diff options
| -rw-r--r-- | Android.bp | 304 | ||||
| l--------- | Android.mk | 1 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 4 | ||||
| -rw-r--r-- | include/android-ashmem.h | 113 | ||||
| -rw-r--r-- | src/afl-analyze.c | 3 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 4 | ||||
| -rw-r--r-- | src/afl-gotcpu.c | 3 | ||||
| -rw-r--r-- | src/afl-showmap.c | 3 | ||||
| -rw-r--r-- | src/afl-tmin.c | 4 | ||||
| -rw-r--r-- | utils/afl_network_proxy/afl-network-server.c | 4 |
10 files changed, 332 insertions, 111 deletions
@@ -1,5 +1,13 @@ cc_defaults { name: "afl-defaults", + sanitize: { + never: true, + }, + + local_include_dirs: [ + "include", + "instrumentation", + ], cflags: [ "-funroll-loops", @@ -14,12 +22,17 @@ cc_defaults { "-DBIN_PATH=\"out/host/linux-x86/bin\"", "-DDOC_PATH=\"out/host/linux-x86/shared/doc/afl\"", "-D__USE_GNU", + "-D__aarch64__", + "-DDEBUG_BUILD", + "-U_FORTIFY_SOURCE", + "-g", + "-O0", + "-fno-omit-frame-pointer", ], } cc_binary { name: "afl-fuzz", - static_executable: true, host_supported: true, defaults: [ @@ -27,7 +40,11 @@ cc_binary { ], srcs: [ - "afl-fuzz.c", + "src/afl-fuzz*.c", + "src/afl-common.c", + "src/afl-sharedmem.c", + "src/afl-forkserver.c", + "src/afl-performance.c", ], } @@ -41,7 +58,10 @@ cc_binary { ], srcs: [ - "afl-showmap.c", + "src/afl-showmap.c", + "src/afl-common.c", + "src/afl-sharedmem.c", + "src/afl-forkserver.c", ], } @@ -55,7 +75,11 @@ cc_binary { ], srcs: [ - "afl-tmin.c", + "src/afl-tmin.c", + "src/afl-common.c", + "src/afl-sharedmem.c", + "src/afl-forkserver.c", + "src/afl-performance.c", ], } @@ -69,7 +93,10 @@ cc_binary { ], srcs: [ - "afl-analyze.c", + "src/afl-analyze.c", + "src/afl-common.c", + "src/afl-sharedmem.c", + "src/afl-performance.c", ], } @@ -83,12 +110,13 @@ cc_binary { ], srcs: [ - "afl-gotcpu.c", + "src/afl-gotcpu.c", + "src/afl-common.c", ], } cc_binary_host { - name: "afl-clang-fast", + name: "afl-cc", static_executable: true, defaults: [ @@ -98,44 +126,286 @@ cc_binary_host { cflags: [ "-D__ANDROID__", "-DAFL_PATH=\"out/host/linux-x86/lib64\"", + "-DAFL_CLANG_FLTO=\"-flto=full\"", + "-DUSE_BINDIR=1", + "-DLLVM_BINDIR=\"prebuilts/clang/host/linux-x86/clang-r383902b/bin\"", + "-DLLVM_LIBDIR=\"prebuilts/clang/host/linux-x86/clang-r383902b/lib64\"", + "-DCLANGPP_BIN=\"prebuilts/clang/host/linux-x86/clang-r383902b/bin/clang++\"", + "-DAFL_REAL_LD=\"prebuilts/clang/host/linux-x86/clang-r383902b/bin/ld.lld\"", + "-DLLVM_LTO=1", ], srcs: [ "src/afl-cc.c", + "src/afl-common.c", + ], + + symlinks: [ + "afl-clang-fast", + "afl-clang-fast++", + "afl-clang-lto", + "afl-clang-lto++", ], } -cc_binary_host { - name: "afl-clang-fast++", - static_executable: true, +cc_library_static { + name: "afl-llvm-rt", + compile_multilib: "both", + vendor_available: true, + host_supported: true, + recovery_available: true, + sdk_version: "9", + + apex_available: [ + "com.android.adbd", + "com.android.appsearch", + "com.android.art", + "com.android.bluetooth.updatable", + "com.android.cellbroadcast", + "com.android.conscrypt", + "com.android.extservices", + "com.android.cronet", + "com.android.neuralnetworks", + "com.android.media", + "com.android.media.swcodec", + "com.android.mediaprovider", + "com.android.permission", + "com.android.runtime", + "com.android.resolv", + "com.android.tethering", + "com.android.wifi", + "com.android.sdkext", + "com.android.os.statsd", + "//any", + ], defaults: [ "afl-defaults", ], - cflags: [ - "-D__ANDROID__", - "-DAFL_PATH=\"out/host/linux-x86/lib64\"", + srcs: [ + "instrumentation/afl-compiler-rt.o.c", ], +} - srcs: [ - "src/afl-cc.c", +cc_defaults { + name: "afl-defaults-lto", + + include_dirs: [ + "prebuilts/clang/host/linux-x86/clang-r383902b/include", ], } +/*cc_library_host_shared { + name: "afl-llvm-lto-instrumentlist", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/afl-llvm-lto-instrumentlist.so.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "afl-llvm-dict2file", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/afl-llvm-dict2file.so.cc", + "instrumentation/afl-llvm-common.cc", + ], + + shared_libs: [ + "libLLVM-11git", + ], +}*/ + +/*cc_library_host_shared { + name: "cmplog-routines-pass", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/cmplog-routines-pass.