diff options
| author | Dominik Maier <domenukk@gmail.com> | 2020-04-15 19:23:26 +0200 |
|---|---|---|
| committer | Dominik Maier <domenukk@gmail.com> | 2020-04-15 19:23:26 +0200 |
| commit | 0c02a8f4d31480c8459bc695ae655b69d02b98df (patch) | |
| tree | 1e01de3965be2bd32e784411aa318fb1cfefc543 /src | |
| parent | 48f7f7a17b8ac848e261cfc47800e1e6d7a51bcb (diff) | |
| download | afl++-0c02a8f4d31480c8459bc695ae655b69d02b98df.tar.gz | |
changed run_target
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-forkserver.c | 13 | ||||
| -rw-r--r-- | src/afl-fuzz-bitmap.c | 12 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 10 | ||||
| -rw-r--r-- | src/afl-showmap.c | 18 | ||||
| -rw-r--r-- | src/afl-tmin.c | 51 |
5 files changed, 52 insertions, 52 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index f0040617..89480b07 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -643,16 +643,16 @@ static void afl_fsrv_kill(afl_forkserver_t *fsrv) { /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ -fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, - volatile u8 * stop_soon_p) { +fsrv_run_result_t afl_fsrv_run_target( + afl_forkserver_t *fsrv, u32 timeout, + void(classify_counts_func)(afl_forkserver_t *fsrv), + volatile u8 *stop_soon_p) { s32 res; u32 exec_ms; int status = 0; - u32 timeout = fsrv->exec_tmout; - /* After this memset, fsrv->trace_bits[] are effectively volatile, so we must prevent any earlier operations from venturing into that territory. */ @@ -732,6 +732,9 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, behave very normally and do not have to be treated as volatile. */ MEM_BARRIER(); + u32 tb4 = *(u32 *)fsrv->trace_bits; + + if (likely(classify_counts_func)) classify_counts_func(fsrv); /* Report outcome to caller. */ @@ -756,7 +759,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, } - if ((*(u32 *)fsrv->trace_bits) == EXEC_FAIL_SIG) return FSRV_RUN_NOINST; + if (tb4 == EXEC_FAIL_SIG) return FSRV_RUN_ERROR; return FSRV_RUN_OK; diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 298a6207..c5cede4d 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -351,9 +351,11 @@ void init_count_class16(void) { #ifdef WORD_SIZE_64 -void classify_counts(afl_state_t *afl, u64 *mem) { +void classify_counts(afl_forkserver_t *fsrv) { - u32 i = (afl->fsrv.map_size >> 3); + u32 *mem = (u32 *)fsrv->trace_bits; + + u32 i = (fsrv->map_size >> 3); if (i == 0) i = 1; @@ -380,9 +382,11 @@ void classify_counts(afl_state_t *afl, u64 *mem) { #else -void classify_counts(afl_state_t *afl, u32 *mem) { +void classify_counts(afl_forkserver_t *fsrv) { - u32 i = (afl->fsrv.map_size >> 2); + u64 *mem = (u64 *)fsrv->trace_bits; + + u32 i = (fsrv->map_size >> 2); if (i == 0) i = 1; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 370a7734..c3ed59ef 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -35,15 +35,7 @@ fsrv_run_result_t run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { - fsrv_run_result_t res = afl_fsrv_run_target(&afl->fsrv, &afl->stop_soon); - -#ifdef WORD_SIZE_64 - classify_counts(afl, (u64 *)fsrv->trace_bits); -#else - classify_counts(afl, (u32 *)fsrv->trace_bits); -#endif /* ^WORD_SIZE_64 */ - - return res; + return afl_fsrv_run_target(fsrv, timeout, classify_counts, &afl->stop_soon); } diff --git a/src/afl-showmap.c b/src/afl-showmap.c index fa799bf9..2326d469 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -106,7 +106,10 @@ static const u8 count_class_binary[256] = { }; -static void classify_counts(u8 *mem, const u8 *map) { +static void classify_counts(afl_forkserver_t *fsrv) { + + u8 * mem = fsrv->trace_bits; + const u8 *map = binary_mode ? count_class_binary : count_class_human; u32 i = MAP_SIZE; @@ -240,12 +243,12 @@ void run_target_forkserver(afl_forkserver_t *fsrv, char **argv, u8 *mem, write_to_testcase(fsrv, mem, len); - fsrv_run_result_t res = afl_fsrv_run_target(fsrv, &stop_soon); - if (res == FSRV_RUN_NOINST || res == FSRV_RUN_ERROR) + if (afl_fsrv_run_target(fsrv, fsrv->exec_tmout, classify_counts, + &stop_soon) == FSRV_RUN_ERROR) { + FATAL("Error running target"); - classify_counts(fsrv->trace_bits, - binary_mode ? count_class_binary : count_class_human); + } if (stop_soon) { @@ -375,8 +378,7 @@ static void run_target(afl_forkserver_t *fsrv, char **argv) { if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG) FATAL("Unable to execute '%s'", argv[0]); - classify_counts(fsrv->trace_bits, - binary_mode ? count_class_binary : count_class_human); + classify_counts(fsrv); if (!quiet_mode) SAYF(cRST "-- Program output ends --\n"); @@ -587,7 +589,7 @@ static void find_binary(afl_forkserver_t *fsrv, u8 *fname) { break; ck_free(fsrv->target_path); - fsrv->target_path = 0; + fsrv->target_path = NULL; } diff --git a/src/afl-tmin.c b/src/afl-tmin.c index c994c2de..84e9a498 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -100,8 +100,29 @@ static const u8 count_class_lookup[256] = { }; -static void classify_counts(u8 *mem) { +/* Apply mask to classified bitmap (if set). */ + +static void apply_mask(u32 *mem, u32 *mask) { + + u32 i = (MAP_SIZE >> 2); + + if (!mask) return; + + while (i--) { + + *mem &= ~*mask; + mem++; + mask++; + + } +} + +static void classify_counts(afl_forkserver_t *fsrv) { + + if (hang_mode) return; /* We only want hangs */ + + u8 *mem = fsrv->trace_bits; u32 i = MAP_SIZE; if (edges_only) { @@ -124,23 +145,7 @@ static void classify_counts(u8 *mem) { } -} - -/* Apply mask to classified bitmap (if set). */ - -static void apply_mask(u32 *mem, u32 *mask) { - - u32 i = (MAP_SIZE >> 2); - - if (!mask) return; - - while (i--) { - - *mem &= ~*mask; - mem++; - mask++; - - } + apply_mask((u32 *)fsrv->trace_bits, (u32 *)mask_bitmap); } @@ -250,17 +255,11 @@ static u8 run_target(afl_forkserver_t *fsrv, char **argv, u8 *mem, u32 len, write_to_testcase(fsrv, mem, len); - fsrv_run_result_t ret = afl_fsrv_run_target(fsrv, &stop_soon); + fsrv_run_result_t ret = + afl_fsrv_run_target(fsrv, fsrv->exec_tmout, classify_counts, &stop_soon); if (ret == FSRV_RUN_ERROR) FATAL("Couldn't run child"); - if (!hang_mode) { - - classify_counts(fsrv->trace_bits); - apply_mask((u32 *)fsrv->trace_bits, (u32 *)mask_bitmap); - - } - if (stop_soon) { SAYF(cRST cLRD "\n+++ Minimization aborted by user +++\n" cRST); |