diff options
| -rw-r--r-- | Makefile | 9 | ||||
| -rw-r--r-- | qemu_mode/README.md | 5 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-cpu-inl.h | 6 |
3 files changed, 19 insertions, 1 deletions
diff --git a/Makefile b/Makefile index 1c535bfb..b5ee6a71 100644 --- a/Makefile +++ b/Makefile @@ -41,6 +41,13 @@ AFL_FUZZ_FILES = $(wildcard src/afl-fuzz*.c) PYTHON_INCLUDE ?= /usr/include/python2.7 + +ifdef SOURCE_DATE_EPOCH + BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -r "$(SOURCE_DATE_EPOCH)" -I 2>/dev/null || date -u -I) +else + BUILD_DATE ?= $(shell date -I) +endif + ifneq "$(filter Linux GNU%,$(shell uname))" "" LDFLAGS += -ldl endif @@ -299,7 +306,7 @@ source-only: all radamsa $(MAKE) -C libtokencap %.8: % - @echo .TH $* 8 `date -I` "afl++" > $@ + @echo .TH $* 8 $(BUILD_DATE) "afl++" > $@ @echo .SH NAME >> $@ @echo .B $* >> $@ @echo >> $@ diff --git a/qemu_mode/README.md b/qemu_mode/README.md index c88c1e41..87027f63 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -46,6 +46,11 @@ You can also compile statically-linked binaries by setting STATIC=1. This can be useful when compiling QEMU on a different system than the one you're planning to run the fuzzer on and is most often used with the HOST variable. +Note: when targetting the i386 architecture, on some bianries the forkserver +handshake may fail due to the lack of reversed memory. Fix it with + +export QEMU_RESERVED_VA=0x1000000 + Note: if you want the QEMU helper to be installed on your system for all users, you need to build it before issuing 'make install' in the parent directory. diff --git a/qemu_mode/patches/afl-qemu-cpu-inl.h b/qemu_mode/patches/afl-qemu-cpu-inl.h index f4c474d8..7c6d3341 100644 --- a/qemu_mode/patches/afl-qemu-cpu-inl.h +++ b/qemu_mode/patches/afl-qemu-cpu-inl.h @@ -84,6 +84,8 @@ __thread abi_ulong afl_prev_loc; /* Set in the child process in forkserver mode: */ static int forkserver_installed = 0; +static int disable_caching = 0; + unsigned char afl_fork_child; unsigned int afl_forksrv_pid; unsigned char is_persistent; @@ -205,6 +207,8 @@ static void afl_setup(void) { behaviour, and seems to work alright? */ rcu_disable_atfork(); + + disable_caching = getenv("AFL_QEMU_DISABLE_CACHE") != NULL; is_persistent = getenv("AFL_QEMU_PERSISTENT_ADDR") != NULL; @@ -422,6 +426,8 @@ static void afl_request_tsl(target_ulong pc, target_ulong cb, uint32_t flags, uint32_t cf_mask, TranslationBlock *last_tb, int tb_exit) { + if (disable_caching) return; + struct afl_tsl t; struct afl_chain c; |