Push to stable (#895)

* sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name <you@example.com> * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name <you@example.com> * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name <you@example.com> * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name <you@example.com> * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name <you@example.com> * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com> * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name <you@example.com> * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name <you@example.com> * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name <you@example.com> * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name <you@example.com> * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation Co-authored-by: Dominik Maier <domenukk@gmail.com> Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name <you@example.com> Co-authored-by: Dmitry Zheregelya <zheregelya.d@gmail.com> Co-authored-by: hexcoder <hexcoder-@users.noreply.github.com> Co-authored-by: hexcoder- <heiko@hexco.de> Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com> Co-authored-by: David CARLIER <devnexen@gmail.com> Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev <SecNotice@ya.ru>
author: van Hauser <vh@thc.org> 2021-05-10 13:57:47 +0200
committer: GitHub <noreply@github.com> 2021-05-10 13:57:47 +0200
commit: 8b7a7b29c60f11cdf6226b3e418e87a5c3f5caac (patch)
tree: 6ce9d90644f161d21d802e9cbe48eb38467684e9 /utils/custom_mutators/post_library_gif.so.c
parent: d0225c2c4d465968660a08c93857fed354e539b1 (diff)
download: afl++-8b7a7b29c60f11cdf6226b3e418e87a5c3f5caac.tar.gz
1 files changed, 0 insertions, 165 deletions
diff --git a/utils/custom_mutators/post_library_gif.so.c b/utils/custom_mutators/post_library_gif.so.c
deleted file mode 100644
index ac10f409..00000000
--- a/utils/custom_mutators/post_library_gif.so.c
+++ /dev/null
@@ -1,165 +0,0 @@
-/*
-   american fuzzy lop++ - postprocessor library example
-   --------------------------------------------------
-
-   Originally written by Michal Zalewski
-   Edited by Dominik Maier, 2020
-
-   Copyright 2015 Google Inc. All rights reserved.
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at:
-
-     http://www.apache.org/licenses/LICENSE-2.0
-
-   Postprocessor libraries can be passed to afl-fuzz to perform final cleanup
-   of any mutated test cases - for example, to fix up checksums in PNG files.
-
-   Please heed the following warnings:
-
-   1) In almost all cases, it is more productive to comment out checksum logic
-      in the targeted binary (as shown in ../libpng_no_checksum/). One possible
-      exception is the process of fuzzing binary-only software in QEMU mode.
-
-   2) The use of postprocessors for anything other than checksums is
-   questionable and may cause more harm than good. AFL is normally pretty good
-   about dealing with length fields, magic values, etc.
-
-   3) Postprocessors that do anything non-trivial must be extremely robust to
-      gracefully handle malformed data and other error conditions - otherwise,
-      they will crash and take afl-fuzz down with them. Be wary of reading past
-      *len and of integer overflows when calculating file offsets.
-
-   In other words, THIS IS PROBABLY NOT WHAT YOU WANT - unless you really,
-   honestly know what you're doing =)
-
-   With that out of the way: the postprocessor library is passed to afl-fuzz
-   via AFL_POST_LIBRARY. The library must be compiled with:
-
-     gcc -shared -Wall -O3 post_library.so.c -o post_library.so
-
-   AFL will call the afl_custom_post_process() function for every mutated output
-   buffer. From there, you have three choices:
-
-   1) If you don't want to modify the test case, simply set `*out_buf = in_buf`
-      and return the original `len`.
-
-   2) If you want to skip this test case altogether and have AFL generate a
-      new one, return 0 or set `*out_buf = NULL`.
-      Use this sparingly - it's faster than running the target program
-      with patently useless inputs, but still wastes CPU time.
-
-   3) If you want to modify the test case, allocate an appropriately-sized
-      buffer, move the data into that buffer, make the necessary changes, and
-      then return the new pointer as out_buf. Return an appropriate len
-   afterwards.
-
-      Note that the buffer will *not* be freed for you. To avoid memory leaks,
-      you need to free it or reuse it on subsequent calls (as shown below).
-
-      *** Feel free to reuse the original 'in_buf' BUFFER and return it. ***
-
-    Aight. The example below shows a simple postprocessor that tries to make
-    sure that all input files start with "GIF89a".
-
-    PS. If you don't like C, you can try out the unix-based wrapper from
-    Ben Nagy instead: https://github.com/bnagy/aflfix
-
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-/* Header that must be present at the beginning of every test case: */
-
-#define HEADER "GIF89a"
-
-typedef struct post_state {
-
-  unsigned char *buf;
-  size_t         size;
-
-} post_state_t;
-
-void *afl_custom_init(void *afl) {
-
-  post_state_t *state = malloc(sizeof(post_state_t));
-  if (!state) {
-
-    perror("malloc");
-    return NULL;
-
-  }
-
-  state->buf = calloc(sizeof(unsigned char), 4096);
-  if (!state->buf) {
-
-    free(state);
-    perror("calloc");
-    return NULL;
-
-  }
-
-  return state;
-
-}
-
-/* The actual postprocessor routine called by afl-fuzz: */
-
-size_t afl_custom_post_process(post_state_t *data, unsigned char *in_buf,
-                               unsigned int len, unsigned char **out_buf) {
-
-  /* Skip execution altogether for buffers shorter than 6 bytes (just to
-     show how it's done). We can trust len to be sane. */
-
-  if (len < strlen(HEADER)) return 0;
-
-  /* Do nothing for buffers that already start with the expected header. */
-
-  if (!memcmp(in_buf, HEADER, strlen(HEADER))) {
-
-    *out_buf = in_buf;
-    return len;
-
-  }
-
-  /* Allocate memory for new buffer, reusing previous allocation if
-     possible. */
-
-  *out_buf = realloc(data->buf, len);
-
-  /* If we're out of memory, the most graceful thing to do is to return the
-     original buffer and give up on modifying it. Let AFL handle OOM on its
-     own later on. */
-
-  if (!*out_buf) {
-
-    *out_buf = in_buf;
-    return len;
-
-  }
-
-  /* Copy the original data to the new location. */
-
-  memcpy(*out_buf, in_buf, len);
-
-  /* Insert the new header. */
-
-  memcpy(*out_buf, HEADER, strlen(HEADER));
-
-  /* Return the new len. It hasn't changed, so it's just len. */
-
-  return len;
-
-}
-
-/* Gets called afterwards */
-void afl_custom_deinit(post_state_t *data) {
-
-  free(data->buf);
-  free(data);
-
-}
-
author	van Hauser <vh@thc.org>	2021-05-10 13:57:47 +0200
committer	GitHub <noreply@github.com>	2021-05-10 13:57:47 +0200
commit	8b7a7b29c60f11cdf6226b3e418e87a5c3f5caac (patch)
tree	6ce9d90644f161d21d802e9cbe48eb38467684e9 /utils/custom_mutators/post_library_gif.so.c
parent	d0225c2c4d465968660a08c93857fed354e539b1 (diff)
download	afl++-8b7a7b29c60f11cdf6226b3e418e87a5c3f5caac.tar.gz