diff options
| -rw-r--r-- | GNUmakefile | 15 | ||||
| -rw-r--r-- | docs/Changelog.md | 2 | ||||
| -rw-r--r-- | gcc_plugin/GNUmakefile | 2 | ||||
| -rw-r--r-- | gcc_plugin/Makefile | 2 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 8 | ||||
| -rw-r--r-- | libtokencap/Makefile | 2 | ||||
| -rw-r--r-- | llvm_mode/GNUmakefile | 7 | ||||
| -rw-r--r-- | llvm_mode/afl-clang-fast.c | 8 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-common.cc | 8 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-lto-instrumentation.so.cc | 8 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 2 | ||||
| -rw-r--r-- | llvm_mode/split-compares-pass.so.cc | 8 | ||||
| -rw-r--r-- | qemu_mode/libcompcov/Makefile | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 11 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 2 |
15 files changed, 53 insertions, 34 deletions
diff --git a/GNUmakefile b/GNUmakefile index edabf995..c0614d4d 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -24,7 +24,7 @@ BIN_PATH = $(PREFIX)/bin HELPER_PATH = $(PREFIX)/lib/afl DOC_PATH = $(PREFIX)/share/doc/afl MISC_PATH = $(PREFIX)/share/afl -MAN_PATH = $(PREFIX)/man/man8 +MAN_PATH = $(PREFIX)/share/man/man8 PROGNAME = afl VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f2) @@ -33,7 +33,7 @@ VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f PROGS = afl-gcc afl-fuzz afl-showmap afl-tmin afl-gotcpu afl-analyze SH_PROGS = afl-plot afl-cmin afl-cmin.bash afl-whatsup afl-system-config -MANPAGES=$(foreach p, $(PROGS) $(SH_PROGS), $(p).8) afl-as.8 +MANPAGES=$(foreach p, $(PROGS) $(SH_PROGS), $(p).8) afl-as.8 afl-g++.8 ASAN_OPTIONS=detect_leaks=0 ifeq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" "" @@ -62,7 +62,10 @@ ifneq "$(shell uname)" "Darwin" endif endif # OS X does not like _FORTIFY_SOURCE=2 - CFLAGS_OPT += -D_FORTIFY_SOURCE=2 + # _FORTIFY_SOURCE=2 does not like -O0 + ifndef DEBUG + CFLAGS_OPT += -D_FORTIFY_SOURCE=2 + endif endif ifeq "$(shell uname)" "SunOS" @@ -204,7 +207,10 @@ else endif ifneq "$(filter Linux GNU%,$(shell uname))" "" + # _FORTIFY_SOURCE=2 does not like -O0 + ifndef DEBUG override CFLAGS += -D_FORTIFY_SOURCE=2 + endif LDFLAGS += -ldl -lrt endif @@ -566,7 +572,8 @@ source-only: all %.8: % @echo .TH $* 8 $(BUILD_DATE) "afl++" > $@ @echo .SH NAME >> $@ - @echo .B $* >> $@ + @echo -n ".B $* \- " >> $@ + @./$* -h 2>&1 | head -n 1 | sed -e "s/$$(printf '\e')[^m]*m//g" >> $@ @echo >> $@ @echo .SH SYNOPSIS >> $@ @./$* -h 2>&1 | head -n 3 | tail -n 1 | sed 's/^\.\///' >> $@ diff --git a/docs/Changelog.md b/docs/Changelog.md index 45fbd528..cb6e14b8 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -416,7 +416,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - big code refactoring: * all includes are now in include/ * all afl sources are now in src/ - see src/README.md - * afl-fuzz was splitted up in various individual files for including + * afl-fuzz was split up in various individual files for including functionality in other programs (e.g. forkserver, memory map, etc.) for better readability. * new code indention everywhere diff --git a/gcc_plugin/GNUmakefile b/gcc_plugin/GNUmakefile index 48625e31..625b55fb 100644 --- a/gcc_plugin/GNUmakefile +++ b/gcc_plugin/GNUmakefile @@ -24,7 +24,7 @@ PREFIX ?= /usr/local HELPER_PATH ?= $(PREFIX)/lib/afl BIN_PATH ?= $(PREFIX)/bin DOC_PATH ?= $(PREFIX)/share/doc/afl -MAN_PATH ?= $(PREFIX)/man/man8 +MAN_PATH ?= $(PREFIX)/share/man/man8 VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f2) diff --git a/gcc_plugin/Makefile b/gcc_plugin/Makefile index c088b61c..23477e22 100644 --- a/gcc_plugin/Makefile +++ b/gcc_plugin/Makefile @@ -24,7 +24,7 @@ PREFIX ?= /usr/local HELPER_PATH ?= $(PREFIX)/lib/afl BIN_PATH ?= $(PREFIX)/bin DOC_PATH ?= $(PREFIX)/share/doc/afl -MAN_PATH ?= $(PREFIX)/man/man8 +MAN_PATH ?