aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/Changelog.md2
-rw-r--r--include/common.h4
-rw-r--r--instrumentation/afl-compiler-rt.o.c18
-rw-r--r--qemu_mode/QEMUAFL_VERSION2
m---------qemu_mode/qemuafl0
-rw-r--r--src/afl-analyze.c4
-rw-r--r--src/afl-common.c75
-rw-r--r--src/afl-fuzz-init.c19
-rw-r--r--src/afl-fuzz-stats.c2
-rw-r--r--src/afl-showmap.c4
-rw-r--r--src/afl-tmin.c4
11 files changed, 94 insertions, 40 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 5287d038..25c1f6bc 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -20,7 +20,7 @@
- better sanitizer default options support for all tools
- unicorn_mode: updated and minor issues fixed
- frida_mode: fix issue on MacOS
- - more minor fixes
+ - more minor fixes and cross-platform support
### Version ++4.05c (release)
- MacOS: libdislocator, libtokencap etc. do not work with modern
diff --git a/include/common.h b/include/common.h
index c5a32cdb..0958b035 100644
--- a/include/common.h
+++ b/include/common.h
@@ -143,5 +143,9 @@ FILE *create_ffile(u8 *fn);
/* create a file */
s32 create_file(u8 *fn);
+/* memmem implementation as not all platforms support this */
+void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle,
+ size_t needlelen);
+
#endif
diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c
index 94022a65..a88396d4 100644
--- a/instrumentation/afl-compiler-rt.o.c
+++ b/instrumentation/afl-compiler-rt.o.c
@@ -1622,17 +1622,23 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) {
}
- if (__afl_already_initialized_shm && __afl_final_loc > __afl_map_size) {
+ if (__afl_already_initialized_shm) {
- if (__afl_debug) {
+ if (__afl_final_loc > __afl_map_size) {
+
+ if (__afl_debug) {
+
+ fprintf(stderr, "Reinit shm necessary (+%u)\n",
+ __afl_final_loc - __afl_map_size);
+
+ }
- fprintf(stderr, "Reinit shm necessary (+%u)\n",
- __afl_final_loc - __afl_map_size);
+ __afl_unmap_shm();
+ __afl_map_shm();
}
- __afl_unmap_shm();
- __afl_map_shm();
+ __afl_map_size = __afl_final_loc + 1;
}
diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION
index 39e41f79..3ee92cd5 100644
--- a/qemu_mode/QEMUAFL_VERSION
+++ b/qemu_mode/QEMUAFL_VERSION
@@ -1 +1 @@
-74c583b11a
+5d0a7434f7
diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl
-Subproject 74c583b11ac508b90660723da7ee9ff7ff77ee9
+Subproject 5d0a7434f7ca9c45175492d5819c2594bac7208
diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index d4a9aa91..548956d8 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -725,7 +725,11 @@ static void setup_signal_handlers(void) {
struct sigaction sa;
sa.sa_handler = NULL;
+#ifdef SA_RESTART
sa.sa_flags = SA_RESTART;
+#else
+ sa.sa_flags = 0;
+#endif
sa.sa_sigaction = NULL;
sigemptyset(&sa.sa_mask);
diff --git a/src/afl-common.c b/src/afl-common.c
index d83130b4..86226c9f 100644
--- a/src/afl-common.c
+++ b/src/afl-common.c
@@ -58,6 +58,25 @@ u8 last_intr = 0;
#define AFL_PATH "/usr/local/lib/afl/"
#endif
+void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle,
+ size_t needlelen) {
+
+ if (unlikely(needlelen > haystacklen)) { return NULL; }
+
+ for (u32 i = 0; i <= haystacklen - needlelen; ++i) {
+
+ if (unlikely(memcmp(haystack + i, needle, needlelen) == 0)) {
+
+ return (void *)(haystack + i);
+
+ }
+
+ }
+
+ return (void *)NULL;
+
+}
+
void set_sanitizer_defaults() {
/* Set sane defaults for ASAN if nothing else is specified. */
