about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Dockerfile27
-rw-r--r--GNUmakefile.llvm10
-rwxr-xr-xafl-persistent-config8
-rwxr-xr-xafl-system-config2
-rw-r--r--docs/Changelog.md3
-rwxr-xr-xfrida_mode/update_frida_version.sh4
-rw-r--r--qemu_mode/QEMUAFL_VERSION2
m---------qemu_mode/qemuafl0
-rw-r--r--src/afl-analyze.c4
-rwxr-xr-xtest/test-basic.sh2
-rwxr-xr-xutils/analysis_scripts/queue2csv.sh4
11 files changed, 38 insertions, 28 deletions
diff --git a/Dockerfile b/Dockerfile
index f1b2fc01..71223c1a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,18 +9,31 @@ FROM ubuntu:22.04 AS aflplusplus
 LABEL "maintainer"="afl++ team <afl@aflplus.plus>"
 LABEL "about"="AFLplusplus container image"
 
+### Comment out to enable these features
+# Only available on specific ARM64 boards
+ENV NO_CORESIGHT=1
+# Possbile but unlikely in a docker container
+ENV NO_NYX=1
+# Unicorn issues on ARM64
+ENV NO_UNICORN_ARM64=1
+
+### Only change these if you know what you are doing:
+# LLVM 15 does not look good so we stay at 14 to still have LTO
+ENV LLVM_VERSION=14
+# GCC 12 is producing compile errors for some targets so we stay at GCC 11
+ENV GCC_VERSION=11
+
+### No changes beyond the point unless you know what you are doing :)
+
 ARG DEBIAN_FRONTEND=noninteractive
 
 ENV NO_ARCH_OPT=1
 ENV IS_DOCKER=1
 
 RUN apt-get update && apt-get full-upgrade -y && \
-    apt-get install -y --no-install-recommends wget ca-certificates && \
+    apt-get install -y --no-install-recommends wget ca-certificates apt-utils && \
     rm -rf /var/lib/apt/lists/*
 
-ENV LLVM_VERSION=14
-ENV GCC_VERSION=11
-
 RUN echo "deb [signed-by=/etc/apt/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.list && \
     wget -qO /etc/apt/keyrings/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key
 
@@ -30,7 +43,7 @@ RUN apt-get update && \
     git xz-utils bzip2 wget jupp nano bash-completion less vim joe ssh psmisc \
     python3 python3-dev python3-setuptools python-is-python3 \
     libtool libtool-bin libglib2.0-dev \
-    apt-utils apt-transport-https gnupg dialog \
+    apt-transport-https gnupg dialog \
     gnuplot-nox libpixman-1-dev \
     gcc-${GCC_VERSION} g++-${GCC_VERSION} gcc-${GCC_VERSION}-plugin-dev gdb lcov \
     clang-${LLVM_VERSION} clang-tools-${LLVM_VERSION} libc++1-${LLVM_VERSION} \
@@ -64,10 +77,6 @@ ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1
 RUN git clone --depth=1 https://github.com/vanhauser-thc/afl-cov && \
     (cd afl-cov && make install) && rm -rf afl-cov
 
-# Build currently broken
-ENV NO_CORESIGHT=1
-ENV NO_UNICORN_ARM64=1
-
 WORKDIR /AFLplusplus
 COPY . .
 
diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm
index e775ca98..83330ddc 100644
--- a/GNUmakefile.llvm
+++ b/GNUmakefile.llvm
@@ -45,11 +45,11 @@ endif
 LLVMVER  = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/git//' | sed 's/svn//' )
 LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' )
 LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' )
-LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 )
-LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[5-9]' && echo 1 || echo 0 )
-LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[0-9]' && echo 1 || echo 0 )
-LLVM_10_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[1-9]|^10\.[1-9]|^10\.0.[1-9]' && echo 1 || echo 0 )
-LLVM_HAVE_LTO = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[1-9]' && echo 1 || echo 0 )
+LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 )
+LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[5-9]' && echo 1 || echo 0 )
+LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[0-9]' && echo 1 || echo 0 )
+LLVM_10_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[1-9]|^10\.[1-9]|^10\.0.[1-9]' && echo 1 || echo 0 )
+LLVM_HAVE_LTO = $(shell $(LLVM_CONFIG) --version 2>/dev/null | grep -E -q '^1[1-9]' && echo 1 || echo 0 )
 LLVM_BINDIR = $(shell $(LLVM_CONFIG) --bindir 2>/dev/null)
 LLVM_LIBDIR = $(shell $(LLVM_CONFIG) --libdir 2>/dev/null)
 LLVM_STDCXX = gnu++11
diff --git a/afl-persistent-config b/afl-persistent-config
index fd453cbc..927f0062 100755
--- a/afl-persistent-config
+++ b/afl-persistent-config
@@ -111,11 +111,11 @@ kernel.sched_latency_ns=250000000
 EOF
   }
 
