diff options
| -rw-r--r-- | GNUmakefile | 52 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | TODO.md | 1 | ||||
| -rwxr-xr-x | afl-cmin | 18 | ||||
| -rwxr-xr-x | afl-cmin.bash | 9 | ||||
| -rw-r--r-- | docs/Changelog.md | 20 | ||||
| -rw-r--r-- | docs/FAQ.md | 15 | ||||
| -rw-r--r-- | docs/INSTALL.md | 4 | ||||
| -rw-r--r-- | docs/env_variables.md | 3 | ||||
| -rw-r--r-- | docs/fuzzing_in_depth.md | 7 | ||||
| -rw-r--r-- | frida_mode/GNUmakefile | 16 | ||||
| -rw-r--r-- | frida_mode/src/module.c | 4 | ||||
| -rw-r--r-- | frida_mode/test/png/GNUmakefile | 74 | ||||
| -rw-r--r-- | frida_mode/test/unstable/GNUmakefile | 24 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 3 | ||||
| -rw-r--r-- | include/config.h | 7 | ||||
| -rw-r--r-- | include/envs.h | 2 | ||||
| -rw-r--r-- | include/types.h | 2 | ||||
| -rw-r--r-- | instrumentation/afl-compiler-rt.o.c | 18 | ||||
| -rw-r--r-- | qemu_mode/QEMUAFL_VERSION | 2 | ||||
| m--------- | qemu_mode/qemuafl | 0 | ||||
| -rw-r--r-- | src/afl-cc.c | 120 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 10 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 13 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 14 | ||||
| -rw-r--r-- | src/afl-showmap.c | 7 | ||||
| -rw-r--r-- | utils/libtokencap/libtokencap.so.c | 18 |
28 files changed, 386 insertions, 81 deletions
diff --git a/GNUmakefile b/GNUmakefile index a64d511f..70299fc3 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -309,6 +309,17 @@ endif .PHONY: all all: test_x86 test_shm test_python ready $(PROGS) afl-as llvm gcc_plugin test_build all_done -$(MAKE) -C utils/aflpp_driver + @echo + @echo + @echo Build Summary: + @test -e afl-fuzz && echo "[+] afl-fuzz and supporting tools successfully built" || echo "[-] afl-fuzz could not be built, please set CC to a working compiler" + @test -e afl-llvm-pass.so && echo "[+] LLVM basic mode successfully built" || echo "[-] LLVM mode could not be build, please install at least llvm-11 and clang-11 or newer, see docs/INSTALL.md" + @test -e SanitizerCoveragePCGUARD.so && echo "[+] LLVM mode successfully built" || echo "[-] LLVM mode could not be build, please install at least llvm-11 and clang-11 or newer, see docs/INSTALL.md" + @test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode successfully built" || echo "[-] LLVM LTO mode could not be build, it is optional, if you want it, please install LLVM 11-14. More information at instrumentation/README.lto.md on how to build it" +ifneq "$(SYS)" "Darwin" + @test -e afl-gcc-pass.so && echo "[+] gcc_mode successfully built" || echo "[-] gcc_mode could not be built, it is optional, install gcc-VERSION-plugin-dev to enable this" +endif + @echo .PHONY: llvm llvm: @@ -674,6 +685,31 @@ endif -cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh endif endif + @echo + @echo + @echo Build Summary: + @test -e afl-fuzz && echo "[+] afl-fuzz and supporting tools successfully built" || echo "[-] afl-fuzz could not be built, please set CC to a working compiler" +ifneq "$(SYS)" "Darwin" +ifeq "$(ARCH)" "aarch64" + ifndef NO_CORESIGHT + @test -e afl-cs-proxy && echo "[+] coresight_mode successfully built" || echo "[-] coresight_mode could not be built, it is optional and experimental, see coresight_mode/README.md for what is needed" + endif +endif +ifeq "$(SYS)" "Linux" +ifndef NO_NYX + @test -e libnyx.so && echo "[+] nyx_mode successfully built" || echo "[-] nyx_mode could not be built, it is optional, see nyx_mode/README.md for what is needed" +endif +endif + @test -e afl-qemu-trace && echo "[+] qemu_mode successfully built" || echo "[-] qemu_mode could not be built, see docs/INSTALL.md for what is needed" + ifeq "$(ARCH)" "aarch64" + ifndef NO_UNICORN_ARM64 + @test -e unicorn_mode/unicornafl/build_python/libunicornafl.so && echo "[+] unicorn_mode successfully built" || echo "[-] unicorn_mode could not be built, it is optional, see unicorn_mode/README.md for what is needed" + endif + else + @test -e unicorn_mode/unicornafl/build_python/libunicornafl.so && echo "[+] unicorn_mode successfully built" || echo "[-] unicorn_mode could not be built, it is optional, see unicorn_mode/README.md for what is needed" + endif +endif + @echo .PHONY: source-only source-only: all @@ -689,6 +725,22 @@ ifndef NO_NYX -cd nyx_mode && ./build_nyx_support.sh endif endif + @echo + @echo + @echo Build Summary: + @test -e afl-fuzz && echo "[+] afl-fuzz and supporting tools successfully built" || echo "[-] afl-fuzz could not be built, please set CC to a working compiler" + @test -e afl-llvm-pass.so && echo "[+] LLVM basic mode successfully built" || echo "[-] LLVM mode could not be build, please install at least llvm-11 and clang-11 or newer, see docs/INSTALL.md" + @test -e SanitizerCoveragePCGUARD.so && echo "[+] LLVM mode successfully built" || echo "[-] LLVM mode could not be build, please install at least llvm-11 and clang-11 or newer, see docs/INSTALL.md" + @test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode successfully built" || echo "[-] LLVM LTO mode could not be build, it is optional, if you want it, please install LLVM 11-14. More information at instrumentation/README.lto.md on how to build it" +ifneq "$(SYS)" "Darwin" + test -e afl-gcc-pass.so && echo "[+] gcc_mode successfully built" || echo "[-] gcc_mode could not be built, it is optional, install gcc-VERSION-plugin-dev to enable this" +endif +ifeq "$(SYS)" "Linux" +ifndef NO_NYX + @test -e libnyx.so && echo "[+] nyx_mode successfully built" || echo "[-] nyx_mode could not be built, it is optional, see nyx_mode/README.md for what is needed" +endif +endif + @echo %.8: % @echo .TH $* 8 $(BUILD_DATE) "afl++" > $@ diff --git a/README.md b/README.md index 921fc0c6..a8b579d8 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Release version: [4.02c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.02c +GitHub version: 4.03a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/TODO.md b/TODO.md index c64c1236..99d2c419 100644 --- a/TODO.md +++ b/TODO.md @@ -2,7 +2,6 @@ ## Should - - makefiles should show provide a build summary success/failure - better documentation for custom mutators - better autodetection of shifting runtime timeout values - Update afl->pending_not_fuzzed for MOpt diff --git a/afl-cmin b/afl-cmin index 51835648..b170667a 100755 --- a/afl-cmin +++ b/afl-cmin @@ -291,6 +291,16 @@ BEGIN { target_bin = tnew } + if (0 == system ( "grep -aq AFL_DUMP_MAP_SIZE " target_bin )) { + echo "[!] Trying to obtain the map size of the target ..." + get_map_size = "AFL_DUMP_MAP_SIZE=1 " target_bin + get_map_size | getline mapsize + if (mapsize && mapsize > 65535 && mapsize < 100000000) { + AFL_MAP_SIZE = "AFL_MAP_SIZE="mapsize" " + print "[+] Setting "AFL_MAP_SIZE + } + } + if (!ENVIRON["AFL_SKIP_BIN_CHECK"] && !qemu_mode && !frida_mode && !unicorn_mode) { if (0 != system( "grep -q __AFL_SHM_ID "target_bin )) { print "[-] Error: binary '"target_bin"' doesn't appear to be instrumented." > "/dev/stderr" @@ -399,10 +409,10 @@ BEGIN { print "[*] Testing the target binary..." if (!stdin_file) { - system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"first_file"\"") + system(AFL_MAP_SIZE "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"first_file"\"") } else { system("cp \""in_dir"/"first_file"\" "stdin_file) - system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") + system(AFL_MAP_SIZE "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") } first_count = 0 @@ -435,11 +445,11 @@ BEGIN { if (!stdin_file) { print " Processing "in_count" files (forkserver mode)..." # print AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string - retval = system( AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string) + retval = system(AFL_MAP_SIZE AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string) } else { print " Processing "in_count" files (forkserver mode)..." # print AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null" - retval = system( AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") + retval = system(AFL_MAP_SIZE AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") } if (retval && !AFL_CMIN_CRASHES_ONLY) { diff --git a/afl-cmin.bash b/afl-cmin.bash index 9ac65199..d2218cd0 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -215,6 +215,15 @@ if [ ! -f "$TARGET_BIN" -o ! -x "$TARGET_BIN" ]; then fi +grep -aq AFL_DUMP_MAP_SIZE "./$TARGET_BIN" && { + echo "[!] Trying to obtain the map size of the target ..." + MAPSIZE=`AFL_DUMP_MAP_SIZE=1 "./$TARGET_BIN" 2>/dev/null` + test -n "$MAPSIZE" && { + export AFL_MAP_SIZE=$MAPSIZE + echo "[+] Setting AFL_MAP_SIZE=$MAPSIZE" + } +} + if [ "$AFL_SKIP_BIN_CHECK" = "" -a "$QEMU_MODE" = "" -a "$FRIDA_MODE" = "" -a "$UNICORN_MODE" = "" ]; then if ! grep -qF "__AFL_SHM_ID" "$TARGET_BIN"; then diff --git a/docs/Changelog.md b/docs/Changelog.md index 957f6206..842b727b 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,6 +8,25 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to <afl-users+subscribe@googlegroups.com>. +### Version ++4.03a (dev) + - Building now gives a build summary what succeeded and what