diff options
| l--------- | Android.mk | 1 | ||||
| -rw-r--r-- | afl-analyze.c | 3 | ||||
| -rw-r--r-- | afl-fuzz.c | 8 | ||||
| -rw-r--r-- | afl-gotcpu.c | 3 | ||||
| -rw-r--r-- | afl-showmap.c | 3 | ||||
| -rw-r--r-- | afl-tmin.c | 3 | ||||
| -rwxr-xr-x | afl-whatsup | 2 | ||||
| -rw-r--r-- | android-ashmem.h | 81 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-pass.so.cc | 5 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 7 | ||||
| -rw-r--r-- | sharedmem.c | 3 | 
11 files changed, 116 insertions, 3 deletions
| diff --git a/Android.mk b/Android.mk new file mode 120000 index 00000000..33ceb8f0 --- /dev/null +++ b/Android.mk @@ -0,0 +1 @@ +Makefile \ No newline at end of file diff --git a/afl-analyze.c b/afl-analyze.c index 53b694ec..0e8c9fb0 100644 --- a/afl-analyze.c +++ b/afl-analyze.c @@ -21,6 +21,9 @@ #define AFL_MAIN +#ifdef __ANDROID__ + #include "android-ashmem.h" +#endif #include "config.h" #include "types.h" #include "debug.h" diff --git a/afl-fuzz.c b/afl-fuzz.c index e9fb8bf0..0e252bea 100644 --- a/afl-fuzz.c +++ b/afl-fuzz.c @@ -28,6 +28,9 @@ #endif #define _FILE_OFFSET_BITS 64 +#ifdef __ANDROID__ + #include "android-ashmem.h" +#endif #include "config.h" #include "types.h" #include "debug.h" @@ -11318,6 +11321,7 @@ static void check_term_size(void) { if (ioctl(1, TIOCGWINSZ, &ws)) return; + if (ws.ws_row == 0 || ws.ws_col == 0) return; if (ws.ws_row < 24 || ws.ws_col < 79) term_too_small = 1; } @@ -12370,8 +12374,8 @@ int main(int argc, char** argv) { if (unicorn_mode) FATAL("-U and -n are mutually exclusive"); } - - if (index(argv[optind], '/') == NULL) WARNF(cLRD "Target binary called without a prefixed path, make sure you are fuzzing the right binary: " cRST "%s", argv[optind]); + + if (strchr(argv[optind], '/') == NULL) WARNF(cLRD "Target binary called without a prefixed path, make sure you are fuzzing the right binary: " cRST "%s", argv[optind]); OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" Eissfeldt and Andrea Fioraldi"); OKF("afl++ is open source, get it at https://github.com/vanhauser-thc/AFLplusplus"); diff --git a/afl-gotcpu.c b/afl-gotcpu.c index 4163ad65..8c04b205 100644 --- a/afl-gotcpu.c +++ b/afl-gotcpu.c @@ -28,6 +28,9 @@ #define AFL_MAIN #define _GNU_SOURCE +#ifdef __ANDROID__ + #include "android-ashmem.h" +#endif #include <stdio.h> #include <stdlib.h> #include <unistd.h> diff --git a/afl-showmap.c b/afl-showmap.c index bce7cb4e..a490bca6 100644 --- a/afl-showmap.c +++ b/afl-showmap.c @@ -23,6 +23,9 @@ #define AFL_MAIN +#ifdef __ANDROID__ + #include "android-ashmem.h" +#endif #include "config.h" #include "types.h" #include "debug.h" diff --git a/afl-tmin.c b/afl-tmin.c index 94f3bb3f..a36acd10 100644 --- a/afl-tmin.c +++ b/afl-tmin.c @@ -21,6 +21,9 @@ #define AFL_MAIN +#ifdef __ANDROID__ + #include "android-ashmem.h" +#endif #include "config.h" #include "types.h" #include "debug.h" diff --git a/afl-whatsup b/afl-whatsup index a4d30418..c1e41529 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -54,7 +54,7 @@ fi CUR_TIME=`date +%s` -TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || exit 1 +TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1 