diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | GNUmakefile.llvm | 31 | ||||
| -rw-r--r-- | docs/INSTALL.md | 3 | ||||
| -rw-r--r-- | frida_mode/src/instrument/instrument_coverage.c | 1 | ||||
| -rw-r--r-- | src/afl-common.c | 2 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 9 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 13 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 3 |
8 files changed, 47 insertions, 17 deletions
diff --git a/.gitignore b/.gitignore index 9ac577d3..bc06ef2d 100644 --- a/.gitignore +++ b/.gitignore @@ -112,3 +112,5 @@ utils/replay_record/persistent_demo_replay_compat utils/replay_record/persistent_demo_replay_argparse utils/plot_ui/afl-plot-ui vuln_prog +argv_fuzz_demo +argv_fuzz_persistent_demo \ No newline at end of file diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 52ff778c..d5dcb09b 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -48,18 +48,25 @@ else LLVM_CONFIG ?= $(call detect_newest,llvm-config) endif -override LLVM_RAW_VER := $(shell $(LLVM_CONFIG) --version 2>/dev/null) -LLVMVER := $(subst svn,,$(subst git,,$(LLVM_RAW_VER))) -LLVM_MAJOR := $(firstword $(subst ., ,$(LLVMVER))) -LLVM_MINOR := $(firstword $(subst ., ,$(subst $(LLVM_MAJOR).,,$(LLVMVER)))) -LLVM_TOO_NEW := $(shell test $(LLVM_MAJOR) -gt $(LLVM_TOO_NEW_DEFAULT) && echo 1 || echo 0) -LLVM_TOO_OLD := $(shell test $(LLVM_MAJOR) -lt $(LLVM_TOO_OLD_DEFAULT) && echo 1 || echo 0) -LLVM_NEW_API := $(shell test $(LLVM_MAJOR) -ge 10 && echo 1 || echo 0) -LLVM_NEWER_API := $(shell test $(LLVM_MAJOR) -ge 16 && echo 1 || echo 0) -LLVM_13_OK := $(shell test $(LLVM_MAJOR) -ge 13 && echo 1 || echo 0) -LLVM_HAVE_LTO := $(shell test $(LLVM_MAJOR) -ge 12 && echo 1 || echo 0) -LLVM_BINDIR := $(shell $(LLVM_CONFIG) --bindir 2>/dev/null) -LLVM_LIBDIR := $(shell $(LLVM_CONFIG) --libdir 2>/dev/null) +ifneq "$(LLVM_CONFIG)" "" + override LLVM_RAW_VER := $(shell $(LLVM_CONFIG) --version 2>/dev/null) + LLVMVER := $(subst svn,,$(subst git,,$(LLVM_RAW_VER))) + + LLVM_BINDIR := $(shell $(LLVM_CONFIG) --bindir 2>/dev/null) + LLVM_LIBDIR := $(shell $(LLVM_CONFIG) --libdir 2>/dev/null) +endif + +ifneq "$(LLVMVER)" "" + LLVM_MAJOR := $(firstword $(subst ., ,$(LLVMVER))) + LLVM_MINOR := $(firstword $(subst ., ,$(subst $(LLVM_MAJOR).,,$(LLVMVER)))) + LLVM_TOO_NEW := $(shell test $(LLVM_MAJOR) -gt $(LLVM_TOO_NEW_DEFAULT) && echo 1 || echo 0) + LLVM_TOO_OLD := $(shell test $(LLVM_MAJOR) -lt $(LLVM_TOO_OLD_DEFAULT) && echo 1 || echo 0) + LLVM_NEW_API := $(shell test $(LLVM_MAJOR) -ge 10 && echo 1 || echo 0) + LLVM_NEWER_API := $(shell test $(LLVM_MAJOR) -ge 16 && echo 1 || echo 0) + LLVM_13_OK := $(shell test $(LLVM_MAJOR) -ge 13 && echo 1 || echo 0) + LLVM_HAVE_LTO := $(shell test $(LLVM_MAJOR) -ge 12 && echo 1 || echo 0) +endif + LLVM_STDCXX := gnu++11 LLVM_LTO := 0 LLVM_UNSUPPORTED := $(shell echo "$(LLVMVER)" | grep -E -q '^[0-2]\.|^3\.[0-8]\.' && echo 1 || echo 0) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 3089aab2..cea1ae6b 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -30,6 +30,9 @@ sudo apt-get install -y build-essential python3-dev automake cmake git flex biso sudo apt-get install -y lld-14 llvm-14 llvm-14-dev clang-14 || sudo apt-get install -y lld llvm llvm-dev clang sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-plugin-dev libstdc++-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* //')-dev sudo apt-get install -y ninja-build # for QEMU mode +sudo apt-get install -y cpio libcapstone-dev # for Nyx mode +sudo apt-get install -y wget curl # for Frida mode +sudo apt-get install python3-pip # for Unicorn mode git clone https://github.com/AFLplusplus/AFLplusplus cd AFLplusplus make distrib diff --git a/frida_mode/src/instrument/instrument_coverage.c b/frida_mode/src/instrument/instrument_coverage.c index a546dc24..140072dd 100644 --- a/frida_mode/src/instrument/instrument_coverage.c +++ b/frida_mode/src/instrument/instrument_coverage.c @@ -878,7 +878,6 @@ void instrument_coverage_unstable_find_output(void) { g_dir_close(dir); g_free(instance_name); - g_free(path_tmp); g_free(fds_name); if (unstable_coverage_fuzzer_stats == NULL) { diff --git a/src/afl-common.c b/src/afl-common.c index 04a984cb..e5584e93 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,7 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=0")) { + if (NULL != strstr(have_asan_options, "detect_leaks=0") || NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 6366f473..5390b597 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1338,6 +1338,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->map_size = tmp_map_size; + } else { + + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) { @@ -1444,6 +1448,11 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + } else { + + // The binary is most likely instrumented using AFL's tool, and we will set map_size to MAP_SIZE. + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 999929a1..3d244aa8 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -476,6 +476,17 @@ void mark_as_redundant(afl_state_t *afl, struct queue_entry *q, u8 state) { q->fs_redundant = state; + if (likely(q->fs_redundant)) { + + if (unlikely(q->trace_mini)) { + + ck_free(q->trace_mini); + q->trace_mini = NULL; + + } + + } + sprintf(fn, "%s/queue/.state/redundant_edges/%s", afl->out_dir, strrchr((char *)q->fname, '/') + 1); @@ -901,7 +912,7 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { if (!--afl->top_rated[i]->tc_ref) { ck_free(afl->top_rated[i]->trace_mini); - afl->top_rated[i]->trace_mini = 0; + afl->top_rated[i]->trace_mini = NULL; } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9867eba3..1546597e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2237,7 +2237,6 @@ int main(int argc, char **argv_orig, char **envp) { snprintf(fn, PATH_MAX, "%s/fastresume.bin", afl->out_dir); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fn, "rb")) != NULL) { - #else if ((fr_fd = open(fn, O_RDONLY)) >= 0) { @@ -3341,9 +3340,9 @@ stop_fuzzing: ACTF("Writing %s ...", fr); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fr, "wb9")) != NULL) { - #else if ((fr_fd = open(fr, O_WRONLY | O_TRUNC | O_CREAT, DEFAULT_PERMISSION)) >= + 0) { #endif u8 ver_string[8]; |