diff options
| author | van Hauser <vh@thc.org> | 2024-05-11 09:16:21 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-11 09:16:21 +0200 |
| commit | 90fbf59bf16f057e50132b81be759414787ce1a3 (patch) | |
| tree | e57ec2ff73da06776f6cf9c20eb907a8c5aebf05 /src | |
| parent | ad0d0c77fb313e6edfee111fecf2bcd16d8f915e (diff) | |
| parent | 93c7cbd49603c1a256caf3ab6e971c9f4e40bab4 (diff) | |
| download | afl++-90fbf59bf16f057e50132b81be759414787ce1a3.tar.gz | |
Merge pull request #2084 from AFLplusplus/dev
push to stable
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-cc.c | 10 | ||||
| -rw-r--r-- | src/afl-common.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 16 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 1 | ||||
| -rw-r--r-- | src/afl-fuzz-redqueen.c | 8 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 3 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 1 |
8 files changed, 41 insertions, 12 deletions
diff --git a/src/afl-cc.c b/src/afl-cc.c index 15a5bd8e..7acee8e4 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -525,7 +525,7 @@ void find_built_deps(aflcc_state_t *aflcc) { char *ptr = NULL; -#if defined(__x86_64__) +#if defined(__x86_64__) || defined(__i386__) if ((ptr = find_object(aflcc, "afl-as")) != NULL) { #ifndef __APPLE__ @@ -1911,7 +1911,13 @@ void add_sanitizers(aflcc_state_t *aflcc, char **envp) { } add_defs_fortify(aflcc, 0); - if (!aflcc->have_asan) { insert_param(aflcc, "-fsanitize=address"); } + if (!aflcc->have_asan) { + + insert_param(aflcc, "-fsanitize=address"); + insert_param(aflcc, "-fno-common"); + + } + aflcc->have_asan = 1; } else if (getenv("AFL_USE_MSAN") || aflcc->have_msan) { diff --git a/src/afl-common.c b/src/afl-common.c index d86b431b..9a27824d 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,9 +108,10 @@ void set_sanitizer_defaults() { u8 *have_lsan_options = getenv("LSAN_OPTIONS"); u8 have_san_options = 0; u8 default_options[1024] = - "detect_odr_violation=0:abort_on_error=1:symbolize=0:allocator_may_" - "return_null=1:handle_segv=0:handle_sigbus=0:handle_abort=0:handle_" - "sigfpe=0:handle_sigill=0:"; + "detect_odr_violation=0:abort_on_error=1:symbolize=0:" + "allocator_may_return_null=1:handle_segv=0:handle_sigbus=0:" + "handle_abort=0:handle_sigfpe=0:handle_sigill=0:" + "detect_stack_use_after_return=0:check_initialization_order=0:"; if (have_asan_options || have_ubsan_options || have_msan_options || have_lsan_options) { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 2d540eb1..01d0730d 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -577,6 +577,8 @@ void read_foreign_testcases(afl_state_t *afl, int first) { afl->stage_cur = 0; afl->stage_max = 0; + show_stats(afl); + for (i = 0; i < (u32)nl_cnt; ++i) { struct stat st; @@ -655,7 +657,12 @@ void read_foreign_testcases(afl_state_t *afl, int first) { munmap(mem, st.st_size); close(fd); - if (st.st_mtime > mtime_max) mtime_max = st.st_mtime; + if (st.st_mtime > mtime_max) { + + mtime_max = st.st_mtime; + show_stats(afl); + + } } @@ -933,10 +940,13 @@ void perform_dry_run(afl_state_t *afl) { res = calibrate_case(afl, q, use_mem, 0, 1); /* For AFLFast schedules we update the queue entry */ - if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE) && likely(q->exec_cksum)) { + if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE) && + likely(q->exec_cksum)) { + q->n_fuzz_entry = q->exec_cksum % N_FUZZ_SIZE; + } - + if (afl->stop_soon) { return; } if (res == afl->crash_mode || res == FSRV_RUN_NOBITS) { diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index df4e7d79..5987ad0c 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -370,6 +370,7 @@ void mark_as_redundant(afl_state_t *afl, struct queue_entry *q, u8 state) { s32 fd; + if (unlikely(afl->afl_env.afl_disable_redundant)) { q->disabled = 1; } fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); if (fd < 0) { PFATAL("Unable to create '%s'", fn); } close(fd); diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 100b0dd6..9316da71 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -2764,15 +2764,15 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, #ifdef _DEBUG u32 j; struct cmp_header *hh = &afl->orig_cmp_map->headers[key]; - fprintf(stderr, "RTN N hits=%u id=%u shape=%u attr=%u v0=", h->hits, h->id, - hshape, h->attribute); + fprintf(stderr, "RTN N hits=%u shape=%u attr=%u v0=", h->hits, hshape, + h->attribute); for (j = 0; j < 8; j++) fprintf(stderr, "%02x", o->v0[j]); fprintf(stderr, " v1="); for (j = 0; j < 8; j++) fprintf(stderr, "%02x", o->v1[j]); - fprintf(stderr, "\nRTN O hits=%u id=%u shape=%u attr=%u o0=", hh->hits, - hh->id, hshape, hh->attribute); + fprintf(stderr, "\nRTN O hits=%u shape=%u attr=%u o0=", hh->hits, hshape, + hh->attribute); for (j = 0; j < 8; j++) fprintf(stderr, "%02x", orig_o->v0[j]); fprintf(stderr, " o1="); diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index ab96c778..ed7cb4ce 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -771,6 +771,8 @@ void sync_fuzzers(afl_state_t *afl) { afl->stage_cur = 0; afl->stage_max = 0; + show_stats(afl); + /* For every file queued by this fuzzer, parse ID and see if we have looked at it before; exec a test case if not. */ @@ -830,6 +832,7 @@ void sync_fuzzers(afl_state_t *afl) { afl->syncing_party = sd_ent->d_name; afl->queued_imported += save_if_interesting(afl, mem, new_len, fault); + show_stats(afl); afl->syncing_party = 0; munmap(mem, st.st_size); diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index c21ae6be..543fdc1c 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -293,6 +293,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_cmplog_only_new = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_DISABLE_REDUNDANT", + + afl_environment_variable_len)) { + + afl->afl_env.afl_disable_redundant = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_NO_STARTUP_CALIBRATION", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 00d24ab1..329ce942 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -264,6 +264,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_CYCLE_SCHEDULES: after completing a cycle, switch to a different -p schedule\n" "AFL_DEBUG: extra debugging output for Python mode trimming\n" "AFL_DEBUG_CHILD: do not suppress stdout/stderr from target\n" + "AFL_DISABLE_REDUNDANT: disable any queue item that is redundant\n" "AFL_DISABLE_TRIM: disable the trimming of test cases\n" "AFL_DUMB_FORKSRV: use fork server without feedback from target\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" |