ALIVE_CNT=0 DEAD_CNT=0 diff --git a/android-ashmem.h b/android-ashmem.h new file mode 100644 index 00000000..a787c04b --- /dev/null +++ b/android-ashmem.h @@ -0,0 +1,81 @@ +#ifndef _ANDROID_ASHMEM_H +#define _ANDROID_ASHMEM_H + +#include <fcntl.h> +#include <linux/shm.h> +#include <linux/ashmem.h> +#include <sys/ioctl.h> +#include <sys/mman.h> + +#if __ANDROID_API__ >= 26 +#define shmat bionic_shmat +#define shmctl bionic_shmctl +#define shmdt bionic_shmdt +#define shmget bionic_shmget +#endif + #include <sys/shm.h> +#undef shmat +#undef shmctl +#undef shmdt +#undef shmget +#include <stdio.h> + +#define ASHMEM_DEVICE "/dev/ashmem" + +static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) +{ + int ret = 0; + if (__cmd == IPC_RMID) { + int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL); + struct ashmem_pin pin = {0, length}; + ret = ioctl(__shmid, ASHMEM_UNPIN, &pin); + close(__shmid); + } + + return ret; +} + +static inline int shmget (key_t __key, size_t __size, int __shmflg) +{ + int fd,ret; + char ourkey[11]; + + fd = open(ASHMEM_DEVICE, O_RDWR); + if (fd < 0) + return fd; + + sprintf(ourkey,"%d",__key); + ret = ioctl(fd, ASHMEM_SET_NAME, ourkey); + if (ret < 0) + goto error; + + ret = ioctl(fd, ASHMEM_SET_SIZE, __size); + if (ret < 0) + goto error; + + return fd; + +error: + close(fd); + return ret; +} + +static inline void *shmat (int __shmid, const void *__shmaddr, int __shmflg) +{ + int size; + void *ptr; + + size = ioctl(__shmid, ASHMEM_GET_SIZE, NULL); + if (size < 0) { + return NULL; + } + + ptr = mmap(NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, __shmid, 0); + if (ptr == MAP_FAILED) { + return NULL; + } + + return ptr; +} + +#endif diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc index cfeff968..bdad835f 100644 --- a/llvm_mode/afl-llvm-pass.so.cc +++ b/llvm_mode/afl-llvm-pass.so.cc @@ -129,9 +129,14 @@ bool AFLCoverage::runOnModule(Module &M) { new GlobalVariable(M, PointerType::get(Int8Ty, 0), false, GlobalValue::ExternalLinkage, 0, "__afl_area_ptr"); +#ifdef __ANDROID__ + GlobalVariable *AFLPrevLoc = new GlobalVariable( + M, Int32Ty, false, GlobalValue::ExternalLinkage, 0, "__afl_prev_loc"); +#else GlobalVariable *AFLPrevLoc = new GlobalVariable( M, Int32Ty, false, GlobalValue::ExternalLinkage, 0, "__afl_prev_loc", 0, GlobalVariable::GeneralDynamicTLSModel, 0, false); +#endif /* Instrument all the things! */ diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index debde204..67208454 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -19,6 +19,9 @@ */ +#ifdef __ANDROID__ + #include "android-ashmem.h" +#endif #include "../config.h" #include "../types.h" @@ -55,7 +58,11 @@ u8 __afl_area_initial[MAP_SIZE]; u8* __afl_area_ptr = __afl_area_initial; +#ifdef __ANDROID__ +u32 __afl_prev_loc; +#else __thread u32 __afl_prev_loc; +#endif /* Running in persistent mode? */ diff --git a/sharedmem.c b/sharedmem.c index 3fd38444..ce3b76e6 100644 --- a/sharedmem.c +++ b/sharedmem.c @@ -4,6 +4,9 @@ #define AFL_MAIN +#ifdef __ANDROID__ + #include "android-ashmem.h" +#endif #include "config.h" #include "types.h" #include "debug.h" | 
