aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/envs.h1
-rw-r--r--instrumentation/afl-compiler-rt.o.c10
-rw-r--r--src/afl-common.c6
-rw-r--r--utils/aflpp_driver/aflpp_driver.c10
4 files changed, 20 insertions, 7 deletions
diff --git a/include/envs.h b/include/envs.h
index e92bee2a..cfd73b68 100644
--- a/include/envs.h
+++ b/include/envs.h
@@ -50,6 +50,7 @@ static char *afl_environment_variables[] = {
"AFL_FAST_CAL",
"AFL_FORCE_UI",
"AFL_FUZZER_ARGS", // oss-fuzz
+ "AFL_GDB",
"AFL_GCC_ALLOWLIST",
"AFL_GCC_DENYLIST",
"AFL_GCC_BLOCKLIST",
diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c
index cca38cd0..32dbc53d 100644
--- a/instrumentation/afl-compiler-rt.o.c
+++ b/instrumentation/afl-compiler-rt.o.c
@@ -1730,18 +1730,18 @@ __attribute__((weak)) void *__asan_region_is_poisoned(void *beg, size_t size) {
// to avoid to call it on .text addresses
static int area_is_valid(void *ptr, size_t len) {
- if (unlikely(__asan_region_is_poisoned(ptr, len))) { return 0; }
+ if (unlikely(!ptr || __asan_region_is_poisoned(ptr, len))) { return 0; }
- long r = syscall(__afl_dummy_fd[1], SYS_write, ptr, len);
+ long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len);
if (unlikely(r <= 0 || r > len)) { // fail - maybe hitting asan boundary?
char *p = (char *)ptr;
long page_size = sysconf(_SC_PAGE_SIZE);
char *page = (char *)((uintptr_t)p & ~(page_size - 1)) + page_size;
- if (page < p + len) { return 0; } // no isnt, return fail
- len -= (p + len - page);
- r = syscall(__afl_dummy_fd[1], SYS_write, p, len);
+ if (page >= p + len) { return 0; } // no isnt, return fail
+ len = page - p - len;
+ r = syscall(SYS_write, __afl_dummy_fd[1], p, len);
}
diff --git a/src/afl-common.c b/src/afl-common.c
index bfb05a67..27b63434 100644
--- a/src/afl-common.c
+++ b/src/afl-common.c
@@ -150,10 +150,12 @@ void argv_cpy_free(char **argv) {
char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
if (unlikely(getenv("AFL_QEMU_CUSTOM_BIN"))) {
+
WARNF(
- "AFL_QEMU_CUSTOM_BIN is enabled. "
- "You must run your target under afl-qemu-trace on your own!");
+ "AFL_QEMU_CUSTOM_BIN is enabled. "
+ "You must run your target under afl-qemu-trace on your own!");
return argv;
+
}
if (!unlikely(own_loc)) { FATAL("BUG: param own_loc is NULL"); }
diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c
index 9c97607c..f0f3a47d 100644
--- a/utils/aflpp_driver/aflpp_driver.c
+++ b/utils/aflpp_driver/aflpp_driver.c
@@ -208,6 +208,16 @@ int main(int argc, char **argv) {
"======================================================\n",
argv[0], argv[0]);
+ if (getenv("AFL_GDB")) {
+
+ char cmd[64];
+ snprintf(cmd, sizeof(cmd), "cat /proc/%d/maps", getpid());
+ system(cmd);
+ fprintf(stderr, "DEBUG: aflpp_driver pid is %d\n", getpid());
+ sleep(1);
+
+ }
+
output_file = stderr;
maybe_duplicate_stderr();
maybe_close_fd_mask();
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-20 12:11:36 +0000