diff options
| author | van Hauser <vh@thc.org> | 2020-08-11 15:10:18 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-08-11 15:10:18 +0200 |
| commit | 457f627101c08b885e9edfd8b491b5be198b6f14 (patch) | |
| tree | f9ae886496cb3ee948781e5bc82d29441a999c75 /src | |
| parent | 4f695b6f4c3ced165703363904e42492fca82112 (diff) | |
| download | afl++-457f627101c08b885e9edfd8b491b5be198b6f14.tar.gz | |
move taint_mode var
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-forkserver.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-one.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 3 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 30 |
6 files changed, 24 insertions, 21 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index adb75a2d..56475320 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -497,7 +497,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, char pid_buf[16]; sprintf(pid_buf, "%d", fsrv->fsrv_pid); - if (fsrv->qemu_mode == 2) { + if (fsrv->taint_mode) { setenv("__AFL_TARGET_PID3", pid_buf, 1); diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 432e0649..669bd65a 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -961,7 +961,7 @@ void perform_dry_run(afl_state_t *afl) { } /* perform taint gathering on the input seed */ - if (afl->fsrv.taint_mode) + if (afl->taint_mode) perform_taint_run(afl, q, q->fname, use_mem, q->len); q = q->next; @@ -1502,7 +1502,7 @@ static void handle_existing_out_dir(afl_state_t *afl) { if (delete_files(fn, CASE_PREFIX)) { goto dir_cleanup_failed; } ck_free(fn); - if (afl->fsrv.taint_mode) { + if (afl->taint_mode) { fn = alloc_printf("%s/taint", afl->out_dir); mkdir(fn, 0755); // ignore errors @@ -1745,7 +1745,7 @@ void setup_dirs_fds(afl_state_t *afl) { /* Taint directory if taint_mode. */ - if (afl->fsrv.taint_mode) { + if (afl->taint_mode) { tmp = alloc_printf("%s/taint", afl->out_dir); if (mkdir(tmp, 0700)) { PFATAL("Unable to create '%s'", tmp); } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 4b2fd90a..69f885ca 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -460,7 +460,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 tmp_val = 0; - if (unlikely(afl->fsrv.taint_mode)) { + if (unlikely(afl->taint_mode)) { tmp_val = afl->queue_cycle % 2; ret_val = 0; diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index b56e10f8..bb44e465 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -220,6 +220,7 @@ void perform_taint_run(afl_state_t *afl, struct queue_entry *q, u8 *fname, } else { + FATAL("count not create '%s'", fnw); q->taint_bytes_new = 0; } @@ -419,7 +420,7 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u8 *mem, u32 len, afl->last_path_time = get_cur_time(); /* trigger the tain gathering if this is not a dry run */ - if (afl->fsrv.taint_mode && mem) { + if (afl->taint_mode && mem) { perform_taint_run(afl, q, fname, mem, len); diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 058f8c2d..5f928333 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -349,7 +349,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, } - if (unlikely(afl->fsrv.taint_mode)) + if (unlikely(afl->taint_mode)) q->exec_cksum = 0; else if (q->exec_cksum) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index e6238366..bead2ed9 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -288,7 +288,7 @@ int main(int argc, char **argv_orig, char **envp) { switch (opt) { case 'A': - afl->fsrv.taint_mode = 1; + afl->taint_mode = 1; if (!mem_limit_given) { afl->fsrv.mem_limit = MEM_LIMIT_QEMU; } break; @@ -829,10 +829,10 @@ int main(int argc, char **argv_orig, char **envp) { } - if (afl->fsrv.taint_mode && afl->fsrv.map_size < MAX_FILE) { + if (afl->taint_mode && afl->fsrv.map_size < MAX_FILE) { real_map_size = map_size; - map_size = afl->fsrv.map_size = afl->shm.map_size = MAX_FILE; + map_size = MAX_FILE; } @@ -891,9 +891,12 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->crash_mode) { FATAL("-C and -n are mutually exclusive"); } if (afl->fsrv.qemu_mode) { FATAL("-Q and -n are mutually exclusive"); } if (afl->unicorn_mode) { FATAL("-U and -n are mutually exclusive"); } - if (afl->fsrv.taint_mode) { FATAL("-A and -n are mutually exclusive"); } + if (afl->taint_mode) { FATAL("-A and -n are mutually exclusive"); } } + + if (afl->limit_time_sig != 0 && afl->taint_mode) { FATAL("-A and -L are mutually exclusive"); } + if (afl->unicorn_mode != 0 && afl->taint_mode) { FATAL("-A and -U are mutually exclusive"); } if (get_afl_env("AFL_DISABLE_TRIM")) { afl->disable_trim = 1; } @@ -992,7 +995,7 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->afl_env.afl_preload) { - if (afl->fsrv.qemu_mode || afl->fsrv.taint_mode) { + if (afl->fsrv.qemu_mode || afl->taint_mode) { u8 *qemu_preload = getenv("QEMU_SET_ENV"); u8 *afl_preload = getenv("AFL_PRELOAD"); @@ -1088,17 +1091,17 @@ int main(int argc, char **argv_orig, char **envp) { afl->fsrv.trace_bits = afl_shm_init(&afl->shm, afl->fsrv.map_size, afl->non_instrumented_mode); - if (!afl->in_bitmap) { memset(afl->virgin_bits, 255, afl->fsrv.map_size); } - memset(afl->virgin_tmout, 255, afl->fsrv.map_size); - memset(afl->virgin_crash, 255, afl->fsrv.map_size); - - if (map_size != real_map_size) { + if (real_map_size && map_size != real_map_size) { afl->fsrv.map_size = real_map_size; if (afl->cmplog_binary) afl->cmplog_fsrv.map_size = real_map_size; } + if (!afl->in_bitmap) { memset(afl->virgin_bits, 255, afl->fsrv.map_size); } + memset(afl->virgin_tmout, 255, afl->fsrv.map_size); + memset(afl->virgin_crash, 255, afl->fsrv.map_size); + init_count_class16(); if (afl->is_main_node && check_main_node_exists(afl) == 1) { @@ -1260,7 +1263,7 @@ int main(int argc, char **argv_orig, char **envp) { } - if (afl->fsrv.taint_mode) { + if (afl->taint_mode) { ACTF("Spawning qemu_taint forkserver"); @@ -1268,7 +1271,6 @@ int main(int argc, char **argv_orig, char **envp) { setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); afl_fsrv_init_dup(&afl->taint_fsrv, &afl->fsrv); - afl->taint_fsrv.qemu_mode = 2; afl->taint_fsrv.taint_mode = 1; afl->taint_fsrv.trace_bits = afl->fsrv.trace_bits; @@ -1399,7 +1401,7 @@ int main(int argc, char **argv_orig, char **envp) { break; case 1: if (afl->limit_time_sig == 0 && !afl->custom_only && - !afl->python_only && !afl->fsrv.taint_mode) { + !afl->python_only && !afl->taint_mode) { afl->limit_time_sig = -1; afl->limit_time_puppet = 0; @@ -1588,7 +1590,7 @@ stop_fuzzing: } if (afl->cmplog_binary) afl_fsrv_deinit(&afl->cmplog_fsrv); - if (afl->fsrv.taint_mode) afl_fsrv_deinit(&afl->taint_fsrv); + if (afl->taint_mode) afl_fsrv_deinit(&afl->taint_fsrv); afl_fsrv_deinit(&afl->fsrv); if (afl->orig_cmdline) { ck_free(afl->orig_cmdline); } if (afl->argv_taint) { ck_free(afl->argv_taint); } |