= $(PREFIX)/share/man/man8 VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f2) VERSION:sh= grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f2 diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index c5b01da8..97e60347 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1027,11 +1027,15 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) { } - /* Modulo is biased - we don't want our fuzzing to be biased so let's do it right. */ - u64 unbiased_rnd; + /* Modulo is biased - we don't want our fuzzing to be biased so let's do it + * right. */ + u64 unbiased_rnd; do { + unbiased_rnd = rand_next(afl); + } while (unlikely(unbiased_rnd >= (UINT64_MAX - (UINT64_MAX % limit)))); + return unbiased_rnd % limit; } diff --git a/libtokencap/Makefile b/libtokencap/Makefile index 00dbb954..2343125f 100644 --- a/libtokencap/Makefile +++ b/libtokencap/Makefile @@ -16,7 +16,7 @@ PREFIX ?= /usr/local HELPER_PATH = $(PREFIX)/lib/afl DOC_PATH ?= $(PREFIX)/share/doc/afl -MAN_PATH ?= $(PREFIX)/man/man8 +MAN_PATH ?= $(PREFIX)/share/man/man8 VERSION = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2) diff --git a/llvm_mode/GNUmakefile b/llvm_mode/GNUmakefile index 1eb833eb..b9fe6abd 100644 --- a/llvm_mode/GNUmakefile +++ b/llvm_mode/GNUmakefile @@ -24,7 +24,7 @@ HELPER_PATH ?= $(PREFIX)/lib/afl BIN_PATH ?= $(PREFIX)/bin DOC_PATH ?= $(PREFIX)/share/doc/afl MISC_PATH ?= $(PREFIX)/share/afl -MAN_PATH ?= $(PREFIX)/man/man8 +MAN_PATH ?= $(PREFIX)/share/man/man8 VERSION = $(shell grep '^$(HASH)define VERSION ' ../config.h | cut -d '"' -f2) @@ -434,7 +434,7 @@ install: all if [ -f ../cmplog-instructions-pass.so ]; then set -e; install -m 755 ../cmplog-*-pass.so $${DESTDIR}$(HELPER_PATH); fi if [ -f ../SanitizerCoverageLTO.so ]; then set -e; install -m 755 ../SanitizerCoverageLTO.so $${DESTDIR}$(HELPER_PATH); fi set -e; install -m 644 ../dynamic_list.txt $${DESTDIR}$(HELPER_PATH) - set -e; if [ -f ../afl-clang-fast ] ; then ln -sf ../afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf ../afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang++ ; else ln -sf ../afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf ../afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang++; fi + set -e; if [ -f ../afl-clang-fast ] ; then ln -sf afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang++ ; else ln -sf afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang ; ln -sf afl-gcc $${DESTDIR}$(BIN_PATH)/afl-clang++; fi install -m 644 README.*.md $${DESTDIR}$(DOC_PATH)/ install -m 644 -T README.md $${DESTDIR}$(DOC_PATH)/README.llvm_mode.md @@ -442,7 +442,8 @@ vpath % .. %.8: % @echo .TH $* 8 `date "+%Y-%m-%d"` "afl++" > ../$@ @echo .SH NAME >> ../$@ - @echo .B $* >> ../$@ + @echo -n ".B $* \- " >> ../$@ + @./$* -h 2>&1 | head -n 1 | sed -e "s/$$(printf '\e')[^m]*m//g" >> ../$@ @echo >> ../$@ @echo .SH SYNOPSIS >> ../$@ @../$* -h 2>&1 | head -n 3 | tail -n 1 | sed 's/^\.\///' >> ../$@ diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 6ea98111..173dc268 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -812,16 +812,24 @@ int main(int argc, char **argv, char **envp) { ptr += strlen("ngram"); while (*ptr && (*ptr < '0' || *ptr > '9')) { + ptr++; + } + if (!*ptr) { + ptr = getenv("AFL_LLVM_NGRAM_SIZE"); if (!ptr || !*ptr) { + FATAL( "you must set the NGRAM size with (e.g. for value 2) " "AFL_LLVM_INSTRUMENT=ngram-2"); + } + } + ngram_size = atoi(ptr); if (ngram_size < 2 || ngram_size > NGRAM_SIZE_MAX) FATAL( diff --git a/llvm_mode/afl-llvm-common.cc b/llvm_mode/afl-llvm-common.cc index 7dd5a02a..189b4ec6 100644 --- a/llvm_mode/afl-llvm-common.cc +++ b/llvm_mode/afl-llvm-common.cc @@ -344,14 +344,10 @@ static std::string getSourceName(llvm::Function *F) { (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR >= 7) if (Loc) { - StringRef instFilename; + StringRef instFilename; DILocation *cDILoc = dyn_cast<DILocation>(Loc.getAsMDNode()); - if (cDILoc) { - - instFilename = cDILoc->getFilename(); - - } + if (cDILoc) { instFilename = cDILoc->getFilename(); } if (instFilename.str().empty()) { diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index