diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-09-02 18:49:43 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-09-02 18:49:43 +0200 |
| commit | b24639d0113e15933e749ea0f96abe3f25a134a0 (patch) | |
| tree | 4272020625c80c0d6982d3787bebc573c0da01b8 /src/afl-showmap.c | |
| parent | 2ae4ca91b48407add0e940ee13bd8b385e319a7a (diff) | |
| download | afl++-b24639d0113e15933e749ea0f96abe3f25a134a0.tar.gz | |
run code formatter
Diffstat (limited to 'src/afl-showmap.c')
| -rw-r--r-- | src/afl-showmap.c | 263 |
1 files changed, 133 insertions, 130 deletions
diff --git a/src/afl-showmap.c b/src/afl-showmap.c index ee00bf22..ac3d687d 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -24,7 +24,7 @@ #define AFL_MAIN #ifdef __ANDROID__ - #include "android-ashmem.h" +# include "android-ashmem.h" #endif #include "config.h" #include "types.h" @@ -51,61 +51,54 @@ #include <sys/types.h> #include <sys/resource.h> -static s32 child_pid; /* PID of the tested program */ +static s32 child_pid; /* PID of the tested program */ - u8* trace_bits; /* SHM with instrumentation bitmap */ +u8* trace_bits; /* SHM with instrumentation bitmap */ -static u8 *out_file, /* Trace output file */ - *doc_path, /* Path to docs */ - *target_path, /* Path to target binary */ - *at_file; /* Substitution string for @@ */ +static u8 *out_file, /* Trace output file */ + *doc_path, /* Path to docs */ + *target_path, /* Path to target binary */ + *at_file; /* Substitution string for @@ */ -static u32 exec_tmout; /* Exec timeout (ms) */ +static u32 exec_tmout; /* Exec timeout (ms) */ -static u32 total, highest; /* tuple content information */ +static u32 total, highest; /* tuple content information */ -static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ +static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ -static u8 quiet_mode, /* Hide non-essential messages? */ - edges_only, /* Ignore hit counts? */ - raw_instr_output, /* Do not apply AFL filters */ - cmin_mode, /* Generate output in afl-cmin mode? */ - binary_mode, /* Write output as a binary map */ - keep_cores; /* Allow coredumps? */ +static u8 quiet_mode, /* Hide non-essential messages? */ + edges_only, /* Ignore hit counts? */ + raw_instr_output, /* Do not apply AFL filters */ + cmin_mode, /* Generate output in afl-cmin mode? */ + binary_mode, /* Write output as a binary map */ + keep_cores; /* Allow coredumps? */ -static volatile u8 - stop_soon, /* Ctrl-C pressed? */ - child_timed_out, /* Child timed out? */ - child_crashed; /* Child crashed? */ +static volatile u8 stop_soon, /* Ctrl-C pressed? */ + child_timed_out, /* Child timed out? */ + child_crashed; /* Child crashed? */ /* Classify tuple counts. Instead of mapping to individual bits, as in afl-fuzz.c, we map to more user-friendly numbers between 1 and 8. */ static const u8 count_class_human[256] = { - [0] = 0, - [1] = 1, - [2] = 2, - [3] = 3, - [4 ... 7] = 4, - [8 ... 15] = 5, - [16 ... 31] = 6, - [32 ... 127] = 7, - [128 ... 255] = 8 + [0] = 0, [1] = 1, [2] = 2, [3] = 3, + [4 ... 7] = 4, [8 ... 15] = 5, [16 ... 31] = 6, [32 ... 127] = 7, + [128 ... 255] = 8 }; static const u8 count_class_binary[256] = { - [0] = 0, - [1] = 1, - [2] = 2, - [3] = 4, - [4 ... 7] = 8, - [8 ... 15] = 16, - [16 ... 31] = 32, - [32 ... 127] = 64, - [128 ... 255] = 128 + [0] = 0, + [1] = 1, + [2] = 2, + [3] = 4, + [4 ... 7] = 8, + [8 ... 15] = 16, + [16 ... 31] = 32, + [32 ... 127] = 64, + [128 ... 