-  egrep -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null || echo Error: /etc/default/grub with GRUB_CMDLINE_LINUX_DEFAULT is not present, cannot set boot options
-  egrep -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null && {
-    egrep '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | egrep -q hardened_usercopy=off || {
+  grep -E -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null || echo Error: /etc/default/grub with GRUB_CMDLINE_LINUX_DEFAULT is not present, cannot set boot options
+  grep -E -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null && {
+    grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | grep -E -q hardened_usercopy=off || {
       echo "Configuring performance boot options"
-      LINE=`egrep '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | sed 's/^GRUB_CMDLINE_LINUX_DEFAULT=//' | tr -d '"'`
+      LINE=`grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | sed 's/^GRUB_CMDLINE_LINUX_DEFAULT=//' | tr -d '"'`
       OPTIONS="$LINE ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx=on tsx_async_abort=off mitigations=off audit=0 hardened_usercopy=off ssbd=force-off"
       echo Setting boot options in /etc/default/grub to GRUB_CMDLINE_LINUX_DEFAULT=\"$OPTIONS\"
       sed -i "s|^GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT=\"$OPTIONS\"|" /etc/default/grub
diff --git a/afl-system-config b/afl-system-config
index f482e4fb..faa64487 100755
--- a/afl-system-config
+++ b/afl-system-config
@@ -47,7 +47,7 @@ if [ "$PLATFORM" = "Linux" ] ; then
 } > /dev/null
   echo Settings applied.
   echo
-  dmesg | egrep -q 'nospectre_v2|spectre_v2=off' || {
+  dmesg | grep -E -q 'nospectre_v2|spectre_v2=off' || {
     echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this:
     echo '  /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"'
     echo
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 5e4de45a..1ca942cd 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -18,7 +18,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
       to variables queue items instead of 12.
   - afl-cc:
     - fixed off-by-one bug in our pcguard implemenation, thanks for
-      @toka for reporting
+      @tokatoka for reporting
     - better handling of -fsanitize=..,...,.. lists
     - fix gcc_mode cmplog
     - obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1
@@ -27,6 +27,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable
       edges (together with AFL_DEBUG=1 afl-fuzz). thanks to
       worksbutnottested!
+  - afl-analyze broke at some point, fix by CodeLogicError, thank you!
 
 
 ### Version ++4.02c (release)
diff --git a/frida_mode/update_frida_version.sh b/frida_mode/update_frida_version.sh
index 7d938712..18243fbb 100755
--- a/frida_mode/update_frida_version.sh
+++ b/frida_mode/update_frida_version.sh
@@ -1,8 +1,8 @@
 #!/bin/sh
 test -n "$1" && { echo This script has no options. It updates the referenced Frida version in GNUmakefile to the most current one. ; exit 1 ; }
 