c25cad9d..b8d9fce9 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -379,11 +379,9 @@ bool AFLLTOPass::runOnModule(Module &M) { else Str1 = TmpStr.str(); bool HasStr2 = getConstantStringInfo(Str2P, TmpStr); - if (TmpStr.empty()) - HasStr2 = false; - (void) HasStr2 /* never read */ - else - Str2 = TmpStr.str(); + if (TmpStr.empty()) HasStr2 = false; + (void)HasStr2 /* never read */ + else Str2 = TmpStr.str(); if (debug) fprintf(stderr, "F:%s %p(%s)->\"%s\"(%s) %p(%s)->\"%s\"(%s)\n", diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index d00fd26f..bdafbe0b 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -339,7 +339,7 @@ static void __afl_map_shm(void) { if (__afl_area_ptr == MAP_FAILED) { - fprintf(stderr, "can not aquire mmap for address %p\n", + fprintf(stderr, "can not acquire mmap for address %p\n", (void *)__afl_map_addr); exit(1); diff --git a/llvm_mode/split-compares-pass.so.cc b/llvm_mode/split-compares-pass.so.cc index 617b55de..2e57a30a 100644 --- a/llvm_mode/split-compares-pass.so.cc +++ b/llvm_mode/split-compares-pass.so.cc @@ -1272,7 +1272,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { if (!be_quiet) { errs() << "Split-floatingpoint-compare-pass: " << count - << " FP comparisons splitted\n"; + << " FP comparisons split\n"; } @@ -1290,7 +1290,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { count = splitIntCompares(M, bitw); if (!be_quiet) errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " splitted\n"; + << " split\n"; bitw >>= 1; #if LLVM_VERSION_MAJOR > 3 || \ @@ -1301,7 +1301,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { count = splitIntCompares(M, bitw); if (!be_quiet) errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " splitted\n"; + << " split\n"; bitw >>= 1; #if LLVM_VERSION_MAJOR > 3 || \ @@ -1312,7 +1312,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { count = splitIntCompares(M, bitw); if (!be_quiet) errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " splitted\n"; + << " split\n"; bitw >>= 1; break; diff --git a/qemu_mode/libcompcov/Makefile b/qemu_mode/libcompcov/Makefile index 9ed3e3fa..c2880b99 100644 --- a/qemu_mode/libcompcov/Makefile +++ b/qemu_mode/libcompcov/Makefile @@ -16,7 +16,7 @@ PREFIX ?= /usr/local HELPER_PATH = $(PREFIX)/lib/afl DOC_PATH ?= $(PREFIX)/share/doc/afl -MAN_PATH ?= $(PREFIX)/man/man8 +MAN_PATH ?= $(PREFIX)/share/man/man8 VERSION = $(shell grep '^\#define VERSION ' ../config.h | cut -d '"' -f2) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 7b7ba006..852fc3fb 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1843,7 +1843,8 @@ void setup_stdio_file(afl_state_t *afl) { if (afl->file_extension) { - afl->fsrv.out_file = alloc_printf("%s/.cur_input.%s", afl->tmp_dir, afl->file_extension); + afl->fsrv.out_file = + alloc_printf("%s/.cur_input.%s", afl->tmp_dir, afl->file_extension); } else { @@ -1851,11 +1852,15 @@ void setup_stdio_file(afl_state_t *afl) { } - unlink(afl->fsrv.out_file); /* Ignore errors */ + unlink(afl->fsrv.out_file); /* Ignore errors */ afl->fsrv.out_fd = open(afl->fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, 0600); - if (afl->fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", afl->fsrv.out_file); } + if (afl->fsrv.out_fd < 0) { + + PFATAL("Unable to create '%s'", afl->fsrv.out_file); + + } } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 1abd49d8..5ad2ace9 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -191,7 +191,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_QUIET: suppress forkserver status messages\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" - "AFL_SKIP_BIN_CHECK: skip the check, if the target is an excutable\n" + "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n" "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n" "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" "AFL_TMPDIR: directory to use for input file generation (ramdisk recommended)\n" |