diff options
| -rw-r--r-- | include/alloc-inl.h | 3 | ||||
| -rw-r--r-- | llvm_mode/afl-clang-fast.c | 4 | ||||
| -rw-r--r-- | llvm_mode/afl-llvm-pass.so.cc | 3 | ||||
| -rw-r--r-- | llvm_mode/split-compares-pass.so.cc | 4 | ||||
| -rw-r--r-- | llvm_mode/split-switches-pass.so.cc | 3 | ||||
| -rw-r--r-- | qemu_mode/patches/afl-qemu-tcg-runtime-inl.h | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 12 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 27 | ||||
| -rw-r--r-- | src/afl-gcc.c | 52 | ||||
| -rw-r--r-- | src/afl-showmap.c | 6 |
10 files changed, 66 insertions, 52 deletions
diff --git a/include/alloc-inl.h b/include/alloc-inl.h index ada08b69..5764e30b 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -141,8 +141,7 @@ static inline void* DFL_ck_realloc(void* orig, u32 size) { static inline void* DFL_ck_realloc_block(void* orig, u32 size) { - if (orig) - size += ALLOC_BLK_INC; + if (orig) size += ALLOC_BLK_INC; return DFL_ck_realloc(orig, size); diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index c2b89473..5e152e86 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -498,7 +498,9 @@ int main(int argc, char** argv, char** envp) { exit(1); - } else if ((isatty(2) && !getenv("AFL_QUIET")) || getenv("AFL_DEBUG") != NULL) { + } else if ((isatty(2) && !getenv("AFL_QUIET")) || + + getenv("AFL_DEBUG") != NULL) { #ifdef USE_TRACE_PC SAYF(cCYA "afl-clang-fast" VERSION cRST diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc index 6bd175f2..133c64b4 100644 --- a/llvm_mode/afl-llvm-pass.so.cc +++ b/llvm_mode/afl-llvm-pass.so.cc @@ -145,8 +145,6 @@ bool AFLCoverage::runOnModule(Module &M) { char be_quiet = 0; -printf("DEBUG? %s\n", getenv("AFL_DEBUG")); - if ((isatty(2) && !getenv("AFL_QUIET")) || getenv("AFL_DEBUG") != NULL) { SAYF(cCYA "afl-llvm-pass" VERSION cRST " by <lszekeres@google.com>\n"); @@ -483,7 +481,6 @@ printf("DEBUG? %s\n", getenv("AFL_DEBUG")); } } -printf ("BEQUIET!\n"); return true; diff --git a/llvm_mode/split-compares-pass.so.cc b/llvm_mode/split-compares-pass.so.cc index 1c7a77c3..fe021071 100644 --- a/llvm_mode/split-compares-pass.so.cc +++ b/llvm_mode/split-compares-pass.so.cc @@ -1244,12 +1244,14 @@ bool SplitComparesTransform::runOnModule(Module &M) { simplifyIntSignedness(M); if (isatty(2) && getenv("AFL_QUIET") == NULL) { + errs() << "Split-compare-pass by laf.intel@gmail.com, extended by " "heiko@hexco.de\n"; if (enableFPSplit) errs() << "Split-floatingpoint-compare-pass: " << splitFPCompares(M) - << " FP comparisons splitted\n"; + << " FP comparisons splitted\n"; + } switch (bitw) { diff --git a/llvm_mode/split-switches-pass.so.cc b/llvm_mode/split-switches-pass.so.cc index 70ffe7b6..d2ba28cb 100644 --- a/llvm_mode/split-switches-pass.so.cc +++ b/llvm_mode/split-switches-pass.so.cc @@ -491,7 +491,8 @@ bool SplitSwitchesTransform::splitSwitches(Module &M) { * less, don't bother with the code below. */ if (!SI->getNumCases() || bitw <= 8) { - if (isatty(2) && getenv("AFL_QUIET") == NULL) errs() << "skip trivial switch..\n"; + if (isatty(2) && getenv("AFL_QUIET") == NULL) + errs() << "skip trivial switch..\n"; continue; } diff --git a/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h b/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h index 6339d41c..2bb0ac9e 100644 --- a/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h +++ b/qemu_mode/patches/afl-qemu-tcg-runtime-inl.h @@ -35,9 +35,9 @@ #include "tcg.h" void HELPER(afl_entry_routine)(CPUArchState *env) { - + afl_forkserver(ENV_GET_CPU(env)); - + } void HELPER(afl_compcov_16)(target_ulong cur_loc, target_ulong arg1, diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index bafb1d63..2176c5cf 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -603,9 +603,11 @@ void perform_dry_run(char** argv) { "binary. Also,\n" " if you are using ASAN, see %s/notes_for_asan.md.\n\n" - " - In QEMU persistent mode the selected address(es) for the loop are not\n" + " - In QEMU persistent mode the selected address(es) for the " + "loop are not\n" " properly cleaning up variables and memory. Try adding\n" - " AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.\n\n" + " AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in " + "the binary.\n\n" MSG_FORK_ON_APPLE @@ -628,9 +630,11 @@ void perform_dry_run(char** argv) { "interesting\n" " inputs - but not ones that cause an outright crash.\n\n" - " - In QEMU persistent mode the selected address(es) for the loop are not\n" + " - In QEMU persistent mode the selected address(es) for the " + "loop are not\n" " properly cleaning up variables and memory. Try adding\n" - " AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in the binary.\n\n" + " AFL_QEMU_PERSISTENT_GPR=1 or select better addresses in " + "the binary.\n\n" MSG_FORK_ON_APPLE diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 740fb5cb..a9a6db97 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -113,7 +113,8 @@ static void usage(u8* argv0) { " pacemaker mode (minutes of no new paths, 0 = " "immediately).