@@ -66,23 +85,44 @@ void set_sanitizer_defaults() {
u8 *have_msan_options = getenv("MSAN_OPTIONS");
u8 *have_lsan_options = getenv("LSAN_OPTIONS");
u8 have_san_options = 0;
+ u8 default_options[1024] =
+ "detect_odr_violation=0:abort_on_error=1:symbolize=0:allocator_may_"
+ "return_null=1:handle_segv=0:handle_sigbus=0:handle_abort=0:handle_"
+ "sigfpe=0:handle_sigill=0:";
+
if (have_asan_options || have_ubsan_options || have_msan_options ||
- have_lsan_options)
+ have_lsan_options) {
+
have_san_options = 1;
- u8 default_options[1024] =
- "detect_odr_violation=0:abort_on_error=1:symbolize=0:malloc_context_"
- "size=0:allocator_may_return_null=1:handle_segv=0:handle_sigbus=0:"
- "handle_abort=0:handle_sigfpe=0:handle_sigill=0:";
- if (!have_lsan_options) strcat(default_options, "detect_leaks=0:");
+ }
+
+ /* LSAN does not support abort_on_error=1. (is this still true??) */
+
+ if (!have_lsan_options) {
+
+ u8 buf[2048] = "";
+ if (!have_san_options) { strcpy(buf, default_options); }
+ strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=1:malloc_context_size=30:");
+ setenv("LSAN_OPTIONS", buf, 1);
+
+ }
+
+ /* for everything not LSAN we disable detect_leaks */
+
+ if (!have_lsan_options) {
+
+ strcat(default_options, "detect_leaks=0:malloc_context_size=0:");
+
+ }
/* Set sane defaults for ASAN if nothing else is specified. */
- if (!have_san_options) setenv("ASAN_OPTIONS", default_options, 1);
+ if (!have_san_options) { setenv("ASAN_OPTIONS", default_options, 1); }
/* Set sane defaults for UBSAN if nothing else is specified. */
- if (!have_san_options) setenv("UBSAN_OPTIONS", default_options, 1);
+ if (!have_san_options) { setenv("UBSAN_OPTIONS", default_options, 1); }
/* MSAN is tricky, because it doesn't support abort_on_error=1 at this
point. So, we do this in a very hacky way. */
@@ -90,25 +130,12 @@ void set_sanitizer_defaults() {
if (!have_msan_options) {
u8 buf[2048] = "";
- if (!have_san_options) strcpy(buf, default_options);
+ if (!have_san_options) { strcpy(buf, default_options); }
strcat(buf, "exit_code=" STRINGIFY(MSAN_ERROR) ":msan_track_origins=0:");
setenv("MSAN_OPTIONS", buf, 1);
}
- /* LSAN, too, does not support abort_on_error=1. (is this still true??) */
-
- if (!have_lsan_options) {
-
- u8 buf[2048] = "";
- if (!have_san_options) strcpy(buf, default_options);
- strcat(buf,
- "exitcode=" STRINGIFY(
- LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:");
- setenv("LSAN_OPTIONS", buf, 1);
-
- }
-
/* Envs for QASan */
setenv("QASAN_MAX_CALL_STACK", "0", 0);
setenv("QASAN_SYMBOLIZE", "0", 0);
@@ -126,7 +153,7 @@ u32 check_binary_signatures(u8 *fn) {
if (f_data == MAP_FAILED) { PFATAL("Unable to mmap file '%s'", fn); }
close(fd);
- if (memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) {
+ if (afl_memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) {
if (!be_quiet) { OKF(cPIN "Persistent mode binary detected."); }
setenv(PERSIST_ENV_VAR, "1", 1);
@@ -151,7 +178,7 @@ u32 check_binary_signatures(u8 *fn) {
}
- if (memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) {
+ if (afl_memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) {
if (!be_quiet) { OKF(cPIN "Deferred forkserver binary detected."); }
setenv(DEFER_ENV_VAR, "1", 1);
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index c20965b4..01d1e82e 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -24,7 +24,9 @@