255] = 128 }; @@ -116,22 +109,25 @@ static void classify_counts(u8* mem, const u8* map) { if (edges_only) { while (i--) { + if (*mem) *mem = 1; mem++; + } } else if (!raw_instr_output) { while (i--) { + *mem = map[*mem]; mem++; + } } } - /* Write results. */ static u32 write_results(void) { @@ -139,8 +135,8 @@ static u32 write_results(void) { s32 fd; u32 i, ret = 0; - u8 cco = !!getenv("AFL_CMIN_CRASHES_ONLY"), - caa = !!getenv("AFL_CMIN_ALLOW_ANY"); + u8 cco = !!getenv("AFL_CMIN_CRASHES_ONLY"), + caa = !!getenv("AFL_CMIN_ALLOW_ANY"); if (!strncmp(out_file, "/dev/", 5)) { @@ -154,7 +150,7 @@ static u32 write_results(void) { } else { - unlink(out_file); /* Ignore errors */ + unlink(out_file); /* Ignore errors */ fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); if (fd < 0) PFATAL("Unable to create '%s'", out_file); @@ -164,7 +160,7 @@ static u32 write_results(void) { for (i = 0; i < MAP_SIZE; i++) if (trace_bits[i]) ret++; - + ck_write(fd, trace_bits, MAP_SIZE, out_file); close(fd); @@ -178,10 +174,9 @@ static u32 write_results(void) { if (!trace_bits[i]) continue; ret++; - + total += trace_bits[i]; - if (highest < trace_bits[i]) - highest = trace_bits[i]; + if (highest < trace_bits[i]) highest = trace_bits[i]; if (cmin_mode) { @@ -190,10 +185,12 @@ static u32 write_results(void) { fprintf(f, "%u%u\n", trace_bits[i], i); - } else fprintf(f, "%06u:%u\n", i, trace_bits[i]); + } else + + fprintf(f, "%06u:%u\n", i, trace_bits[i]); } - + fclose(f); } @@ -202,7 +199,6 @@ static u32 write_results(void) { } - /* Handle timeout signal. */ static void handle_timeout(int sig) { @@ -212,16 +208,14 @@ static void handle_timeout(int sig) { } - /* Execute target application. */ static void run_target(char** argv) { static struct itimerval it; - int status = 0; + int status = 0; - if (!quiet_mode) - SAYF("-- Program output begins --\n" cRST); + if (!quiet_mode) SAYF("-- Program output begins --\n" cRST); MEM_BARRIER(); @@ -238,8 +232,10 @@ static void run_target(char** argv) { s32 fd = open("/dev/null", O_RDWR); if (fd < 0 || dup2(fd, 1) < 0 || dup2(fd, 2) < 0) { + *(u32*)trace_bits = EXEC_FAIL_SIG; PFATAL("Descriptor initialization failed"); + } close(fd); @@ -252,20 +248,22 @@ static void run_target(char** argv) { #ifdef RLIMIT_AS - setrlimit(RLIMIT_AS, &r); /* Ignore errors */ + setrlimit(RLIMIT_AS, &r); /* Ignore errors */ #else - setrlimit(RLIMIT_DATA, &r); /* Ignore errors */ + setrlimit(RLIMIT_DATA, &r); /* Ignore errors */ #endif /* ^RLIMIT_AS */ } - if (!keep_cores) r.rlim_max = r.rlim_cur = 0; - else r.rlim_max = r.rlim_cur = RLIM_INFINITY; + if (!keep_cores) + r.rlim_max = r.rlim_cur = 0; + else + r.rlim_max = r.rlim_cur = RLIM_INFINITY; - setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ + setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ if (!getenv("LD_BIND_LAZY")) setenv("LD_BIND_NOW", "1", 0); @@ -304,14 +302,12 @@ static void run_target(char** argv) { if (*(u32*)trace_bits == EXEC_FAIL_SIG) FATAL("Unable to execute '%s'", argv[0]); - classify_counts(trace_bits, binary_mode ? - count_class_binary : count_class_human); + classify_counts(trace_bits, + binary_mode ? count_class_binary : count_class_human); - if (!quiet_mode) - SAYF(cRST "-- Program output ends --\n"); + if (!quiet_mode) SAYF(cRST "-- Program output ends --\n"); - if (!child_timed_out && !stop_soon && WIFSIGNALED(status)) - child_crashed = 1; + if (!child_timed_out && !stop_soon && WIFSIGNALED(status)) child_crashed = 1; if (!quiet_mode) { @@ -320,14 +316,13 @@ static void run_target(char** argv) { else if (stop_soon) SAYF(cLRD "\n+++ Program aborted by user +++\n" cRST); else if (child_crashed) - SAYF(cLRD "\n+++ Program killed by signal %u +++\n" cRST, WTERMSIG(status)); + SAYF(cLRD "\n+++ Program killed by signal %u +++\n" cRST, + WTERMSIG(status)); } - } - /* Handle Ctrl-C and the like. */ static void handle_stop_sig(int