\n" " a recommended value is 10-60. see docs/README.MOpt\n" - " -c program - enable CmpLog by specifying a binary compiled for it.\n" + " -c program - enable CmpLog by specifying a binary compiled for " + "it.\n" " if using QEMU, just use -c 0.\n\n" "Fuzzing behavior settings:\n" @@ -829,24 +830,30 @@ int main(int argc, char** argv, char** envp) { if ((tmp_dir = getenv("AFL_TMPDIR")) != NULL && !in_place_resume) { - char tmpfile[file_extension - ? strlen(tmp_dir) + 1 + 10 + 1 + strlen(file_extension) + 1 - : strlen(tmp_dir) + 1 + 10 + 1]; + char tmpfile[file_extension + ? strlen(tmp_dir) + 1 + 10 + 1 + strlen(file_extension) + 1 + : strlen(tmp_dir) + 1 + 10 + 1]; if (file_extension) { + sprintf(tmpfile, "%s/.cur_input.%s", tmp_dir, file_extension); + } else { + sprintf(tmpfile, "%s/.cur_input", tmp_dir); + } + if (access(tmpfile, F_OK) != -1) // there is still a race condition here, but well ... - FATAL("AFL_TMPDIR already has an existing temporary input file: %s - if this is not from another instance, then just remove the file.", - tmpfile); + FATAL( + "AFL_TMPDIR already has an existing temporary input file: %s - if " + "this is not from another instance, then just remove the file.", + tmpfile); } else tmp_dir = out_dir; - /* If we don't have a file name chosen yet, use a safe default. */ if (!out_file) { @@ -884,11 +891,13 @@ int main(int argc, char** argv, char** envp) { if (!out_file) setup_stdio_file(); if (cmplog_binary) { + if (unicorn_mode) FATAL("CmpLog and Unicorn mode are not compatible at the moment, sorry"); - if (!qemu_mode) - check_binary(cmplog_binary); + if (!qemu_mode) check_binary(cmplog_binary); + } + check_binary(argv[optind]); start_time = get_cur_time(); diff --git a/src/afl-gcc.c b/src/afl-gcc.c index 60e0a7ce..5baec062 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -342,31 +342,30 @@ static void edit_params(u32 argc, char** argv) { int main(int argc, char** argv) { - char *env_info = - "Environment variables used by afl-gcc:\n" - "AFL_CC: path to the C compiler to use\n" - "AFL_CXX: path to the C++ compiler to use\n" - "AFL_GCJ: path to the java compiler to use\n" - "AFL_PATH: path to the instrumenting assembler\n" - "AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n" - "AFL_NO_BUILTIN: compile for use with libtokencap.so\n" - "AFL_QUIET: suppress verbose output\n" - "AFL_CAL_FAST: speed up the initial calibration\n" - "AFL_HARDEN: adds code hardening to catch memory bugs\n" - "AFL_USE_ASAN: activate address sanitizer\n" - "AFL_USE_MSAN: activate memory sanitizer\n" - "AFL_USE_UBSAN: activate undefined behaviour sanitizer\n" - - "\nEnvironment variables used by afl-as (called by afl-gcc):\n" - "AFL_AS: path to the assembler to use\n" - "TMPDIR: set the directory for temporary files of afl-as\n" - "TEMP: fall back path to directory for temporary files\n" - "TMP: fall back path to directory for temporary files\n" - "AFL_INST_RATIO: percentage of branches to instrument\n" - "AFL_QUIET: suppress verbose output\n" - "AFL_KEEP_ASSEMBLY: leave instrumented assembly files\n" - "AFL_AS_FORCE_INSTRUMENT: force instrumentation for asm sources\n" - ; + char* env_info = + "Environment variables used by afl-gcc:\n" + "AFL_CC: path to the C compiler to use\n" + "AFL_CXX: path to the C++ compiler to use\n" + "AFL_GCJ: path to the java compiler to use\n" + "AFL_PATH: path to the instrumenting assembler\n" + "AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n" + "AFL_NO_BUILTIN: compile for use with libtokencap.so\n" + "AFL_QUIET: suppress verbose output\n" + "AFL_CAL_FAST: speed up the initial calibration\n" + "AFL_HARDEN: adds code hardening to catch memory bugs\n" + "AFL_USE_ASAN: activate address sanitizer\n" + "AFL_USE_MSAN: activate memory sanitizer\n" + "AFL_USE_UBSAN: activate undefined behaviour sanitizer\n" + + "\nEnvironment variables used by afl-as (called by afl-gcc):\n" + "AFL_AS: path to the assembler to use\n" + "TMPDIR: set the directory for temporary files of afl-as\n" + "TEMP: fall back path to directory for temporary files\n" + "TMP: fall back path to directory for temporary files\n" + "AFL_INST_RATIO: percentage of branches to instrument\n" + "AFL_QUIET: suppress verbose output\n" + "AFL_KEEP_ASSEMBLY: leave instrumented assembly files\n" + "AFL_AS_FORCE_INSTRUMENT: force instrumentation for asm sources\n"; if (argc == 2 && strcmp(argv[1], "-h") == 0) { @@ -410,7 +409,8 @@ int main(int argc, char** argv) { "Setting AFL_HARDEN enables hardening optimizations in the compiled " "code.\n\n%s" - , BIN_PATH, BIN_PATH, env_info); + , + BIN_PATH, BIN_PATH, env_info); exit(1); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index a46645ab..95c4592d 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -1014,12 +1014,12 @@ int main(int argc, char** argv, char** envp) { tcnt, highest, total, out_file); } - + if (stdin_file) { - + unlink(stdin_file); stdin_file = NULL; - + } exit(child_crashed * 2 + child_timed_out); |