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "cmplog-instructions-pass", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/cmplog-instructions-pass.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "split-switches-pass", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/split-switches-pass.so.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "compare-transform-pass", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/compare-transform-pass.so.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "split-compares-pass", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/split-compares-pass.so.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "libLLVMInsTrim", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/LLVMInsTrim.so.cc", + "instrumentation/MarkNodes.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "afl-llvm-pass", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/afl-llvm-pass.so.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "SanitizerCoveragePCGUARD", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/SanitizerCoveragePCGUARD.so.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "SanitizerCoverageLTO", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/SanitizerCoverageLTO.so.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + +/*cc_library_host_shared { + name: "afl-llvm-lto-instrumentation", + + defaults: [ + "afl-defaults", + "afl-defaults-lto", + ], + + srcs: [ + "instrumentation/afl-llvm-lto-instrumentation.so.cc", + "instrumentation/afl-llvm-common.cc", + ], +}*/ + cc_library_static { - name: "afl-llvm-rt", + name: "afl-llvm-rt-lto", compile_multilib: "both", vendor_available: true, host_supported: true, recovery_available: true, sdk_version: "9", + apex_available: [ + "com.android.adbd", + "com.android.appsearch", + "com.android.art", + "com.android.bluetooth.updatable", + "com.android.cellbroadcast", + "com.android.conscrypt", + "com.android.extservices", + "com.android.cronet", + "com.android.neuralnetworks", + "com.android.media", + "com.android.media.swcodec", + "com.android.mediaprovider", + "com.android.permission", + "com.android.runtime", + "com.android.resolv", + "com.android.tethering", + "com.android.wifi", + "com.android.sdkext", + "com.android.os.statsd", + "//any", + ], + defaults: [ "afl-defaults", + "afl-defaults-lto", ], srcs: [ - "instrumentation/afl-llvm-rt.o.c", + "instrumentation/afl-llvm-rt-lto.o.c", ], } diff --git a/Android.mk b/Android.mk deleted file mode 120000 index 33ceb8f0..00000000 --- a/Android.mk +++ /dev/null @@ -1 +0,0 @@ -Makefile
\ No newline at end of file diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 988a907d..6342c8b6 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -37,10 +37,6 @@ #define _FILE_OFFSET_BITS 64 #endif -#ifdef __ANDROID__ - #include "android-ashmem.h" -#endif - #include "config.h" #include "types.h" #include "debug.h" diff --git a/include/android-ashmem.h b/include/android-ashmem.h index 41d4d2da..6939e06d 100644 --- a/include/android-ashmem.h +++ b/include/android-ashmem.h @@ -1,112 +1,81 @@ -/* - american fuzzy lop++ - android shared memory compatibility layer - ---------------------------------------------------------------- - - Originally written by Michal Zalewski - - Now maintained by Marc Heuse <mh@mh-sec.de>, - Heiko Eißfeldt <heiko.eissfeldt@hexco.de>, - Andrea Fioraldi <andreafioraldi@gmail.com>, - Dominik Maier <mail@dmnk.co> - - Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2020 AFLplusplus Project. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: - - http://www.apache.org/licenses/LICENSE-2.0 - - This header re-defines the shared memory routines used by AFL++ - using the Andoid API. - - */ - +#ifdef __ANDROID__ #ifndef _ANDROID_ASHMEM_H #define _ANDROID_ASHMEM_H -#ifdef __ANDROID__ - - #include <fcntl.h> - #include <linux/shm.h> - #include <linux/ashmem.h> - #include <sys/ioctl.h> - #include <sys/mman.h> - - #if __ANDROID_API__ >= 26 - #define shmat bionic_shmat - #define shmctl bionic_shmctl - #define shmdt bionic_shmdt - #define shmget bionic_shmget - #endif - - #include <sys/shm.h> - #undef shmat - #undef shmctl - #undef shmdt - #undef shmget - #include <stdio.h> +#include <fcntl.h> +#include <linux/ashmem.h> +#include <sys/ioctl.h> +#include <sys/mman.h> - #define ASHMEM_DEVICE "/dev/ashmem" +#if __ANDROID_API__ >= 26 +#define shmat bionic_shmat +#define shmctl bionic_shmctl +#define shmdt bionic_shmdt +#define shmget bionic_shmget +#endif +#include <sys/shm.h> +#undef shmat +#undef shmctl +#undef shmdt +#undef shmget +#include <stdio.h> -static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) { +#define ASHMEM_DEVICE "/dev/ashmem" +int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) { int ret = 0; if (__cmd == IPC_RMID) { - - int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL); - struct ashmem_pin pin = {0, (unsigned int)length}; + int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL); + struct ashmem_pin pin = {0, length}; ret = ioctl(__shmid, ASHMEM_UNPIN, &pin); close(__shmid); - } return ret; - } -static inline int shmget(key_t __key, size_t __size, int __shmflg) { - - (void)__shmflg; - int fd, ret; +int shmget(key_t __key, size_t __size, int __shmflg) { + (void) __shmflg; + int fd, ret; char ourkey[11]; fd = open(ASHMEM_DEVICE, O_RDWR); - if (fd < 0) return fd; + if (fd < 0) + return fd; sprintf(ourkey, "%d", __key); ret = ioctl(fd, ASHMEM_SET_NAME, ourkey); - if (ret < 0) goto error; + if (ret < 0) + goto error; ret = ioctl(fd, ASHMEM_SET_SIZE, __size); - if (ret < 0) goto error; + if (ret < 0) + goto error; return fd; error: close(fd); return ret; - } -static inline void *shmat(int __shmid, const void *__shmaddr, int __shmflg) { - - (void)__shmflg; - int size; +void *shmat(int __shmid, const void *__shmaddr, int __shmflg) { + (void) __shmflg; + int size; void *ptr; size = ioctl(__shmid, ASHMEM_GET_SIZE, NULL); - if (size < 0) { return NULL; } + if (size < 0) { + return NULL; + } ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, __shmid, 0); - if (ptr == MAP_FAILED) { return NULL; } + if (ptr == MAP_FAILED) { + return NULL; + } return ptr; - } -#endif /* __ANDROID__ */ - -#endif - +#endif /* !_ANDROID_ASHMEM_H */ +#endif /* !__ANDROID__ */ diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 8fc4434a..0af489fe 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -26,9 +26,6 @@ #define AFL_MAIN -#ifdef __ANDROID__ - #include "android-ashmem.h" -#endif #include "config.h" #include "types.h" #include "debug.h" diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index e86f2aeb..e67bace9 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -58,7 +58,11 @@ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) { for (i = 0; i < argc; ++i) { if (i) fprintf(f, " "); +#ifdef __ANDROID__ + if (memchr(argv[i], '\'', sizeof(argv[i]))) { +#else if (index(argv[i], '\'')) { +#endif fprintf(f, "'"); for (j = 0; j < strlen(argv[i]); j++) diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index 1aea3e40..ac002a93 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -35,9 +35,6 @@ #define _GNU_SOURCE #endif -#ifdef __ANDROID__ - #include "android-ashmem.h" -#endif #include <stdio.h> #include <stdlib.h> #include <unistd.h> diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 5c9d38e0..6d95fc1d 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -31,9 +31,6 @@ #define AFL_MAIN -#ifdef __ANDROID__ - #include "android-ashmem.h" -#endif #include "config.h" #include "types.h" #include "debug.h" diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 6e2d7708..5fd60cd2 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -29,10 +29,6 @@ #define AFL_MAIN -#ifdef __ANDROID__ - #include "android-ashmem.h" -#endif - #include "config.h" #include "types.h" #include "debug.h" diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c index 513dc8f2..fe225416 100644 --- a/utils/afl_network_proxy/afl-network-server.c +++ b/utils/afl_network_proxy/afl-network-server.c @@ -24,10 +24,6 @@ #define AFL_MAIN -#ifdef __ANDROID__ - #include "android-ashmem.h" -#endif - #include "config.h" #include "types.h" #include "debug.h" |