diff options
| -rw-r--r-- | docs/Changelog.md | 4 | ||||
| -rw-r--r-- | include/config.h | 2 | ||||
| -rw-r--r-- | libdislocator/libdislocator.so.c | 14 | ||||
| -rw-r--r-- | libtokencap/Makefile | 13 | ||||
| -rw-r--r-- | libtokencap/libtokencap.so.c | 40 | ||||
| -rw-r--r-- | llvm_mode/compare-transform-pass.so.cc | 2 | ||||
| -rw-r--r-- | src/afl-analyze.c | 29 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 29 | ||||
| -rw-r--r-- | src/afl-showmap.c | 29 | ||||
| -rw-r--r-- | src/afl-tmin.c | 29 |
10 files changed, 169 insertions, 22 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index afb9dea6..57b2b4a2 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,6 +9,10 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to <afl-users+subscribe@googlegroups.com>. +### Version ++2.66d (devel) + - ... ? + + ### Version ++2.66c (release) - renamed the main branch on Github to "stable" - renamed master/slave to main/secondary diff --git a/include/config.h b/include/config.h index e8f52f45..7de74009 100644 --- a/include/config.h +++ b/include/config.h @@ -28,7 +28,7 @@ /* Version string: */ // c = release, d = volatile github dev, e = experimental branch -#define VERSION "++2.66c" +#define VERSION "++2.66d" /****************************************************** * * diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index 7a70fd15..b93f43c1 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -166,7 +166,7 @@ static u32 alloc_canary; static void *__dislocator_alloc(size_t len) { - u8 * ret; + u8 * ret, *base; size_t tlen; int flags, fd, sp; @@ -189,6 +189,7 @@ static void *__dislocator_alloc(size_t len) { /* We will also store buffer length and a canary below the actual buffer, so let's add 8 bytes for that. */ + base = NULL; tlen = (1 + PG_COUNT(rlen + 8)) * PAGE_SIZE; flags = MAP_PRIVATE | MAP_ANONYMOUS; fd = -1; @@ -201,12 +202,19 @@ static void *__dislocator_alloc(size_t len) { if (sp) flags |= MAP_HUGETLB; #elif defined(__FreeBSD__) if (sp) flags |= MAP_ALIGNED_SUPER; + #elif defined(__sun) + if (sp) { + + base = (void *)(caddr_t)(1<<21); + flags |= MAP_ALIGN; + + } #endif #else (void)sp; #endif - ret = (u8 *)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); + ret = (u8 *)mmap(base, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); #if defined(USEHUGEPAGE) /* We try one more time with regular call */ if (ret == MAP_FAILED) { @@ -217,6 +225,8 @@ static void *__dislocator_alloc(size_t len) { flags &= -MAP_HUGETLB; #elif defined(__FreeBSD__) flags &= -MAP_ALIGNED_SUPER; + #elif defined(__sun) + flags &= -MAP_ALIGN; #endif ret = (u8 *)mmap(NULL, tlen, PROT_READ | PROT_WRITE, flags, fd, 0); diff --git a/libtokencap/Makefile b/libtokencap/Makefile index 63b87bb0..8bdfa5ac 100644 --- a/libtokencap/Makefile +++ b/libtokencap/Makefile @@ -35,13 +35,14 @@ _UNIQ=_QINU_ _____OS_DL = $(____OS_DL:$(_UNIQ)$(UNAME_S)=) ______OS_DL = $(_____OS_DL:$(_UNIQ)="-ldl") - _OS_TARGET = $(____OS_DL:$(_UNIQ)FreeBSD=$(_UNIQ)) - __OS_TARGET = $(_OS_TARGET:$(_UNIQ)OpenBSD=$(_UNIQ)) - ___OS_TARGET = $(__OS_TARGET:$(_UNIQ)NetBSD=$(_UNIQ)) - ____OS_TARGET = $(___OS_TARGET:$(_UNIQ)Haiku=$(_UNIQ)) -_____OS_TARGET = $(___OS_TARGET:$(_UNIQ)$(UNAME_S)=) + _OS_TARGET = $(____OS_DL:$(_UNIQ)FreeBSD=$(_UNIQ)) + __OS_TARGET = $(_OS_TARGET:$(_UNIQ)OpenBSD=$(_UNIQ)) + ___OS_TARGET = $(__OS_TARGET:$(_UNIQ)NetBSD=$(_UNIQ)) + ____OS_TARGET = $(___OS_TARGET:$(_UNIQ)Haiku=$(_UNIQ)) + _____OS_TARGET = $(____OS_TARGET:$(_UNIQ)SunOS=$(_UNIQ)) +______OS_TARGET = $(____OS_TARGET:$(_UNIQ)$(UNAME_S)=) -TARGETS = $(____OS_TARGET:$(_UNIQ)=libtokencap.so) +TARGETS = $(_____OS_TARGET:$(_UNIQ)=libtokencap.so) LDFLAGS += $(______OS_DL) diff --git a/libtokencap/libtokencap.so.c b/libtokencap/libtokencap.so.c index 600d2a5d..baf9fae6 100644 --- a/libtokencap/libtokencap.so.c +++ b/libtokencap/libtokencap.so.c @@ -35,7 +35,7 @@ #if !defined __linux__ && !defined __APPLE__ && !defined __FreeBSD__ && \ !defined __OpenBSD__ && !defined __NetBSD__ && !defined __DragonFly__ && \ - !defined(__HAIKU__) + !defined(__HAIKU__) && !defined(__sun) #error "Sorry, this library is unsupported in this platform for now!" #endif /* !__linux__ && !__APPLE__ && ! __FreeBSD__ && ! __OpenBSD__ && \ !