not + - afl-fuzz: + - added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead + of calibrating all initial seeds first. Good for large queues + and long execution times, especially in CIs. + - default calibration cycles set to 7 from 8, and only add 5 cycles + to variables queue items instead of 12. + - afl-cc: + - better handling of -fsanitize=..,...,.. lists + - fix gcc_mode cmplog + - obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1 + note that this will exit the target before main() + - qemu_mode: + - added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable + edges (together with AFL_DEBUG=1 afl-fuzz). thanks to + worksbutnottested! + + ### Version ++4.02c (release) - afl-cc: - important fix for the default pcguard mode when LLVM IR vector @@ -22,7 +41,6 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - change post_process hook to allow returning NULL and 0 length to tell afl-fuzz to skip this mutated input - ### Version ++4.01c (release) - fixed */build_...sh scripts to work outside of git - new custom_mutator: libafl with token fuzzing :) diff --git a/docs/FAQ.md b/docs/FAQ.md index 1822e46b..4a9080f8 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -255,3 +255,18 @@ If you find an interesting or important question missing, submit it via Solution: `git pull ; make clean install` of AFL++. </p></details> + +<details> + <summary id="afl-map-size-warning">AFL++ map size warning.</summary><p> + + When you run a large instrumented program stand-alone or via afl-showmap + you might see a warning like the following: + + ``` + Warning: AFL++ tools might need to set AFL_MAP_SIZE to 223723 to be able to run this instrumented program if this crashes! + ``` + + Depending how the target works it might also crash afterwards. + + Solution: just do an `export AFL_MAP_SIZE=(the value in the warning)`. +</p></details> diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 4f2b7174..86ba916f 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -21,8 +21,8 @@ development state of AFL++. If you want to build AFL++ yourself, you have many options. The easiest choice is to build and install everything: -NOTE: depending on your Debian/Ubuntu/Kali/... version release `-12` with -whatever llvm version is available! +NOTE: depending on your Debian/Ubuntu/Kali/... release, replace `-12` with +whatever llvm version is available. We recommend llvm 12, 13 or 14. ```shell sudo apt-get update diff --git a/docs/env_variables.md b/docs/env_variables.md index 00948fc1..bb54357b 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -462,6 +462,9 @@ checks or alter some of the more exotic semantics of the tool: some basic stats. This behavior is also automatically triggered when the output from afl-fuzz is redirected to a file or to a pipe. + - Setting `AFL_NO_STARTUP_CALIBRATION` will skip the initial calibration + of all starting seeds, and start fuzzing at once. + - In QEMU mode (-Q) and FRIDA mode (-O), `AFL_PATH` will be searched for afl-qemu-trace and afl-frida-trace.so. diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index 37889137..92c9910b 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -626,6 +626,9 @@ from other fuzzers in the campaign first. If you have a large corpus, a corpus from a previous run or are fuzzing in a CI, then also set `export AFL_CMPLOG_ONLY_NEW=1` and `export AFL_FAST_CAL=1`. +If the queue in the CI is huge and/or the execution time is slow then you can +also add `AFL_NO_STARTUP_CALIBRATION=1` to skip the initial queue calibration +phase and start fuzzing at once. You can also use different fuzzers. If you are using AFL spinoffs or AFL conforming fuzzers, then just use the same -o directory and give it a unique @@ -902,6 +905,10 @@ complex file formats. Some notes on continuous integration (CI) fuzzing - this fuzzing is different to normal fuzzing campaigns as these are much shorter runnings. +If the queue in the CI is huge and/or the execution time is slow then you can +also add `AFL_NO_STARTUP_CALIBRATION=1` to skip the initial queue calibration +phase and start fuzzing at once. + 1. Always: * LTO has a much longer compile time which is diametrical to short fuzzing - hence use afl-clang-fast instead. diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 43b8932a..39c96d5b 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -32,7 +32,7 @@ CFLAGS+=-fPIC \ -ffunction-sections \ ifdef IS_ANDROID -CFLAGS+=-DANDROID +CFLAGS+=-DANDROID endif AFL_CFLAGS:=-Wno-unused-parameter \ @@ -47,7 +47,7 @@ LDFLAGS+= -static-libstdc++ \ -DANDROID \ -llog \ -shared -else +else LDFLAGS+=-shared \ -lpthread \ -lresolv @@ -103,7 +103,7 @@ endif LDFLAGS+= -z noexecstack \ -Wl,--gc-sections \ -Wl,--exclude-libs,ALL \ - -ldl + -ldl LDSCRIPT:=-Wl,--version-script=$(PWD)frida.map endif @@ -118,7 +118,7 @@ endif ifdef IS_ANDROID OS:=android ifdef IS_x86 - ARCH:=x86 + ARCH:=x86 endif ifdef IS_x86 ARCH:=x86_64 @@ -247,17 +247,17 @@ else ifeq "$(ARCH)" "arm64" CFLAGS+=-I $(FRIDA_DIR)build/frida_thin-$(OS)-$(ARCH)/include/frida-1.0 \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ + -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/capstone/ \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ ifeq "$(OS)" "android" - CFLAGS += -static-libstdc++ +CFLAGS += -static-libstdc++ endif else CFLAGS+=-I $(FRIDA_DIR)build/frida_thin-$(OS)-$(ARCH)/include/frida-1.0 \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ - -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ + -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/capstone/ \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ @@ -284,7 +284,7 @@ CFLAGS+=-I $(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/include/frida-1.0 \ -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \ - -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ + -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ ifeq "$(OS)" "android" CFLAGS += -static-libstdc++ diff --git a/frida_mode/src/module.c b/frida_mode/src/module.c index 4b6b2b3f..2e4a4175 100644 --- a/frida_mode/src/module.c +++ b/frida_mode/src/module.c @@ -77,7 +77,9 @@ static int on_dlclose(void *handle) { range = &g_array_index(ranges, gum_range_t, i); base = range->range.base_address; limit = base + range->range.size; - FVERBOSE("Reserving range: 0x%016lx, 0x%016lX", base, limit); + FVERBOSE("Reserving range: 0x%016" G_GINT64_MODIFIER + "x, 0x%016" G_GINT64_MODIFIER "X", + base, limit); mem = gum_memory_allocate(GSIZE_TO_POINTER(base), range->range.size, page_size, GUM_PAGE_NO_ACCESS); if (mem == NULL) { FATAL("Failed to allocate %p (%d)", mem, errno); } diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index 0f591508..864265e0 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -2,10 +2,17 @@ PWD:=$(shell pwd)/ ROOT:=$(PWD)../../../ BUILD_DIR:=$(PWD)build/ +LIBZ_BUILD_DIR:=$(BUILD_DIR)libz/ LIBPNG_BUILD_DIR:=$(BUILD_DIR)libpng/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ PNGTEST_BUILD_DIR:=$(BUILD_DIR)pngtest/ +LIBZ_FILE:=$(LIBZ_BUILD_DIR)zlib-1.2.12.tar.gz +LIBZ_URL:=http://www.zlib.net/zlib-1.2.12.tar.gz +LIBZ_DIR:=$(LIBZ_BUILD_DIR)zlib-1.2.12/ +LIBZ_PC:=$(ZLIB_DIR)zlib.pc +LIBZ_LIB:=$(LIBZ_DIR)libz.a + LIBPNG_FILE:=$(LIBPNG_BUILD_DIR)libpng-1.2.56.tar.gz LIBPNG_URL:=https://downloads.sourceforge.net/project/libpng/libpng12/older-releases/1.2.56/libpng-1.2.56.tar.gz LIBPNG_DIR:=$(LIBPNG_BUILD_DIR)libpng-1.2.56/ @@ -32,11 +39,16 @@ FRIDA_OUT:=$(BUILD_DIR)frida-out .PHONY: all clean qemu frida +ARCH?="" + all: $(TEST_BIN) make -C $(ROOT)frida_mode/ 32: - CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + CFLAGS="-m32" LDFLAGS="-m32" make $(TEST_BIN) + +arm: + ARCH="arm" CC="arm-linux-gnueabihf-gcc" CXX="arm-linux-gnueabihf-g++" make $(TEST_BIN) $(BUILD_DIR): mkdir -p $@ @@ -51,6 +63,8 @@ $(HARNESS_FILE): | $(HARNESS_BUILD_DIR) $(HARNESS_OBJ): $(HARNESS_FILE) $(CC) $(CFLAGS) $(LDFLAGS) -o $@ -c $< +harness: $(HARNESS_OBJ) + ######### PNGTEST ######## $(PNGTEST_BUILD_DIR): | $(BUILD_DIR) @@ -62,6 +76,34 @@ $(PNGTEST_FILE): | $(PNGTEST_BUILD_DIR) $(PNGTEST_OBJ): $(PNGTEST_FILE) | $(LIBPNG_DIR) $(CXX) $(CFLAGS) $(LDFLAGS) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< +pngtest: $(PNGTEST_OBJ) + +######### LIBZ ######## + +$(LIBZ_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBZ_FILE): | $(LIBZ_BUILD_DIR) + wget -O $@ $(LIBZ_URL) + +$(LIBZ_DIR): $(LIBZ_FILE) + tar zxvf $(LIBZ_FILE) -C $(LIBZ_BUILD_DIR) + +$(LIBZ_PC): | $(LIBZ_DIR) + cd $(LIBZ_DIR) && \ + CFLAGS="$(CFLAGS) -fPIC" \ + ./configure \ + --static \ + --archs="$(ARCH)" + +$(LIBZ_LIB): $(LIBZ_PC) + CFLAGS="$(CFLAGS) -fPIC" \ + make \ + -C $(LIBZ_DIR) \ + -j + +libz: $(LIBZ_LIB) + ######### LIBPNG ######## $(LIBPNG_BUILD_DIR): | $(BUILD_DIR) @@ -73,11 +115,21 @@ $(LIBPNG_FILE): | $(LIBPNG_BUILD_DIR) $(LIBPNG_DIR): $(LIBPNG_FILE) tar zxvf $(LIBPNG_FILE) -C $(LIBPNG_BUILD_DIR) -$(LIBPNG_MAKEFILE): | $(LIBPNG_DIR) - cd $(LIBPNG_DIR) && ./configure +$(LIBPNG_MAKEFILE): $(LIBZ_LIB) | $(LIBPNG_DIR) + cd $(LIBPNG_DIR) && \ + CFLAGS="$(CFLAGS) -I$(LIBZ_DIR)" \ + LDFLAGS="-L$(LIBZ_DIR)" \ + ./configure \ + --host="$(ARCH)" $(LIBPNG_LIB): $(LIBPNG_MAKEFILE) - make -C $(LIBPNG_DIR) + CFLAGS="$(CFLAGS) -I$(LIBZ_DIR)" \ + LDFLAGS="-L$(LIBZ_DIR)" \ + make \ + -C $(LIBPNG_DIR) \ + -j + +png: $(LIBPNG_LIB) ######### TEST ######## @@ -86,11 +138,21 @@ $(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) $(CFLAGS) \ $(LDFLAGS) \ -o $@ \ - $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ - -lz \ + $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) $(LIBZ_LIB) \ $(TEST_BIN_LDFLAGS) \ +test_bin: $(TEST_BIN) + +dowload: $(LIBZ_FILE) $(LIBPNG_FILE) $(HARNESS_FILE) $(PNGTEST_FILE) + clean: + rm -rf $(LIBZ_DIR) + rm -rf $(LIBPNG_DIR) + rm -f $(HARNESS_OBJ) + rm -f $(PNGTEST_OBJ) + rm -f $(TEST_BIN) + +clean_all: rm -rf $(BUILD_DIR) qemu: $(TEST_BIN) diff --git a/frida_mode/test/unstable/GNUmakefile b/frida_mode/test/unstable/GNUmakefile index ed91da40..59b49449 100644 --- a/frida_mode/test/unstable/GNUmakefile +++ b/frida_mode/test/unstable/GNUmakefile @@ -4,7 +4,7 @@ BUILD_DIR:=$(PWD)build/ UNSTABLE_DATA_DIR:=$(BUILD_DIR)in/ UNSTABLE_DATA_FILE:=$(UNSTABLE_DATA_DIR)in -UNSTABLE_BIN:=$(BUILD_DIR)unstable +TEST_BIN:=$(BUILD_DIR)unstable UNSTABLE_SRC:=$(PWD)unstable.c QEMU_OUT:=$(BUILD_DIR)qemu-out @@ -42,7 +42,7 @@ endif .PHONY: all 32 clean qemu frida -all: $(UNSTABLE_BIN) +all: $(TEST_BIN) make -C $(ROOT)frida_mode/ 32: @@ -57,14 +57,14 @@ $(UNSTABLE_DATA_DIR): | $(BUILD_DIR) $(UNSTABLE_DATA_FILE): | $(UNSTABLE_DATA_DIR) echo -n "000" > $@ -$(UNSTABLE_BIN): $(UNSTABLE_SRC) | $(BUILD_DIR) +$(TEST_BIN): $(UNSTABLE_SRC) | $(BUILD_DIR) $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< clean: rm -rf $(BUILD_DIR) -qemu: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) +qemu: $(TEST_BIN) $(UNSTABLE_DATA_FILE) AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ $(ROOT)afl-fuzz \ -D \ @@ -72,9 +72,9 @@ qemu: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) -i $(UNSTABLE_DATA_DIR) \ -o $(QEMU_OUT) \ -- \ - $(UNSTABLE_BIN) @@ + $(TEST_BIN) @@ -frida: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) +frida: $(TEST_BIN) $(UNSTABLE_DATA_FILE) AFL_DEBUG=1 \ AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_INST_TRACE_UNIQUE=1 \ @@ -85,9 +85,9 @@ frida: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) -i $(UNSTABLE_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(UNSTABLE_BIN) @@ + $(TEST_BIN) @@ -frida_coverage: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) +frida_coverage: $(TEST_BIN) $(UNSTABLE_DATA_FILE) AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_OUTPUT_STDOUT=/tmp/stdout.txt \ AFL_FRIDA_OUTPUT_STDERR=/tmp/stderr.txt \ @@ -98,9 +98,9 @@ frida_coverage: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) -i $(UNSTABLE_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(UNSTABLE_BIN) @@ + $(TEST_BIN) @@ -frida_unstable: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) +frida_unstable: $(TEST_BIN) $(UNSTABLE_DATA_FILE) AFL_DEBUG=1 \ AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_OUTPUT_STDOUT=/tmp/stdout.txt \ @@ -112,10 +112,10 @@ frida_unstable: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) -i $(UNSTABLE_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(UNSTABLE_BIN) @@ + $(TEST_BIN) @@ debug: gdb \ --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ --ex 'set disassembly-flavor intel' \ - --args $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) + --args $(TEST_BIN) $(UNSTABLE_DATA_FILE) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 061076ed..23c20cc4 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -386,7 +386,8 @@ typedef struct afl_env_vars { afl_bench_until_crash, afl_debug_child, afl_autoresume, afl_cal_fast, afl_cycle_schedules, afl_expand_havoc, afl_statsd, afl_cmplog_only_new, afl_exit_on_seed_issues, afl_try_affinity, afl_ignore_problems, - afl_keep_timeouts, afl_pizza_mode, afl_no_crash_readme; + afl_keep_timeouts, afl_pizza_mode, afl_no_crash_readme, + afl_no_startup_calibration; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, diff --git a/include/config.h b/include/config.h index d7a08428..1262668a 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.02c" +#define VERSION "++4.03a" /****************************************************** * * @@ -153,8 +153,9 @@ /* Number of calibration cycles per every new test case (and for test cases that show variable behavior): */ -#define CAL_CYCLES 8U -#define CAL_CYCLES_LONG 20U +#define CAL_CYCLES_FAST 3U +#define CAL_CYCLES 7U +#define CAL_CYCLES_LONG 12U /* Number of subsequent timeouts before abandoning an input file: */ diff --git a/include/envs.h b/include/envs.h index 52f2d09b..2204a100 100644 --- a/include/envs.h +++ b/include/envs.h @@ -165,6 +165,7 @@ static char *afl_environment_variables[] = { "AFL_NO_FORKSRV", "AFL_NO_UI", "AFL_NO_PYTHON", + "AFL_NO_STARTUP_CALIBRATION", "AFL_UNTRACER_FILE", "AFL_LLVM_USE_TRACE_PC", "AFL_MAP_SIZE", @@ -197,6 +198,7 @@ static char *afl_environment_variables[] = { "AFL_QEMU_INST_RANGES", "AFL_QEMU_EXCLUDE_RANGES", "AFL_QEMU_SNAPSHOT", + "AFL_QEMU_TRACK_UNSTABLE", "AFL_QUIET", "AFL_RANDOM_ALLOC_CANARY", "AFL_REAL_PATH", diff --git a/include/types.h b/include/types.h index 4a68b1b0..96ce78f8 100644 --- a/include/types.h +++ b/include/types.h @@ -57,7 +57,7 @@ typedef uint128_t u128; #define FS_OPT_SHDMEM_FUZZ 0x01000000 #define FS_OPT_NEWCMPLOG 0x02000000 #define FS_OPT_OLD_AFLPP_WORKAROUND 0x0f000000 -// FS_OPT_MAX_MAPSIZE is 8388608 = 0x800000 = 2^23 = 1 << 22 +// FS_OPT_MAX_MAPSIZE is 8388608 = 0x800000 = 2^23 = 1 << 23 #define FS_OPT_MAX_MAPSIZE ((0x00fffffeU >> 1) + 1) #define FS_OPT_GET_MAPSIZE(x) (((x & 0x00fffffe) >> 1) + 1) #define FS_OPT_SET_MAPSIZE(x) \ diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 97974c4a..1759898e 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -288,11 +288,18 @@ static void __afl_map_shm(void) { __afl_map_size = ++__afl_final_loc; // as we count starting 0 + if (getenv("AFL_DUMP_MAP_SIZE")) { + + printf("%u\n", __afl_map_size); + exit(-1); + + } + if (__afl_final_loc > MAP_SIZE) { char *ptr; u32 val = 0; - if ((ptr = getenv("AFL_MAP_SIZE")) != NULL) val = atoi(ptr); + if ((ptr = getenv("AFL_MAP_SIZE")) != NULL) { val = atoi(ptr); } if (val < __afl_final_loc) { if (__afl_final_loc > FS_OPT_MAX_MAPSIZE) { @@ -325,6 +332,15 @@ static void __afl_map_shm(void) { } + } else { + + if (getenv("AFL_DUMP_MAP_SIZE")) { + + printf("%u\n", MAP_SIZE); + exit(-1); + + } + } if (!id_str && __afl_area_ptr_dummy == __afl_area_initial) { diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index f39cb77e..d59a04e7 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -a120c3feb5 +12682ea816 diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl -Subproject a120c3feb573d4cade292cdeb7c1f6b1ce109ef +Subproject 12682ea8169604a6c0f9b2b36eaa53ff7dcc7fd diff --git a/src/afl-cc.c b/src/afl-cc.c index 6def3ee7..c0449e64 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -51,7 +51,7 @@ static u32 cc_par_cnt = 1; /* Param count, including argv0 */ static u8 clang_mode; /* Invoked as afl-clang*? */ static u8 llvm_fullpath[PATH_MAX]; static u8 instrument_mode, instrument_opt_mode, ngram_size, ctx_k, lto_mode; -static u8 compiler_mode, plusplus_mode, have_instr_env = 0; +static u8 compiler_mode, plusplus_mode, have_instr_env = 0, need_aflpplib = 0; static u8 have_gcc, have_llvm, have_gcc_plugin, have_lto, have_instr_list = 0; static u8 *lto_flag = AFL_CLANG_FLTO, *argvnull; static u8 debug; @@ -310,6 +310,71 @@ static u8 *find_object(u8 *obj, u8 *argv0) { } +void parse_fsanitize(char *string) { + + char *p, *ptr = string + strlen("-fsanitize="); + char *new = malloc(strlen(string) + 1); + char *tmp = malloc(strlen(ptr)); + u32 count = 0, len, ende = 0; + + if (!new || !tmp) { FATAL("could not aquire memory"); } + strcpy(new, "-fsanitize="); + + do { + + p = strchr(ptr, ','); + if (!p) { + + p = ptr + strlen(ptr) + 1; + ende = 1; + + } + + len = p - ptr; + if (len) { + + strncpy(tmp, ptr, len); + tmp[len] = 0; + // fprintf(stderr, "Found: %s\n", tmp); + ptr += len + 1; + if (*tmp) { + + u32 copy = 1; + if (!strcmp(tmp, "fuzzer")) { + + need_aflpplib = 1; + copy = 0; + + } else if (!strncmp(tmp, "fuzzer", 6)) { + + copy = 0; + + } + + if (copy) { + + if (count) { strcat(new, ","); } + strcat(new, tmp); + ++count; + + } + + } + + } else { + + ptr++; /*fprintf(stderr, "NO!\n"); */ + + } + + } while (!ende); + + strcpy(string, new); + // fprintf(stderr, "string: %s\n", string); + // fprintf(stderr, "new: %s\n", new); + +} + /* Copy argv to cc_params, making the necessary edits. */ static void edit_params(u32 argc, char **argv, char **envp) { @@ -433,13 +498,10 @@ static void edit_params(u32 argc, char **argv, char **envp) { alloc_printf("-fplugin=%s/afl-gcc-cmptrs-pass.so", obj_path); cc_params[cc_par_cnt++] = fplugin_arg; - } else { - - fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path); - cc_params[cc_par_cnt++] = fplugin_arg; - } + fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path); + cc_params[cc_par_cnt++] = fplugin_arg; cc_params[cc_par_cnt++] = "-fno-if-conversion"; cc_params[cc_par_cnt++] = "-fno-if-conversion2"; @@ -759,6 +821,8 @@ static void edit_params(u32 argc, char **argv, char **envp) { } + if (compiler_mode == GCC_PLUGIN && !strcmp(cur, "-pipe")) { continue; } + if (!strcmp(cur, "-z") || !strcmp(cur, "-Wl,-z")) { u8 *param = *(argv + 1); @@ -779,20 +843,35 @@ static void edit_params(u32 argc, char **argv, char **envp) { } - if ((!strncmp(cur, "-fsanitize=fuzzer-", strlen("-fsanitize=fuzzer-")) || - !strncmp(cur, "-fsanitize-coverage", strlen("-fsanitize-coverage"))) && - (strncmp(cur, "sanitize-coverage-allow", - strlen("sanitize-coverage-allow")) && - strncmp(cur, "sanitize-coverage-deny", - strlen("sanitize-coverage-deny")) && - instrument_mode != INSTRUMENT_LLVMNATIVE)) { + if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list=")) { + + have_instr_list = 1; + + } + + if (!strncmp(cur, "-fsanitize=", strlen("-fsanitize=")) && + strchr(cur, ',')) { + + parse_fsanitize(cur); + if (!cur || strlen(cur) <= strlen("-fsanitize=")) { continue; } + + } else if ((!strncmp(cur, "-fsanitize=fuzzer-", + + strlen("-fsanitize=fuzzer-")) || + !strncmp(cur, "-fsanitize-coverage", + strlen("-fsanitize-coverage"))) && + (strncmp(cur, "sanitize-coverage-allow", + strlen("sanitize-coverage-allow")) && + strncmp(cur, "sanitize-coverage-deny", + strlen("sanitize-coverage-deny")) && + instrument_mode != INSTRUMENT_LLVMNATIVE)) { if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); } continue; } - if (!strcmp(cur, "-fsanitize=fuzzer")) { + if (need_aflpplib || !strcmp(cur, "-fsanitize=fuzzer")) { u8 *afllib = find_object("libAFLDriver.a", argv[0]); @@ -823,7 +902,15 @@ static void edit_params(u32 argc, char **argv, char **envp) { } - continue; + if (need_aflpplib) { + + need_aflpplib = 0; + + } else { + + continue; + + } } @@ -831,9 +918,6 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32; if (!strcmp(cur, "-m64")) bit_mode = 64; - if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list=")) - have_instr_list = 1; - if (!strcmp(cur, "-fsanitize=address") || !strcmp(cur, "-fsanitize=memory")) asan_set = 1; diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 02d697ab..d8dbdfbe 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -795,8 +795,14 @@ void cull_queue(afl_state_t *afl) { u32 calculate_score(afl_state_t *afl, struct queue_entry *q) { - u32 avg_exec_us = afl->total_cal_us / afl->total_cal_cycles; - u32 avg_bitmap_size = afl->total_bitmap_size / afl->total_bitmap_entries; + u32 cal_cycles = afl->total_cal_cycles; + u32 bitmap_entries = afl->total_bitmap_entries; + + if (unlikely(!cal_cycles)) { cal_cycles = 1; } + if (unlikely(!bitmap_entries)) { bitmap_entries = 1; } + + u32 avg_exec_us = afl->total_cal_us / cal_cycles; + u32 avg_bitmap_size = afl->total_bitmap_size / bitmap_entries; u32 perf_score = 100; /* Adjust score based on execution speed of this path, compared to the diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index c0e72ae6..ee4a3298 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -363,7 +363,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, ++q->cal_failed; afl->stage_name = "calibration"; - afl->stage_max = afl->afl_env.afl_cal_fast ? 3 : CAL_CYCLES; + afl->stage_max = afl->afl_env.afl_cal_fast ? CAL_CYCLES_FAST : CAL_CYCLES; /* Make sure the forkserver is up before we do anything, and let's not count its spin-up time toward binary calibration. */ diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index ddfd4b31..0576f84f 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -265,6 +265,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_cmplog_only_new = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_NO_STARTUP_CALIBRATION", + + afl_environment_variable_len)) { + + afl->afl_env.afl_no_startup_calibration = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_NO_UI", afl_environment_variable_len)) { afl->afl_env.afl_no_ui = @@ -597,11 +604,7 @@ void read_afl_environment(afl_state_t *afl, char **envp) { } - if (afl->afl_env.afl_pizza_mode == 0) { - - afl->afl_env.afl_pizza_mode = 1; - - } else { + if (afl->afl_env.afl_pizza_mode) { afl->pizza_is_served = 1; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 2e151abb..1f0fcab1 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -273,6 +273,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n" "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n" "AFL_NO_SNAPSHOT: do not use the snapshot feature (if the snapshot lkm is loaded)\n" + "AFL_NO_STARTUP_CALIBRATION: no initial seed calibration, start fuzzing at once\n" "AFL_NO_UI: switch status screen off\n" DYN_COLOR @@ -2150,7 +2151,16 @@ int main(int argc, char **argv_orig, char **envp) { memset(afl->virgin_tmout, 255, map_size); memset(afl->virgin_crash, 255, map_size); - perform_dry_run(afl); + if (likely(!afl->afl_env.afl_no_startup_calibration)) { + + perform_dry_run(afl); + + } else { + + ACTF("skipping initial seed calibration due option override"); + usleep(1000); + + } if (afl->q_testcase_max_cache_entries) { @@ -2550,7 +2560,7 @@ stop_fuzzing: write_bitmap(afl); save_auto(afl); - if (afl->afl_env.afl_pizza_mode) { + if (afl->pizza_is_served) { SAYF(CURSOR_SHOW cLRD "\n\n+++ Baking aborted %s +++\n" cRST, afl->stop_soon == 2 ? "programmatically" : "by the chef"); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 4bcd1d59..07f30326 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -1240,7 +1240,12 @@ int main(int argc, char **argv_orig, char **envp) { u32 save_be_quiet = be_quiet; be_quiet = !debug; - fsrv->map_size = 4194304; // dummy temporary value + if (map_size > 4194304) { + fsrv->map_size = map_size; + } + else { + fsrv->map_size = 4194304; // dummy temporary value + } u32 new_map_size = afl_fsrv_get_mapsize(fsrv, use_argv, &stop_soon, (get_afl_env("AFL_DEBUG_CHILD") || diff --git a/utils/libtokencap/libtokencap.so.c b/utils/libtokencap/libtokencap.so.c index c69812a7..5dcb8f4c 100644 --- a/utils/libtokencap/libtokencap.so.c +++ b/utils/libtokencap/libtokencap.so.c @@ -354,7 +354,7 @@ static void __tokencap_dump(const u8 *ptr, size_t len, u8 is_text) { #undef strcmp -int strcmp(const char *str1, const char *str2) { +__attribute__((hot)) int strcmp(const char *str1, const char *str2) { if (__tokencap_is_ro(str1)) __tokencap_dump(str1, strlen(str1), 1); if (__tokencap_is_ro(str2)) __tokencap_dump(str2, strlen(str2), 1); @@ -378,7 +378,7 @@ int strcmp(const char *str1, const char *str2) { #undef strncmp -int strncmp(const char *str1, const char *str2, size_t len) { +__attribute__((hot)) int strncmp(const char *str1, const char *str2, size_t len) { if (__tokencap_is_ro(str1)) __tokencap_dump(str1, len, 1); if (__tokencap_is_ro(str2)) __tokencap_dump(str2, len, 1); @@ -404,7 +404,7 @@ int strncmp(const char *str1, const char *str2, size_t len) { #undef strcasecmp -int strcasecmp(const char *str1, const char *str2) { +__attribute__((hot)) int strcasecmp(const char *str1, const char *str2) { if (__tokencap_is_ro(str1)) __tokencap_dump(str1, strlen(str1), 1); if (__tokencap_is_ro(str2)) __tokencap_dump(str2, strlen(str2), 1); @@ -428,7 +428,7 @@ int strcasecmp(const char *str1, const char *str2) { #undef strncasecmp -int strncasecmp(const char *str1, const char *str2, size_t len) { +__attribute__((hot)) int strncasecmp(const char *str1, const char *str2, size_t len) { if (__tokencap_is_ro(str1)) __tokencap_dump(str1, len, 1); if (__tokencap_is_ro(str2)) __tokencap_dump(str2, len, 1); @@ -454,7 +454,7 @@ int strncasecmp(const char *str1, const char *str2, size_t len) { #undef memcmp -int memcmp(const void *mem1, const void *mem2, size_t len) { +__attribute__((hot)) int memcmp(const void *mem1, const void *mem2, size_t len) { if (__tokencap_is_ro(mem1)) __tokencap_dump(mem1, len, 0); if (__tokencap_is_ro(mem2)) __tokencap_dump(mem2, len, 0); @@ -481,7 +481,7 @@ int memcmp(const void *mem1, const void *mem2, size_t len) { #undef bcmp -int bcmp(const void *mem1, const void *mem2, size_t len) { +__attribute__((hot)) int bcmp(const void *mem1, const void *mem2, size_t len) { if (__tokencap_is_ro(mem1)) __tokencap_dump(mem1, len, 0); if (__tokencap_is_ro(mem2)) __tokencap_dump(mem2, len, 0); @@ -508,7 +508,7 @@ int bcmp(const void *mem1, const void *mem2, size_t len) { #undef strstr -char *strstr(const char *haystack, const char *needle) { +__attribute__((hot)) char *strstr(const char *haystack, const char *needle) { if (__tokencap_is_ro(haystack)) __tokencap_dump(haystack, strlen(haystack), 1); @@ -537,7 +537,7 @@ char *strstr(const char *haystack, const char *needle) { #undef strcasestr -char *strcasestr(const char *haystack, const char *needle) { +__attribute__((hot)) char *strcasestr(const char *haystack, const char *needle) { if (__tokencap_is_ro(haystack)) __tokencap_dump(haystack, strlen(haystack), 1); @@ -566,7 +566,7 @@ char *strcasestr(const char *haystack, const char *needle) { #undef memmem -void *memmem(const void *haystack, size_t haystack_len, const void *needle, +__attribute__((hot)) void *memmem(const void *haystack, size_t haystack_len, const void *needle, size_t needle_len) { if (__tokencap_is_ro(haystack)) __tokencap_dump(haystack, haystack_len, 1); |