replay mode support

author: Davide Quarta <quarta@qti.qualcomm.com> 2024-01-23 19:36:49 +0100
committer: Davide Quarta <quarta@qti.qualcomm.com> 2024-01-23 19:36:49 +0100
commit: 8fedf4998449d5b6b909a1118fc2e152e4d2e6e7 (patch)
tree: 71c8d03f94c006f952be8522f8403fe0fca273c7 /src
parent: b99bbf671b7469a5aad29898fe28489004c4cbe7 (diff)
download: afl++-8fedf4998449d5b6b909a1118fc2e152e4d2e6e7.tar.gz
3 files changed, 57 insertions, 30 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 3f9bfa72..f8dd783f 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -1591,6 +1591,11 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
   u32 exec_ms;
   u32 write_value = fsrv->last_run_timed_out;
 
+#ifdef AFL_PERSISTENT_RECORD
+  fsrv_run_result_t retval = FSRV_RUN_OK;
+  char *persistent_out_fmt;
+#endif
+
 #ifdef __linux__
   if (fsrv->nyx_mode) {
 
@@ -1684,7 +1689,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
 
   }
 
-#ifdef AFL_PERSISTENT_RECORD
+#ifdef AFL_eERSISTENT_RECORD
   // end of persistent loop?
   if (unlikely(fsrv->persistent_record &&
                fsrv->persistent_record_pid != fsrv->child_pid)) {
@@ -1790,8 +1795,14 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
   if (unlikely(fsrv->last_run_timed_out)) {
 
     fsrv->last_kill_signal = fsrv->child_kill_signal;
-    return FSRV_RUN_TMOUT;
 
+#ifndef AFL_PERSISTENT_RECORD
+    return FSRV_RUN_TMOUT;
+#else
+    retval = FSRV_RUN_TMOUT;
+    persistent_out_fmt = "%s/hangs/RECORD:%06u,cnt:%06u";
+    goto store_persistent_record;
+#endif
   }
 
   /* Did we crash?
@@ -1811,48 +1822,58 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
           (fsrv->uses_crash_exitcode &&
            WEXITSTATUS(fsrv->child_status) == fsrv->crash_exitcode))) {
 
-#ifdef AFL_PERSISTENT_RECORD
-    if (unlikely(fsrv->persistent_record)) {
+    /* For a proper crash, set last_kill_signal to WTERMSIG, else set it to 0 */
+    fsrv->last_kill_signal =
+        WIFSIGNALED(fsrv->child_status) ? WTERMSIG(fsrv->child_status) : 0;
 
-      char fn[PATH_MAX];
-      u32  i, writecnt = 0;
-      for (i = 0; i < fsrv->persistent_record; ++i) {
+#ifndef AFL_PERSISTENT_RECORD
+    return FSRV_RUN_CRASH;
+#else
+    retval = FSRV_RUN_CRASH;
+    persistent_out_fmt = "%s/crashes/RECORD:%06u,cnt:%06u";
+    goto store_persistent_record;
+#endif
 
-        u32 entry = (i + fsrv->persistent_record_idx) % fsrv->persistent_record;
-        u8 *data = fsrv->persistent_record_data[entry];
-        u32 len = fsrv->persistent_record_len[entry];
-        if (likely(len && data)) {
+  }
 
-          snprintf(fn, sizeof(fn), "%s/RECORD:%06u,cnt:%06u",
-                   fsrv->persistent_record_dir, fsrv->persistent_record_cnt,
-                   writecnt++);
-          int fd = open(fn, O_CREAT | O_TRUNC | O_WRONLY, 0644);
-          if (fd >= 0) {
+  /* success :) */
+  return FSRV_RUN_OK;
+
+#ifdef AFL_PERSISTENT_RECORD
+store_persistent_record:
+  if (unlikely(retval == FSRV_RUN_CRASH || retval == FSRV_RUN_TMOUT)  &&
+      unlikely(fsrv->persistent_record)) {
 
-            ck_write(fd, data, len, fn);
-            close(fd);
+    char fn[PATH_MAX];
+    u32  i, writecnt = 0;
+    for (i = 0; i < fsrv->persistent_record; ++i) {
 
-          }
+      u32 entry = (i + fsrv->persistent_record_idx) % fsrv->persistent_record;
+      u8 *data = fsrv->persistent_record_data[entry];
+      u32 len = fsrv->persistent_record_len[entry];
+      if (likely(len && data)) {
+
+        snprintf(fn, sizeof(fn), persistent_out_fmt,
+                 fsrv->persistent_record_dir, fsrv->persistent_record_cnt,
+                 writecnt++);
+        int fd = open(fn, O_CREAT | O_TRUNC | O_WRONLY, 0644);
+        if (fd >= 0) {
+
+          ck_write(fd, data, len, fn);
+          close(fd);
 
         }
 
       }
 
-      ++fsrv->persistent_record_cnt;
-
     }
 
-#endif
-
-    /* For a proper crash, set last_kill_signal to WTERMSIG, else set it to 0 */
-    fsrv->last_kill_signal =
-        WIFSIGNALED(fsrv->child_status) ? WTERMSIG(fsrv->child_status) : 0;
-    return FSRV_RUN_CRASH;
+    ++fsrv->persistent_record_cnt;
 
   }
 
-  /* success :) */
-  return FSRV_RUN_OK;
+  return retval;
+#endif
 
 }
 
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 35932913..5b7dc4c1 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1915,6 +1915,9 @@ static void handle_existing_out_dir(afl_state_t *afl) {
 
   }
 
+#ifdef AFL_PERSISTENT_RECORD
+  delete_files(fn, RECORD_PREFIX);
+#endif
   if (delete_files(fn, CASE_PREFIX)) { goto dir_cleanup_failed; }
   ck_free(fn);
 
@@ -1947,6 +1950,9 @@ static void handle_existing_out_dir(afl_state_t *afl) {
 
   }
 
+#ifdef AFL_PERSISTENT_RECORD
+  delete_files(fn, RECORD_PREFIX);
+#endif
   if (delete_files(fn, CASE_PREFIX)) { goto dir_cleanup_failed; }
   ck_free(fn);
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 17949fd7..40c30472 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -2163,7 +2163,7 @@ int main(int argc, char **argv_orig, char **envp) {
 
     }
 
-    afl->fsrv.persistent_record_dir = alloc_printf("%s/crashes", afl->out_dir);
+    afl->fsrv.persistent_record_dir = alloc_printf("%s", afl->out_dir);
 
   }
author	Davide Quarta <quarta@qti.qualcomm.com>	2024-01-23 19:36:49 +0100
committer	Davide Quarta <quarta@qti.qualcomm.com>	2024-01-23 19:36:49 +0100
commit	8fedf4998449d5b6b909a1118fc2e152e4d2e6e7 (patch)
tree	71c8d03f94c006f952be8522f8403fe0fca273c7 /src
parent	b99bbf671b7469a5aad29898fe28489004c4cbe7 (diff)
download	afl++-8fedf4998449d5b6b909a1118fc2e152e4d2e6e7.tar.gz