__NetBSD__*/ @@ -52,6 +52,10 @@ #include <sys/mman.h> #elif defined __HAIKU__ #include <kernel/image.h> +#elif defined __sun + /* For map addresses the old struct is enough */ + #include <sys/procfs.h> + #include <limits.h> #endif #include <dlfcn.h> @@ -237,6 +241,8 @@ static void __tokencap_load_mappings(void) { image_info ii; int32_t group = 0; + __tokencap_ro_loaded = 1; + while (get_next_image_info(0, &group, &ii) == B_OK) { __tokencap_ro[__tokencap_ro_cnt].st = ii.text; @@ -246,6 +252,38 @@ static void __tokencap_load_mappings(void) { } +#elif defined __sun + prmap_t *c, *map; + char path[PATH_MAX]; + ssize_t r; + size_t hint; + int fd; + + snprintf(path, sizeof(path), "/proc/%ld/map", getpid()); + fd = open(path, O_RDONLY); + hint = (1 << 20); + map = malloc(hint); + + __tokencap_ro_loaded = 1; + + for (; (r = pread(fd, map, hint, 0)) == hint; ) { + + hint <<= 1; + map = realloc(map, hint); + + } + + for (c = map; r > 0; c++ , r -= sizeof(prmap_t)) { + + __tokencap_ro[__tokencap_ro_cnt].st = c->pr_vaddr; + __tokencap_ro[__tokencap_ro_cnt].en = c->pr_vaddr + c->pr_size; + + if (++__tokencap_ro_cnt == MAX_MAPPINGS) break; + + } + + free(map); + close(fd); #endif } diff --git a/llvm_mode/compare-transform-pass.so.cc b/llvm_mode/compare-transform-pass.so.cc index 2d1ab1cc..5119d656 100644 --- a/llvm_mode/compare-transform-pass.so.cc +++ b/llvm_mode/compare-transform-pass.so.cc @@ -475,7 +475,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, IRBuilder<> cur_lenchk_IRB(&*(cur_lenchk_bb->getFirstInsertionPt())); Value * icmp = cur_lenchk_IRB.CreateICmpEQ(sizedValue, - ConstantInt::get(Int64Ty, i)); + ConstantInt::get(sizedValue->getType(), i)); cur_lenchk_IRB.CreateCondBr(icmp, end_bb, cur_cmp_bb); cur_lenchk_bb->getTerminator()->eraseFromParent(); diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 56284f6f..e6dd0fca 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -772,15 +772,38 @@ static void set_up_environment(void) { setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" + "allocator_may_return_null=1:" "symbolize=0:" - "allocator_may_return_null=1", + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", + 0); + + setenv("UBSAN_OPTIONS", + "halt_on_error=1:" + "abort_on_error=1:" + "malloc_context_size=0:" + "allocator_may_return_null=1:" + "symbolize=0:" + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", 0); setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":" - "symbolize=0:" "abort_on_error=1:" + "msan_track_origins=0" "allocator_may_return_null=1:" - "msan_track_origins=0", 0); + "symbolize=0:" + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", 0); if (get_afl_env("AFL_PRELOAD")) { diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 419ce28e..47493eba 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -434,7 +434,27 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, "detect_leaks=0:" "malloc_context_size=0:" "symbolize=0:" - "allocator_may_return_null=1", + "allocator_may_return_null=1:" + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", + 0); + + /* Set sane defaults for UBSAN if nothing else specified. */ + + setenv("UBSAN_OPTIONS", + "halt_on_error=1:" + "abort_on_error=1:" + "malloc_context_size=0:" + "allocator_may_return_null=1:" + "symbolize=0:" + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", 0); /* MSAN is tricky, because it doesn't support abort_on_error=1 at this @@ -446,7 +466,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, "abort_on_error=1:" "malloc_context_size=0:" "allocator_may_return_null=1:" - "msan_track_origins=0", + "msan_track_origins=0:" + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", 0); fsrv->init_child_func(fsrv, argv); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 883398ff..71e975a1 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -456,15 +456,38 @@ static void set_up_environment(afl_forkserver_t *fsrv) { setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" + "allocator_may_return_null=1:" "symbolize=0:" - "allocator_may_return_null=1", + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", + 0); + + setenv("UBSAN_OPTIONS", + "halt_on_error=1:" + "abort_on_error=1:" + "malloc_context_size=0:" + "allocator_may_return_null=1:" + "symbolize=0:" + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", 0); setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":" - "symbolize=0:" "abort_on_error=1:" + "msan_track_origins=0" "allocator_may_return_null=1:" - "msan_track_origins=0", 0); + "symbolize=0:" + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", 0); if (get_afl_env("AFL_PRELOAD")) { diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 2db1eae7..68fcdd14 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -701,15 +701,38 @@ static void set_up_environment(afl_forkserver_t *fsrv) { setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" + "allocator_may_return_null=1:" "symbolize=0:" - "allocator_may_return_null=1", + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", + 0); + + setenv("UBSAN_OPTIONS", + "halt_on_error=1:" + "abort_on_error=1:" + "malloc_context_size=0:" + "allocator_may_return_null=1:" + "symbolize=0:" + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", 0); setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":" - "symbolize=0:" "abort_on_error=1:" + "msan_track_origins=0" "allocator_may_return_null=1:" - "msan_track_origins=0", 0); + "symbolize=0:" + "handle_segv=0:" + "handle_sigbus=0:" + "handle_abort=0:" + "handle_sigfpe=0:" + "handle_sigill=0", 0); if (get_afl_env("AFL_PRELOAD")) { |