diff options
| -rw-r--r-- | README.md | 4 | ||||
| -rwxr-xr-x | afl-cmin | 19 | ||||
| -rwxr-xr-x | afl-cmin.bash | 6 | ||||
| -rw-r--r-- | docs/Changelog.md | 8 | ||||
| -rw-r--r-- | include/config.h | 2 | ||||
| -rw-r--r-- | qemu_mode/QEMUAFL_VERSION | 2 | ||||
| m--------- | qemu_mode/qemuafl | 0 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 14 |
8 files changed, 35 insertions, 20 deletions
diff --git a/README.md b/README.md index a8b579d8..935c71ce 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ <img align="right" src="https://raw.githubusercontent.com/AFLplusplus/Website/master/static/aflpp_bg.svg" alt="AFL++ logo" width="250" heigh="250"> -Release version: [4.02c](https://github.com/AFLplusplus/AFLplusplus/releases) +Release version: [4.03c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.03a +GitHub version: 4.04a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/afl-cmin b/afl-cmin index b170667a..8fe35ced 100755 --- a/afl-cmin +++ b/afl-cmin @@ -105,12 +105,13 @@ function usage() { "Execution control settings:\n" \ " -f file - location read by the fuzzed program (stdin)\n" \ " -m megs - memory limit for child process ("mem_limit" MB)\n" \ -" -t msec - run time limit for child process (none)\n" \ +" -t msec - run time limit for child process (default: none)\n" \ " -O - use binary-only instrumentation (FRIDA mode)\n" \ " -Q - use binary-only instrumentation (QEMU mode)\n" \ " -U - use unicorn-based instrumentation (unicorn mode)\n" \ "\n" \ "Minimization settings:\n" \ +" -A - allow crashes and timeouts (not recommended)\n" \ " -C - keep crashing inputs, reject everything else\n" \ " -e - solve for edge coverage only, ignore hit counts\n" \ "\n" \ @@ -123,6 +124,7 @@ function usage() { "AFL_KEEP_TRACES: leave the temporary <out_dir>/.traces directory\n" \ "AFL_KILL_SIGNAL: Signal delivered to child processes on timeout (default: SIGKILL)\n" \ "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n" \ +"AFL_CMIN_ALLOW_ANY: write tuples for crashing inputs also\n" \ "AFL_PATH: path for the afl-showmap binary if not found anywhere in PATH\n" \ "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " \ "printed to stdout\n" \ @@ -146,11 +148,12 @@ BEGIN { # defaults extra_par = "" AFL_CMIN_CRASHES_ONLY = "" + AFL_CMIN_ALLOW_ANY = "" # process options Opterr = 1 # default is to diagnose Optind = 1 # skip ARGV[0] - while ((_go_c = getopt(ARGC, ARGV, "hi:o:f:m:t:eCOQU?")) != -1) { + while ((_go_c = getopt(ARGC, ARGV, "hi:o:f:m:t:eACOQU?")) != -1) { if (_go_c == "i") { if (!Optarg) usage() if (in_dir) { print "Option "_go_c" is only allowed once" > "/dev/stderr"} @@ -186,6 +189,10 @@ BEGIN { AFL_CMIN_CRASHES_ONLY = "AFL_CMIN_CRASHES_ONLY=1 " continue } else + if (_go_c == "A") { + AFL_CMIN_ALLOW_ANY = "AFL_CMIN_ALLOW_ANY=1 " + continue + } else if (_go_c == "e") { extra_par = extra_par " -e" continue @@ -445,15 +452,15 @@ BEGIN { if (!stdin_file) { print " Processing "in_count" files (forkserver mode)..." # print AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string - retval = system(AFL_MAP_SIZE AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string) + retval = system(AFL_MAP_SIZE AFL_CMIN_ALLOW_ANY AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string) } else { print " Processing "in_count" files (forkserver mode)..." # print AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null" - retval = system(AFL_MAP_SIZE AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") + retval = system(AFL_MAP_SIZE AFL_CMIN_ALLOW_ANY AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null") } - if (retval && !AFL_CMIN_CRASHES_ONLY) { - print "[!] Exit code "retval" != 0 received from afl-showmap, terminating..." + if (retval && (!AFL_CMIN_CRASHES_ONLY && !AFL_CMIN_ALLOW_ANY)) { + print "[!] Exit code "retval" != 0 received from afl-showmap (this means a crashing or timeout input is likely present), terminating..." if (!ENVIRON["AFL_KEEP_TRACES"]) { system("rm -rf "trace_dir" 2>/dev/null") diff --git a/afl-cmin.bash b/afl-cmin.bash index d2218cd0..10c9477a 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -53,7 +53,7 @@ unset IN_DIR OUT_DIR STDIN_FILE EXTRA_PAR MEM_LIMIT_GIVEN \ export AFL_QUIET=1 -while getopts "+i:o:f:m:t:eOQUCh" opt; do +while getopts "+i:o:f:m:t:eOQUACh" opt; do case "$opt" in @@ -80,6 +80,9 @@ while getopts "+i:o:f:m:t:eOQUCh" opt; do "e") EXTRA_PAR="$EXTRA_PAR -e" ;; + "A") + export AFL_CMIN_ALLOW_ANY=1 + ;; "C") export AFL_CMIN_CRASHES_ONLY=1 ;; @@ -128,6 +131,7 @@ Execution control settings: Minimization settings: + -A - allow crashing and timeout inputs -C - keep crashing inputs, reject everything else -e - solve for edge coverage only, ignore hit counts diff --git a/docs/Changelog.md b/docs/Changelog.md index 71607542..7d34d364 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,12 +3,8 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. -## Staying informed -Want to stay in the loop on major new features? Join our mailing list by -sending a mail to <afl-users+subscribe@googlegroups.com>. - -### Version ++4.03a (dev) +### Version ++4.03c (release) - Building now gives a build summary what succeeded and what not - afl-fuzz: - added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead @@ -30,6 +26,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. edges (together with AFL_DEBUG=1 afl-fuzz). thanks to worksbutnottested! - afl-analyze broke at some point, fix by CodeLogicError, thank you! + - afl-cmin/afl-cmin.bash now have an -A option to allow also crashing + and timeout inputs - unicorn_mode: - updated upstream unicorn version - fixed builds for aarch64 diff --git a/include/config.h b/include/config.h index 1262668a..2882c9de 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.03a" +#define VERSION "++4.03c" /****************************************************** * * diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 10e875b1..412dbf45 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -61bc152384 +dc19175a0b diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl -Subproject 61bc1523848a5235b43719c9fa7d78e9a970a1a +Subproject dc19175a0bf4cf34e19944d084d92f33f26df93 diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 51e292d8..713f3a3c 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -2105,7 +2105,9 @@ void show_init_stats(afl_state_t *afl) { ? 50000 : 10000)) { - WARNF(cLRD "The target binary is pretty slow! See %s/perf_tips.md.", + WARNF(cLRD + "The target binary is pretty slow! See " + "%s/fuzzing_in_depth.md#i-improve-the-speed", doc_path); } @@ -2134,13 +2136,17 @@ void show_init_stats(afl_state_t *afl) { if (max_len > 50 * 1024) { - WARNF(cLRD "Some test cases are huge (%s) - see %s/perf_tips.md!", + WARNF(cLRD + "Some test cases are huge (%s) - see " + "%s/fuzzing_in_depth.md#i-improve-the-speed", stringify_mem_size(IB(0), max_len), doc_path); } else if (max_len > 10 * 1024) { - WARNF("Some test cases are big (%s) - see %s/perf_tips.md.", - stringify_mem_size(IB(0), max_len), doc_path); + WARNF( + "Some test cases are big (%s) - see " + "%s/fuzzing_in_depth.md#i-improve-the-speed", + stringify_mem_size(IB(0), max_len), doc_path); } |