sig) { @@ -338,15 +333,16 @@ static void handle_stop_sig(int sig) { } - /* Do basic preparations - persistent fds, filenames, etc. */ static void set_up_environment(void) { - setenv("ASAN_OPTIONS", "abort_on_error=1:" - "detect_leaks=0:" - "symbolize=0:" - "allocator_may_return_null=1", 0); + setenv("ASAN_OPTIONS", + "abort_on_error=1:" + "detect_leaks=0:" + "symbolize=0:" + "allocator_may_return_null=1", + 0); setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":" "symbolize=0:" @@ -355,21 +351,22 @@ static void set_up_environment(void) { "msan_track_origins=0", 0); if (getenv("AFL_PRELOAD")) { + setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1); + } } - /* Setup signal handlers, duh. */ static void setup_signal_handlers(void) { struct sigaction sa; - sa.sa_handler = NULL; - sa.sa_flags = SA_RESTART; + sa.sa_handler = NULL; + sa.sa_flags = SA_RESTART; sa.sa_sigaction = NULL; sigemptyset(&sa.sa_mask); @@ -388,7 +385,6 @@ static void setup_signal_handlers(void) { } - /* Show banner. */ static void show_banner(void) { @@ -403,42 +399,43 @@ static void usage(u8* argv0) { show_banner(); - SAYF("\n%s [ options ] -- /path/to/target_app [ ... ]\n\n" + SAYF( + "\n%s [ options ] -- /path/to/target_app [ ... ]\n\n" - "Required parameters:\n\n" + "Required parameters:\n\n" - " -o file - file to write the trace data to\n\n" + " -o file - file to write the trace data to\n\n" - "Execution control settings:\n\n" + "Execution control settings:\n\n" - " -t msec - timeout for each run (none)\n" - " -m megs - memory limit for child process (%d MB)\n" - " -Q - use binary-only instrumentation (QEMU mode)\n" - " -U - use Unicorn-based instrumentation (Unicorn mode)\n" - " (Not necessary, here for consistency with other afl-* tools)\n\n" + " -t msec - timeout for each run (none)\n" + " -m megs - memory limit for child process (%d MB)\n" + " -Q - use binary-only instrumentation (QEMU mode)\n" + " -U - use Unicorn-based instrumentation (Unicorn mode)\n" + " (Not necessary, here for consistency with other afl-* " + "tools)\n\n" - "Other settings:\n\n" + "Other settings:\n\n" - " -q - sink program's output and don't show messages\n" - " -e - show edge coverage only, ignore hit counts\n" - " -r - show real tuple values instead of AFL filter values\n" - " -c - allow core dumps\n\n" + " -q - sink program's output and don't show messages\n" + " -e - show edge coverage only, ignore hit counts\n" + " -r - show real tuple values instead of AFL filter values\n" + " -c - allow core dumps\n\n" - "This tool displays raw tuple data captured by AFL instrumentation.\n" - "For additional help, consult %s/README.\n\n" cRST, + "This tool displays raw tuple data captured by AFL instrumentation.\n" + "For additional help, consult %s/README.\n\n" cRST, - argv0, MEM_LIMIT, doc_path); + argv0, MEM_LIMIT, doc_path); exit(1); } - /* Find binary. */ static void find_binary(u8* fname) { - u8* env_path = 0; + u8* env_path = 0; struct stat st; if (strchr(fname, '/') || !(env_path = getenv("PATH"))) { @@ -461,7 +458,9 @@ static void find_binary(u8* fname) { memcpy(cur_elem, env_path, delim - env_path); delim++; - } else cur_elem = ck_strdup(env_path); + } else + + cur_elem = ck_strdup(env_path); env_path = delim; @@ -473,7 +472,8 @@ static void find_binary(u8* fname) { ck_free(cur_elem); if (!stat(target_path, &st) && S_ISREG(st.st_mode) && - (st.st_mode & 0111) && st.st_size >= 4) break; + (st.st_mode & 0111) && st.st_size >= 4) + break; ck_free(target_path); target_path = 0; @@ -486,13 +486,12 @@ static void find_binary(u8* fname) { } - /* Fix up argv for QEMU. */ static char** get_qemu_argv(u8* own_loc, char** argv, int