-OLD=$(egrep '^GUM_DEVKIT_VERSION=' GNUmakefile 2>/dev/null|awk -F= '{print$2}')
-NEW=$(curl https://github.com/frida/frida/releases/ 2>/dev/null|egrep 'frida-gum-devkit-[0-9.]*-linux-x86_64'|head -n 1|sed 's/.*frida-gum-devkit-//'|sed 's/-linux.*//')
+OLD=$(grep -E '^GUM_DEVKIT_VERSION=' GNUmakefile 2>/dev/null|awk -F= '{print$2}')
+NEW=$(curl https://github.com/frida/frida/releases/ 2>/dev/null|grep -E 'frida-gum-devkit-[0-9.]*-linux-x86_64'|head -n 1|sed 's/.*frida-gum-devkit-//'|sed 's/-linux.*//')
 
 echo Current set version: $OLD
 echo Newest available version: $NEW
diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION
index d59a04e7..10e875b1 100644
--- a/qemu_mode/QEMUAFL_VERSION
+++ b/qemu_mode/QEMUAFL_VERSION
@@ -1 +1 @@
-12682ea816
+61bc152384
diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl
-Subproject 12682ea8169604a6c0f9b2b36eaa53ff7dcc7fd
+Subproject 61bc1523848a5235b43719c9fa7d78e9a970a1a
diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index d4822341..a21f014f 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -203,7 +203,7 @@ static void read_initial_file(void) {
 /* Execute target application. Returns exec checksum, or 0 if program
    times out. */
 
-static u32 analyze_run_target(u8 *mem, u32 len, u8 first_run) {
+static u64 analyze_run_target(u8 *mem, u32 len, u8 first_run) {
 
   afl_fsrv_write_to_testcase(&fsrv, mem, len);
   fsrv_run_result_t ret = afl_fsrv_run_target(&fsrv, exec_tmout, &stop_soon);
@@ -528,7 +528,7 @@ static void analyze() {
 
   for (i = 0; i < in_len; i++) {
 
-    u32 xor_ff, xor_01, sub_10, add_10;
+    u64 xor_ff, xor_01, sub_10, add_10;
     u8  xff_orig, x01_orig, s10_orig, a10_orig;
 
     /* Perform walking byte adjustments across the file. We perform four
diff --git a/test/test-basic.sh b/test/test-basic.sh
index bec42b4d..538b6931 100755
--- a/test/test-basic.sh
+++ b/test/test-basic.sh
@@ -48,7 +48,7 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc
       $ECHO "$GREEN[+] ${AFL_GCC} hardened mode succeeded and is working"
     } || {
       $ECHO "$RED[!] ${AFL_GCC} hardened mode is not hardened"
-      env | egrep 'AFL|PATH|LLVM'
+      env | grep -E 'AFL|PATH|LLVM'
       AFL_DEBUG=1 AFL_HARDEN=1 ../${AFL_GCC} -o test-compcov.harden test-compcov.c
       nm test-compcov.harden
       CODE=1
diff --git a/utils/analysis_scripts/queue2csv.sh b/utils/analysis_scripts/queue2csv.sh
index 2528b438..47141efe 100755
--- a/utils/analysis_scripts/queue2csv.sh
+++ b/utils/analysis_scripts/queue2csv.sh
@@ -92,14 +92,14 @@ mkdir "$DIR" || exit 1
 
 if [ -n "$3" -a -s "$DIR/../edges.txt" ]; then
 
-  cat "$DIR/"* | sed 's/:.*//' | sort -n | uniq -c | egrep '^[ \t]*1 ' | awk '{print$2}' > $DIR/../unique.txt
+  cat "$DIR/"* | sed 's/:.*//' | sort -n | uniq -c | grep -E '^[ \t]*1 ' | awk '{print$2}' > $DIR/../unique.txt
 
   if [ -s "$DIR/../unique.txt" ]; then
 
     ls "$DIR/id:"* | grep -v ",sync:" |sed 's/.*\/id:/id:/g' | while read file; do
 
       CNT=$(sed 's/:.*//' "$DIR/$file" | tee "$DIR/../tmp.txt" | wc -l)
-      DIFF=$(diff -u "$DIR/../tmp.txt" "$DIR/../unique.txt" | egrep '^-[0-9]' | wc -l)
+      DIFF=$(diff -u "$DIR/../tmp.txt" "$DIR/../unique.txt" | grep -E '^-[0-9]' | wc -l)
       UNIQUE=$(($CNT - $DIFF))
       sed -i "s/;UNIQUE$file/;$UNIQUE/" "$DIR/../queue.csv" "$2"
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-22 01:14:40 +0000