diff options
| author | van Hauser <vh@thc.org> | 2023-03-17 12:47:33 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-03-17 12:47:33 +0100 |
| commit | 24503fba5fd2580559223ec3c6ee408dfa15e080 (patch) | |
| tree | 95826d4a61f3c423d0e70eb7f1da568dc793204b /utils/aflpp_driver | |
| parent | 2ff0ff7a903c57f9df5ed1e97370c187ec45a31e (diff) | |
| parent | d80cedcf02f56351bb08e7520ddcd76b0ff3f84e (diff) | |
| download | afl++-24503fba5fd2580559223ec3c6ee408dfa15e080.tar.gz | |
Merge pull request #1668 from AFLplusplus/dev
push to stable
Diffstat (limited to 'utils/aflpp_driver')
| -rw-r--r-- | utils/aflpp_driver/aflpp_driver.c | 13 | ||||
| -rw-r--r-- | utils/aflpp_driver/aflpp_driver_test.c | 13 |
2 files changed, 20 insertions, 6 deletions
diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index 03376b6a..f08c9864 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -58,10 +58,15 @@ $AFL_HOME/afl-fuzz -i IN -o OUT ./a.out #include "hash.h" #endif +// AFL++ shared memory fuzz cases int __afl_sharedmem_fuzzing = 1; extern unsigned int *__afl_fuzz_len; extern unsigned char *__afl_fuzz_ptr; +// AFL++ coverage map +extern unsigned char *__afl_area_ptr; +extern unsigned int __afl_map_size; + // libFuzzer interface is thin, so we don't include any libFuzzer headers. __attribute__((weak)) int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); @@ -375,7 +380,13 @@ int LLVMFuzzerRunDriver(int *argcp, char ***argvp, } prev_length = length; - (void)callback(__afl_fuzz_ptr, length); + + if (unlikely(callback(__afl_fuzz_ptr, length) == -1)) { + + memset(__afl_area_ptr, 0, __afl_map_size); + __afl_area_ptr[0] = 1; + + } } diff --git a/utils/aflpp_driver/aflpp_driver_test.c b/utils/aflpp_driver/aflpp_driver_test.c index 527ba57b..7cffa4a1 100644 --- a/utils/aflpp_driver/aflpp_driver_test.c +++ b/utils/aflpp_driver/aflpp_driver_test.c @@ -2,9 +2,9 @@ #include <stdlib.h> #include <stdint.h> -void __attribute__((noinline)) crashme(const uint8_t *Data, size_t Size) { +int __attribute__((noinline)) crashme(const uint8_t *Data, size_t Size) { - if (Size < 5) return; + if (Size < 5) return -1; if (Data[0] == 'F') if (Data[1] == 'A') @@ -12,13 +12,16 @@ void __attribute__((noinline)) crashme(const uint8_t *Data, size_t Size) { if (Data[3] == '$') if (Data[4] == '$') abort(); + return 0; + } int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - if (Size) crashme(Data, Size); - - return 0; + if (Size) + return crashme(Data, Size); + else + return -1; } |