diff options
| author | vanhauser-thc <vh@thc.org> | 2021-08-12 14:32:44 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-08-12 14:32:44 +0200 |
| commit | c775f40ebf935ec85619fa3903af7a20a38baf98 (patch) | |
| tree | 6ef9d3b6151a504686ca07d8a6e76c0a7e0e5c8e /src | |
| parent | 3c0e8528e3430afef8f1593595917373f0d04c8b (diff) | |
| download | afl++-c775f40ebf935ec85619fa3903af7a20a38baf98.tar.gz | |
AFL_IGNORE_PROBLEMS + library checks and documentation
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz-state.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 14 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 1 |
3 files changed, 22 insertions, 0 deletions
diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index b832c11e..24ccc108 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -267,6 +267,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_force_ui = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_IGNORE_PROBLEMS", + + afl_environment_variable_len)) { + + afl->afl_env.afl_ignore_problems = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", afl_environment_variable_len)) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index ead65b1d..a9deb22d 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -534,6 +534,20 @@ void show_stats(afl_state_t *afl) { t_bytes = count_non_255_bytes(afl, afl->virgin_bits); t_byte_ratio = ((double)t_bytes * 100) / afl->fsrv.real_map_size; + if (unlikely(t_bytes > afl->fsrv.real_map_size)) { + + if (unlikely(!afl->afl_env.afl_ignore_problems)) { + + FATAL( + "Incorrect fuzzing setup detected. Your target seems to have loaded " + "incorrectly instrumented shared libraries. If you use LTO mode " + "please see instrumentation/README.lto.md. To ignore this problem " + "and continue fuzzing just set 'AFL_IGNORE_PROBLEMS=1'.\n"); + + } + + } + if (likely(t_bytes) && unlikely(afl->var_byte_count)) { stab_ratio = 100 - (((double)afl->var_byte_count * 100) / t_bytes); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9b9e01a4..8ffc0e77 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -216,6 +216,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_HANG_TMOUT: override timeout value (in milliseconds)\n" "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: don't warn about core dump handlers\n" "AFL_IGNORE_UNKNOWN_ENVS: don't warn on unknown env vars\n" + "AFL_IGNORE_PROBLEMS: do not abort fuzzing if an incorrect setup is detected during a run\n" "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n" "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n" |