 +74,34 @@ static void __afl_map_shm(void) { hacky .init code to work correctly in projects such as OpenSSL. */ if (id_str) { +#ifdef USEMMAP + const char *shm_file_path = id_str; + int shm_fd = -1; + unsigned char *shm_base = NULL; + + /* create the shared memory segment as if it was a file */ + shm_fd = shm_open(shm_file_path, O_RDWR, 0600); + if (shm_fd == -1) { + printf("shm_open() failed\n"); + exit(1); + } + + /* map the shared memory segment to the address space of the process */ + shm_base = mmap(0, MAP_SIZE, PROT_READ | PROT_WRITE, MAP_SHARED, shm_fd, 0); + if (shm_base == MAP_FAILED) { + close(shm_fd); + shm_fd = -1; + printf("mmap() failed\n"); + exit(2); + } + + __afl_area_ptr = shm_base; +#else u32 shm_id = atoi(id_str); __afl_area_ptr = shmat(shm_id, NULL, 0); +#endif /* Whooooops. */ |