*/
#include "afl-fuzz.h"
+#include "common.h"
#include <limits.h>
+#include <string.h>
#include "cmplog.h"
#ifdef HAVE_AFFINITY
@@ -2786,7 +2788,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
!afl->fsrv.nyx_mode &&
#endif
!afl->fsrv.cs_mode && !afl->non_instrumented_mode &&
- !memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) {
+ !afl_memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) {
SAYF("\n" cLRD "[-] " cRST
"Looks like the target binary is not instrumented! The fuzzer depends "
@@ -2817,7 +2819,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
}
if ((afl->fsrv.cs_mode || afl->fsrv.qemu_mode || afl->fsrv.frida_mode) &&
- memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) {
+ afl_memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) {
SAYF("\n" cLRD "[-] " cRST
"This program appears to be instrumented with afl-gcc, but is being "
@@ -2830,9 +2832,9 @@ void check_binary(afl_state_t *afl, u8 *fname) {
}
- if (memmem(f_data, f_len, "__asan_init", 11) ||
- memmem(f_data, f_len, "__msan_init", 11) ||
- memmem(f_data, f_len, "__lsan_init", 11)) {
+ if (afl_memmem(f_data, f_len, "__asan_init", 11) ||
+ afl_memmem(f_data, f_len, "__msan_init", 11) ||
+ afl_memmem(f_data, f_len, "__lsan_init", 11)) {
afl->fsrv.uses_asan = 1;
@@ -2840,7 +2842,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
/* Detect persistent & deferred init signatures in the binary. */
- if (memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) {
+ if (afl_memmem(f_data, f_len, PERSIST_SIG, strlen(PERSIST_SIG) + 1)) {
OKF(cPIN "Persistent mode binary detected.");
setenv(PERSIST_ENV_VAR, "1", 1);
@@ -2867,7 +2869,7 @@ void check_binary(afl_state_t *afl, u8 *fname) {
}
if (afl->fsrv.frida_mode ||
- memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) {
+ afl_memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) {
OKF(cPIN "Deferred forkserver binary detected.");
setenv(DEFER_ENV_VAR, "1", 1);
@@ -2923,8 +2925,11 @@ void setup_signal_handlers(void) {
struct sigaction sa;
+ memset((void *)&sa, 0, sizeof(sa));
sa.sa_handler = NULL;
+#ifdef SA_RESTART
sa.sa_flags = SA_RESTART;
+#endif
sa.sa_sigaction = NULL;
sigemptyset(&sa.sa_mask);
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index 65caf5ee..f53fd610 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -62,7 +62,7 @@ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) {
if (memchr(argv[i], '\'', strlen(argv[i]))) {
#else
- if (index(argv[i], '\'')) {
+ if (strchr(argv[i], '\'')) {
#endif
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 1e281d08..29abeb13 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -654,7 +654,11 @@ static void setup_signal_handlers(void) {
struct sigaction sa;
sa.sa_handler = NULL;
+#ifdef SA_RESTART
sa.sa_flags = SA_RESTART;
+#else
+ sa.sa_flags = 0;
+#endif
sa.sa_sigaction = NULL;
sigemptyset(&sa.sa_mask);
diff --git a/src/afl-tmin.c b/src/afl-tmin.c
index 12c5e0c9..c0087f5f 100644
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@@ -743,7 +743,11 @@ static void setup_signal_handlers(void) {
struct sigaction sa;
sa.sa_handler = NULL;
+#ifdef SA_RESTART
sa.sa_flags = SA_RESTART;
+#else
+ sa.sa_flags = 0;
+#endif
sa.sa_sigaction = NULL;
sigemptyset(&sa.sa_mask);
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-15 21:47:04 +0000