argc) { char** new_argv = ck_alloc(sizeof(char*) * (argc + 4)); - u8 *tmp, *cp, *rsl, *own_copy; + u8 * tmp, *cp, *rsl, *own_copy; memcpy(new_argv + 3, argv + 1, sizeof(char*) * argc); @@ -507,8 +506,7 @@ static char** get_qemu_argv(u8* own_loc, char** argv, int argc) { cp = alloc_printf("%s/afl-qemu-trace", tmp); - if (access(cp, X_OK)) - FATAL("Unable to find '%s'", tmp); + if (access(cp, X_OK)) FATAL("Unable to find '%s'", tmp); target_path = new_argv[0] = cp; return new_argv; @@ -532,7 +530,9 @@ static char** get_qemu_argv(u8* own_loc, char** argv, int argc) { } - } else ck_free(own_copy); + } else + + ck_free(own_copy); if (!access(BIN_PATH "/afl-qemu-trace", X_OK)) { @@ -556,7 +556,7 @@ int main(int argc, char** argv) { doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQUbcr")) > 0) + while ((opt = getopt(argc, argv, "+o:m:t:A:eqZQUbcr")) > 0) switch (opt) { @@ -568,40 +568,41 @@ int main(int argc, char** argv) { case 'm': { - u8 suffix = 'M'; + u8 suffix = 'M'; - if (mem_limit_given) FATAL("Multiple -m options not supported"); - mem_limit_given = 1; + if (mem_limit_given) FATAL("Multiple -m options not supported"); + mem_limit_given = 1; - if (!strcmp(optarg, "none")) { + if (!strcmp(optarg, "none")) { - mem_limit = 0; - break; + mem_limit = 0; + break; - } + } - if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 || - optarg[0] == '-') FATAL("Bad syntax used for -m"); + if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 || + optarg[0] == '-') + FATAL("Bad syntax used for -m"); - switch (suffix) { + switch (suffix) { - case 'T': mem_limit *= 1024 * 1024; break; - case 'G': mem_limit *= 1024; break; - case 'k': mem_limit /= 1024; break; - case 'M': break; + case 'T': mem_limit *= 1024 * 1024; break; + case 'G': mem_limit *= 1024; break; + case 'k': mem_limit /= 1024; break; + case 'M': break; - default: FATAL("Unsupported suffix or bad syntax for -m"); + default: FATAL("Unsupported suffix or bad syntax for -m"); - } + } - if (mem_limit < 5) FATAL("Dangerously low value of -m"); + if (mem_limit < 5) FATAL("Dangerously low value of -m"); - if (sizeof(rlim_t) == 4 && mem_limit > 2000) - FATAL("Value of -m out of range on 32-bit systems"); + if (sizeof(rlim_t) == 4 && mem_limit > 2000) + FATAL("Value of -m out of range on 32-bit systems"); - } + } - break; + break; case 't': @@ -609,6 +610,7 @@ int main(int argc, char** argv) { timeout_given = 1; if (strcmp(optarg, "none")) { + exec_tmout = atoi(optarg); if (exec_tmout < 20 || optarg[0] == '-') @@ -636,7 +638,7 @@ int main(int argc, char** argv) { /* This is an undocumented option to write data in the syntax expected by afl-cmin. Nobody else should have any use for this. */ - cmin_mode = 1; + cmin_mode = 1; quiet_mode = 1; break; @@ -675,7 +677,7 @@ int main(int argc, char** argv) { if (keep_cores) FATAL("Multiple -c options not supported"); keep_cores = 1; break; - + case 'r': if (raw_instr_output) FATAL("Multiple -r options not supported"); @@ -683,9 +685,7 @@ int main(int argc, char** argv) { raw_instr_output = 1; break; - default: - - usage(argv[0]); + default: usage(argv[0]); } @@ -699,8 +699,10 @@ int main(int argc, char** argv) { find_binary(argv[optind]); if (!quiet_mode) { + show_banner(); ACTF("Executing '%s'...\n", target_path); + } detect_file_args(argv + optind, at_file); @@ -717,7 +719,8 @@ int main(int argc, char** argv) { if (!quiet_mode) { if (!tcnt) FATAL("No instrumentation detected" cRST); - OKF("Captured %u tuples (highest value %u, total values %u) in '%s'." cRST, tcnt, highest, total, out_file); + OKF("Captured %u tuples (highest value %u, total values %u) in '%s'." cRST, + tcnt, highest, total, out_file); } |