diff options
| -rw-r--r-- | GNUmakefile | 4 | ||||
| -rw-r--r-- | examples/persistent_demo/persistent_demo_new.c | 4 | ||||
| -rw-r--r-- | include/afl-prealloc.h | 2 | ||||
| -rw-r--r-- | include/alloc-inl.h | 6 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-rt.o.c | 6 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 36 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 26 | ||||
| -rw-r--r-- | src/afl-performance.c | 4 | ||||
| -rw-r--r-- | src/afl-showmap.c | 4 |
9 files changed, 62 insertions, 30 deletions
diff --git a/GNUmakefile b/GNUmakefile index d95eaab1..748cd73c 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -394,8 +394,8 @@ afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86 # document all mutations and only do one run (use with only one input file!) -document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o | test_x86 - $(CC) -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS) +document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-performance.o | test_x86 + $(CC) -D_DEBUG=\"1\" -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.c src/afl-performance.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS) test/unittests/unit_maybe_alloc.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_maybe_alloc.c $(AFL_FUZZ_FILES) @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_maybe_alloc.c -o test/unittests/unit_maybe_alloc.o diff --git a/examples/persistent_demo/persistent_demo_new.c b/examples/persistent_demo/persistent_demo_new.c index 98909442..e4e328b0 100644 --- a/examples/persistent_demo/persistent_demo_new.c +++ b/examples/persistent_demo/persistent_demo_new.c @@ -49,9 +49,13 @@ int main(int argc, char **argv) { len = __AFL_FUZZ_TESTCASE_LEN; + fprintf(stderr, "input: %zd \"%s\"\n", len, buf); + /* do we have enough data? */ if (len < 8) continue; + if (strcmp((char *)buf, "thisisateststring") == 0) printf("teststring\n"); + if (buf[0] == 'f') { printf("one\n"); diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h index a9de3ba2..fa6c9b70 100644 --- a/include/afl-prealloc.h +++ b/include/afl-prealloc.h @@ -60,7 +60,7 @@ typedef enum prealloc_status { \ if ((prealloc_counter) >= (prealloc_size)) { \ \ - el_ptr = (element_t *) malloc(sizeof(*el_ptr)); \ + el_ptr = (element_t *)malloc(sizeof(*el_ptr)); \ if (!el_ptr) { FATAL("error in list.h -> out of memory for element!"); } \ el_ptr->pre_status = PRE_STATUS_MALLOC; \ \ diff --git a/include/alloc-inl.h b/include/alloc-inl.h index decc2d43..832b2de4 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -170,10 +170,10 @@ static inline u8 *DFL_ck_strdup(u8 *str) { size = strlen((char *)str) + 1; ALLOC_CHECK_SIZE(size); - ret = (u8*) malloc(size); + ret = (u8 *)malloc(size); ALLOC_CHECK_RESULT(ret, size); - return (u8*)memcpy(ret, str, size); + return (u8 *)memcpy(ret, str, size); } @@ -204,7 +204,7 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) { if (!mem || !size) { return NULL; } ALLOC_CHECK_SIZE(size); - ret = (u8*) malloc(size + 1); + ret = (u8 *)malloc(size + 1); ALLOC_CHECK_RESULT(ret, size); memcpy(ret, mem, size); diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 184dcd0f..f81d13ee 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -395,6 +395,9 @@ static void __afl_start_snapshots(void) { if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); + if (getenv("AFL_DEBUG")) + fprintf(stderr, "target forkserver recv: %08x\n", was_killed); + if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) == (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) { @@ -594,6 +597,9 @@ static void __afl_start_forkserver(void) { if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); + if (getenv("AFL_DEBUG")) + fprintf(stderr, "target forkserver recv: %08x\n", was_killed); + if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) == (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) { diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index bb7a6797..c5709b33 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -596,9 +596,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, // this is not afl-fuzz - we deny and return if (fsrv->use_shmem_fuzz) - status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ); + status = (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ); else - status = (FS_OPT_ENABLED | FS_OPT_AUTODICT); + status = (FS_OPT_ENABLED); if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) { FATAL("Writing to forkserver failed."); @@ -610,7 +610,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } if (!be_quiet) { ACTF("Using AUTODICT feature."); } - status = (FS_OPT_ENABLED | FS_OPT_AUTODICT); + + if (fsrv->use_shmem_fuzz) + status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ); + else + status = (FS_OPT_ENABLED | FS_OPT_AUTODICT); + if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) { FATAL("Writing to forkserver failed."); @@ -862,16 +867,21 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { *fsrv->shmem_fuzz_len = len; memcpy(fsrv->shmem_fuzz, buf, len); #ifdef _DEBUG - fprintf(stderr, "FS crc: %08x len: %u\n", - hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705), - *fsrv->shmem_fuzz_len); - fprintf(stderr, "SHM :"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]); - fprintf(stderr, "\nORIG:"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", buf[i]); - fprintf(stderr, "\n"); + if (getenv("AFL_DEBUG")) { + + fprintf(stderr, "FS crc: %016llx len: %u\n", + hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705), + *fsrv->shmem_fuzz_len); + fprintf(stderr, "SHM :"); + for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) + fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]); + fprintf(stderr, "\nORIG:"); + for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) + fprintf(stderr, "%02x", buf[i]); + fprintf(stderr, "\n"); + + } + #endif } else { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 52931a39..2a1664e2 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -156,16 +156,22 @@ static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at, *afl->fsrv.shmem_fuzz_len = len - skip_len; #ifdef _DEBUG - fprintf(stderr, "FS crc: %08x len: %u\n", - hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705), - *fsrv->shmem_fuzz_len); - fprintf(stderr, "SHM :"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]); - fprintf(stderr, "\nORIG:"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", buf[i]); - fprintf(stderr, "\n"); + if (afl->debug) { + + fprintf( + stderr, "FS crc: %16llx len: %u\n", + hash64(afl->fsrv.shmem_fuzz, *afl->fsrv.shmem_fuzz_len, 0xa5b35705), + *afl->fsrv.shmem_fuzz_len); + fprintf(stderr, "SHM :"); + for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++) + fprintf(stderr, "%02x", afl->fsrv.shmem_fuzz[i]); + fprintf(stderr, "\nORIG:"); + for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++) + fprintf(stderr, "%02x", (u8)((u8 *)mem)[i]); + fprintf(stderr, "\n"); + + } + #endif return; diff --git a/src/afl-performance.c b/src/afl-performance.c index 0832dc39..0c1697a8 100644 --- a/src/afl-performance.c +++ b/src/afl-performance.c @@ -143,8 +143,10 @@ void long_jump(afl_state_t *afl) { #ifdef _DEBUG u32 hash32(u8 *key, u32 len, u32 seed) { + #else u32 inline hash32(u8 *key, u32 len, u32 seed) { + #endif return (u32)XXH64(key, len, seed); @@ -153,8 +155,10 @@ u32 inline hash32(u8 *key, u32 len, u32 seed) { #ifdef _DEBUG u64 hash64(u8 *key, u32 len, u64 seed) { + #else u64 inline hash64(u8 *key, u32 len, u64 seed) { + #endif return XXH64(key, len, seed); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 994d80eb..883398ff 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -985,10 +985,12 @@ int main(int argc, char **argv_orig, char **envp) { if (read_file(infile)) { - if (wait_for_gdb) { + if (wait_for_gdb) { + fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid); fprintf(stderr, "exec: kill -CONT %d\n", getpid()); kill(0, SIGSTOP); + } showmap_run_target_forkserver(fsrv, use_argv, in_data, in_len); |