diff options
| author | van Hauser <vh@thc.org> | 2022-04-25 10:14:19 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-25 10:14:19 +0200 |
| commit | c7bb0a9638a8929a5b664f16032c23a55a84be70 (patch) | |
| tree | 2fb8cee9897c46a53e756e898de732c63f2a8842 /src | |
| parent | ac80678592ea4a790ab2eedccfec4e3bc9f96447 (diff) | |
| parent | ee409d18a6678c3f5948f51db8964148cae021dc (diff) | |
| download | afl++-c7bb0a9638a8929a5b664f16032c23a55a84be70.tar.gz | |
Merge pull request #1392 from AFLplusplus/dev
push to stable
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-cc.c | 23 | ||||
| -rw-r--r-- | src/afl-fuzz-bitmap.c | 40 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 2 |
4 files changed, 54 insertions, 18 deletions
diff --git a/src/afl-cc.c b/src/afl-cc.c index ffdda386..2667ae28 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -58,6 +58,7 @@ static u8 debug; static u8 cwd[4096]; static u8 cmplog_mode; u8 use_stdin; /* dummy */ +static int passthrough; // static u8 *march_opt = CFLAGS_OPT; enum { @@ -315,7 +316,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0, shared_linking = 0, preprocessor_only = 0, have_unroll = 0, have_o = 0, have_pic = 0, - have_c = 0, partial_linking = 0, wasm_linking = 0; + have_c = 0, partial_linking = 0; cc_params = ck_alloc((argc + 128) * sizeof(u8 *)); @@ -826,7 +827,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!strcmp(cur, "-E")) preprocessor_only = 1; if (!strcmp(cur, "-shared")) shared_linking = 1; if (!strcmp(cur, "-dynamiclib")) shared_linking = 1; - if (!strcmp(cur, "--target=wasm32-wasi")) wasm_linking = 1; + if (!strcmp(cur, "--target=wasm32-wasi")) passthrough = 1; if (!strcmp(cur, "-Wl,-r")) partial_linking = 1; if (!strcmp(cur, "-Wl,-i")) partial_linking = 1; if (!strcmp(cur, "-Wl,--relocatable")) partial_linking = 1; @@ -845,8 +846,8 @@ static void edit_params(u32 argc, char **argv, char **envp) { // e.g. compiled download or compiled from github then its ./lib directory // might not be in the search path. Add it if so. u8 *libdir = strdup(LLVM_LIBDIR); - if (plusplus_mode && !wasm_linking && strlen(libdir) && - strncmp(libdir, "/usr", 4) && strncmp(libdir, "/lib", 4)) { + if (plusplus_mode && strlen(libdir) && strncmp(libdir, "/usr", 4) && + strncmp(libdir, "/lib", 4)) { cc_params[cc_par_cnt++] = "-rpath"; cc_params[cc_par_cnt++] = libdir; @@ -1034,7 +1035,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-D__AFL_LOOP(_A)=" - "({ static volatile char *_B __attribute__((used)); " + "({ static volatile char *_B __attribute__((used,unused)); " " _B = (char*)\"" PERSIST_SIG "\"; " #ifdef __APPLE__ @@ -1048,7 +1049,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-D__AFL_INIT()=" - "do { static volatile char *_A __attribute__((used)); " + "do { static volatile char *_A __attribute__((used,unused)); " " _A = (char*)\"" DEFER_SIG "\"; " #ifdef __APPLE__ @@ -1093,7 +1094,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { switch (bit_mode) { case 0: - if (!shared_linking && !partial_linking && !wasm_linking) + if (!shared_linking && !partial_linking) cc_params[cc_par_cnt++] = alloc_printf("%s/afl-compiler-rt.o", obj_path); if (lto_mode) @@ -1102,7 +1103,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { break; case 32: - if (!shared_linking && !partial_linking && !wasm_linking) { + if (!shared_linking && !partial_linking) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-compiler-rt-32.o", obj_path); @@ -1123,7 +1124,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { break; case 64: - if (!shared_linking && !partial_linking && !wasm_linking) { + if (!shared_linking && !partial_linking) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-compiler-rt-64.o", obj_path); @@ -1146,7 +1147,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { } #if !defined(__APPLE__) && !defined(__sun) - if (!shared_linking && !partial_linking && !wasm_linking) + if (!shared_linking && !partial_linking) cc_params[cc_par_cnt++] = alloc_printf("-Wl,--dynamic-list=%s/dynamic_list.txt", obj_path); #endif @@ -1179,7 +1180,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { int main(int argc, char **argv, char **envp) { - int i, passthrough = 0; + int i; char *callname = argv[0], *ptr = NULL; if (getenv("AFL_DEBUG")) { diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index e4124bf5..7c2b35d6 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -292,6 +292,15 @@ void minimize_bits(afl_state_t *afl, u8 *dst, u8 *src) { u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) { + u8 is_timeout = 0; + + if (new_bits & 0xf0) { + + new_bits -= 0x80; + is_timeout = 1; + + } + size_t real_max_len = MIN(max_description_len, sizeof(afl->describe_op_buf_256)); u8 *ret = afl->describe_op_buf_256; @@ -325,6 +334,7 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) { ret[len_current] = '\0'; ssize_t size_left = real_max_len - len_current - strlen(",+cov") - 2; + if (is_timeout) { size_left -= strlen(",+tout"); } if (unlikely(size_left <= 0)) FATAL("filename got too long"); const char *custom_description = @@ -370,6 +380,8 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) { } + if (is_timeout) { strcat(ret, ",+tout"); } + if (new_bits == 2) { strcat(ret, ",+cov"); } if (unlikely(strlen(ret) >= max_description_len)) @@ -447,7 +459,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { u8 fn[PATH_MAX]; u8 *queue_fn = ""; - u8 new_bits = 0, keeping = 0, res, classified = 0; + u8 new_bits = 0, keeping = 0, res, classified = 0, is_timeout = 0; s32 fd; u64 cksum = 0; @@ -481,11 +493,14 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { classified = new_bits; + save_to_queue: + #ifndef SIMPLE_FILES - queue_fn = alloc_printf( - "%s/queue/id:%06u,%s", afl->out_dir, afl->queued_items, - describe_op(afl, new_bits, NAME_MAX - strlen("id:000000,"))); + queue_fn = + alloc_printf("%s/queue/id:%06u,%s", afl->out_dir, afl->queued_items, + describe_op(afl, new_bits + is_timeout, + NAME_MAX - strlen("id:000000,"))); #else @@ -596,7 +611,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { } - ++afl->saved_tmouts; + is_timeout = 0x80; #ifdef INTROSPECTION if (afl->custom_mutators_count && afl->current_custom_fuzz) { @@ -647,7 +662,20 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { } - if (afl->stop_soon || new_fault != FSRV_RUN_TMOUT) { return keeping; } + if (afl->stop_soon || new_fault != FSRV_RUN_TMOUT) { + + if (afl->afl_env.afl_keep_timeouts) { + + ++afl->saved_tmouts; + goto save_to_queue; + + } else { + + return keeping; + + } + + } } diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 5924dd7b..47e39762 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -222,6 +222,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_hang_tmout = (u8 *)get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_KEEP_TIMEOUTS", + + afl_environment_variable_len)) { + + afl->afl_env.afl_keep_timeouts = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_SKIP_BIN_CHECK", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 92243fbb..c5ab364a 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1650,7 +1650,7 @@ int main(int argc, char **argv_orig, char **envp) { } - OKF("Generating fuzz data with a a length of min=%u max=%u", afl->min_length, + OKF("Generating fuzz data with a length of min=%u max=%u", afl->min_length, afl->max_length); u32 min_alloc = MAX(64U, afl->min_length); afl_realloc(AFL_BUF_PARAM(in_scratch), min_alloc); |