diff options
| -rwxr-xr-x | afl-cmin | 2 | ||||
| -rw-r--r-- | libdislocator/libdislocator.so.c | 8 | ||||
| -rw-r--r-- | llvm_mode/afl-clang-fast.c | 6 | ||||
| -rw-r--r-- | src/afl-common.c | 28 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 18 | ||||
| -rw-r--r-- | src/afl-showmap.c | 100 | 
6 files changed, 90 insertions, 72 deletions
| diff --git a/afl-cmin b/afl-cmin index 182376c9..f15e3cb4 100755 --- a/afl-cmin +++ b/afl-cmin @@ -397,7 +397,7 @@ BEGIN { system( "AFL_CMIN_ALLOW_ANY=1 \""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/"fn"\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"fn"\"") } } else { - printf " Processing "in_count" files (forkserver mode)..." + printf " Processing "in_count" files (forkserver mode)...\n" system( "AFL_CMIN_ALLOW_ANY=1 \""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string" </dev/null") } diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index 21cd6f43..a426c387 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -66,7 +66,13 @@ #if __STDC_VERSION__ < 201112L // use this hack if not C11 -typedef struct { long long __ll; long double __ld; } max_align_t; +typedef struct { + + long long __ll; + long double __ld; + +} max_align_t; + #endif #define ALLOC_ALIGN_SIZE (_Alignof(max_align_t)) diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 3dd4acd3..348b5333 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -299,13 +299,13 @@ static void edit_params(u32 argc, char** argv) { cc_params[cc_par_cnt++] = "-fsanitize=memory"; } - + if (getenv("AFL_USE_UBSAN")) { - + cc_params[cc_par_cnt++] = "-fsanitize=undefined"; cc_params[cc_par_cnt++] = "-fsanitize-undefined-trap-on-error"; cc_params[cc_par_cnt++] = "-fno-sanitize-recover=all"; - + } } diff --git a/src/afl-common.c b/src/afl-common.c index 6cb97cdf..958b9b7d 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -72,23 +72,27 @@ void detect_file_args(char** argv, u8* prog_in) { if (!prog_in) FATAL("@@ syntax is not supported by this tool."); - /* Be sure that we're always using fully-qualified paths. */ + use_stdin = 0; - if (prog_in[0] == '/') - aa_subst = prog_in; - else - aa_subst = alloc_printf("%s/%s", cwd, prog_in); + if (prog_in[0] != 0) { // not afl-showmap special case - use_stdin = 0; + /* Be sure that we're always using fully-qualified paths. */ + + if (prog_in[0] == '/') + aa_subst = prog_in; + else + aa_subst = alloc_printf("%s/%s", cwd, prog_in); - /* Construct a replacement argv value. */ + /* Construct a replacement argv value. */ - *aa_loc = 0; - n_arg = alloc_printf("%s%s%s", argv[i], aa_subst, aa_loc + 2); - argv[i] = n_arg; - *aa_loc = '@'; + *aa_loc = 0; + n_arg = alloc_printf("%s%s%s", argv[i], aa_subst, aa_loc + 2); + argv[i] = n_arg; + *aa_loc = '@'; - if (prog_in[0] != '/') ck_free(aa_subst); + if (prog_in[0] != '/') ck_free(aa_subst); + + } } diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 9dc4b917..1b7e5226 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -334,9 +334,9 @@ void show_stats(void) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (dumb_mode) { @@ -413,9 +413,9 @@ void show_stats(void) { " uniq hangs : " cRST "%-6s" bSTG bV "\n", DTD(cur_ms, last_hang_time), tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA - " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); + " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -443,9 +443,9 @@ void show_stats(void) { SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored), ((double)queued_favored) * 100 / queued_paths); @@ -514,7 +514,7 @@ void show_stats(void) { /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP + SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); @@ -765,8 +765,8 @@ void show_init_stats(void) { WARNF(cLRD "Some test cases are huge (%s) - see %s/perf_tips.md!", DMS(max_len), doc_path); else if (max_len > 10 * 1024) - WARNF("Some test cases are big (%s) - see %s/perf_tips.md.", - DMS(max_len), doc_path); + WARNF("Some test cases are big (%s) - see %s/perf_tips.md.", DMS(max_len), + doc_path); if (useless_at_start && !in_bitmap) WARNF(cLRD "Some test cases look useless. Consider using a smaller set."); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index a0bcbb4c..9c146771 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -77,7 +77,7 @@ u8 uses_asan; u8* trace_bits; /* SHM with instrumentation bitmap */ u8 *out_file, /* Trace output file */ - *stdin_file, /* stdin file */ + *stdin_file, /* stdin file */ *in_dir, /* input folder */ *doc_path, /* Path to docs */ *at_file; /* Substitution string for @@ */ @@ -89,8 +89,7 @@ u32 exec_tmout; /* Exec timeout (ms) */ static u32 total, highest; /* tuple content information */ static u32 in_len, /* Input data length */ - arg_offset, - total_execs; /* Total number of execs */ + arg_offset, total_execs; /* Total number of execs */ u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ @@ -169,7 +168,7 @@ static void at_exit_handler(void) { /* Write results. */ -static u32 write_results_to_file(u8 *out_file) { +static u32 write_results_to_file(u8* out_file) { s32 fd; u32 i, ret = 0; @@ -243,7 +242,7 @@ static u32 write_results_to_file(u8 *out_file) { static u32 write_results(void) { return write_results_to_file(out_file); - + } /* Write output file. */ @@ -272,16 +271,10 @@ static s32 write_to_file(u8* path, u8* mem, u32 len) { static void write_to_testcase(void* mem, u32 len) { - if (use_stdin) { - - lseek(out_fd, 0, SEEK_SET); - - ck_write(out_fd, mem, len, out_file); - - if (ftruncate(out_fd, len)) PFATAL("ftruncate() failed"); - lseek(out_fd, 0, SEEK_SET); - - } + lseek(out_fd, 0, SEEK_SET); + ck_write(out_fd, mem, len, out_file); + if (ftruncate(out_fd, len)) PFATAL("ftruncate() failed"); + lseek(out_fd, 0, SEEK_SET); } @@ -383,14 +376,15 @@ static u8 run_target_forkserver(char** argv, u8* mem, u32 len) { /* Read initial file. */ -u32 read_file(u8 *in_file) { +u32 read_file(u8* in_file) { struct stat st; s32 fd = open(in_file, O_RDONLY); if (fd < 0) WARNF("Unable to open '%s'", in_file); - if (fstat(fd, &st) || !st.st_size) WARNF("Zero-sized input file '%s'.", in_file); + if (fstat(fd, &st) || !st.st_size) + WARNF("Zero-sized input file '%s'.", in_file); in_len = st.st_size; in_data = ck_alloc_nozero(in_len); @@ -399,9 +393,10 @@ u32 read_file(u8 *in_file) { close(fd); - //OKF("Read %u byte%s from '%s'.", in_len, in_len == 1 ? "" : "s", in_file); + // OKF("Read %u byte%s from '%s'.", in_len, in_len == 1 ? "" : "s", in_file); return in_len; + } /* Execute target application. */ @@ -643,7 +638,8 @@ static void usage(u8* argv0) { "Other settings:\n\n" - " -i dir - process all files in this directory, -o must be a directory\n" + " -i dir - process all files in this directory, -o must be a " + "directory\n" " and each bitmap will be written there individually.\n" " -q - sink program's output and don't show messages\n" " -e - show edge coverage only, ignore hit counts\n" @@ -900,18 +896,17 @@ int main(int argc, char** argv) { } - if (in_dir) { - + if (in_dir) { + if (at_file) PFATAL("Options -A and -i are mutually exclusive"); at_file = "@@"; - + } - detect_file_args(argv + optind, at_file); - + detect_file_args(argv + optind, ""); + for (i = optind; i < argc; i++) - if (strcmp(argv[i], "@@") == 0) - arg_offset = i; + if (strcmp(argv[i], "@@") == 0) arg_offset = i; if (qemu_mode) { @@ -926,10 +921,10 @@ int main(int argc, char** argv) { if (in_dir) { - DIR *dir_in, *dir_out; + DIR * dir_in, *dir_out; struct dirent* dir_ent; - int done = 0; - u8 infile[4096], outfile[4096]; + int done = 0; + u8 infile[4096], outfile[4096]; dev_null_fd = open("/dev/null", O_RDWR); if (dev_null_fd < 0) PFATAL("Unable to open /dev/null"); @@ -940,44 +935,56 @@ int main(int argc, char** argv) { if (mkdir(out_file, 0700)) PFATAL("cannot create output directory %s", out_file); - if (arg_offset) argv[arg_offset] = infile; - else { - - u8* use_dir = "."; + u8* use_dir = "."; - if (access(use_dir, R_OK | W_OK | X_OK)) { + if (access(use_dir, R_OK | W_OK | X_OK)) { - use_dir = getenv("TMPDIR"); - if (!use_dir) use_dir = "/tmp"; + use_dir = getenv("TMPDIR"); + if (!use_dir) use_dir = "/tmp"; - } + } + + stdin_file = alloc_printf("%s/.afl-tmin-temp-%u", use_dir, getpid()); + unlink(stdin_file); + atexit(at_exit_handler); + out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600); + if (out_fd < 0) PFATAL("Unable to create '%s'", out_file); + + if (arg_offset) argv[arg_offset] = stdin_file; + + if (getenv("AFL_DEBUG")) { + + int i = optind; + SAYF(cMGN "[D]" cRST " %s:", target_path); + while (argv[i] != NULL) + SAYF(" \"%s\"", argv[i++]); + SAYF("\n"); + SAYF(cMGN "[D]" cRST " %d - %d = %d, %s\n", arg_offset, optind, + arg_offset - optind, infile); - stdin_file = alloc_printf("%s/.afl-tmin-temp-%u", use_dir, getpid()); - unlink(stdin_file); - atexit(at_exit_handler); - out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600); - if (out_fd < 0) PFATAL("Unable to create '%s'", out_file); - } init_forkserver(use_argv); while (done == 0 && (dir_ent = readdir(dir_in))) { - if (dir_ent->d_name[0] == '.') continue; // skip anything that starts with '.' - if (dir_ent->d_type != DT_REG) continue; // only regular files + if (dir_ent->d_name[0] == '.') + continue; // skip anything that starts with '.' + if (dir_ent->d_type != DT_REG) continue; // only regular files snprintf(infile, sizeof(infile), "%s/%s", in_dir, dir_ent->d_name); snprintf(outfile, sizeof(outfile), "%s/%s", out_file, dir_ent->d_name); if (read_file(infile)) { + run_target_forkserver(use_argv, in_data, in_len); ck_free(in_data); tcnt = write_results_to_file(outfile); + } } - + if (!quiet_mode) OKF("Processed %u input files.", total_execs); } else { @@ -998,3 +1005,4 @@ int main(int argc, char** argv) { exit(child_crashed * 2 + child_timed_out); } + | 
