diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/afl-fuzz.h | 21 | ||||
| -rw-r--r-- | include/afl-prealloc.h | 2 | ||||
| -rw-r--r-- | include/alloc-inl.h | 6 | ||||
| -rw-r--r-- | include/config.h | 5 | ||||
| -rw-r--r-- | include/debug.h | 2 | ||||
| -rw-r--r-- | include/envs.h | 136 | ||||
| -rw-r--r-- | include/hash.h | 6 | ||||
| -rw-r--r-- | include/sharedmem.h | 2 | ||||
| -rw-r--r-- | include/types.h | 1 |
9 files changed, 161 insertions, 20 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index e7b52d56..c9f84c61 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -49,6 +49,7 @@ #include "sharedmem.h" #include "forkserver.h" #include "common.h" +#include "hash.h" #include <stdio.h> #include <unistd.h> @@ -187,10 +188,11 @@ enum { /* 15 */ STAGE_HAVOC, /* 16 */ STAGE_SPLICE, /* 17 */ STAGE_PYTHON, - /* 18 */ STAGE_RADAMSA, - /* 19 */ STAGE_CUSTOM_MUTATOR, - /* 20 */ STAGE_COLORIZATION, - /* 21 */ STAGE_ITS, + /* 18 */ STAGE_CUSTOM_MUTATOR, + /* 19 */ STAGE_COLORIZATION, + /* 20 */ STAGE_ITS, + + STAGE_NUM_MAX }; @@ -232,6 +234,7 @@ enum { /* 05 */ QUAD, /* Quadratic schedule */ /* 06 */ RARE, /* Rare edges */ /* 07 */ MMOPT, /* Modified MOPT schedule */ + /* 08 */ SEEK, /* EXPLORE that ignores timings */ POWER_SCHEDULES_NUM @@ -425,9 +428,6 @@ typedef struct afl_state { u8 schedule; /* Power schedule (default: EXPLORE)*/ u8 havoc_max_mult; - u8 use_radamsa; - size_t (*radamsa_mutate_ptr)(u8 *, size_t, u8 *, size_t, u32); - u8 skip_deterministic, /* Skip deterministic stages? */ use_splicing, /* Recombine input files? */ non_instrumented_mode, /* Run in non-instrumented mode? */ @@ -971,13 +971,16 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) { } -static inline u32 get_rand_seed(afl_state_t *afl) { +static inline s64 rand_get_seed(afl_state_t *afl) { - if (unlikely(afl->fixed_seed)) { return (u32)afl->init_seed; } + if (unlikely(afl->fixed_seed)) { return afl->init_seed; } return afl->rand_seed[0]; } +/* initialize randomness with a given seed. Can be called again at any time. */ +void rand_set_seed(afl_state_t *afl, s64 init_seed); + /* Find first power of two greater or equal to val (assuming val under 2^63). */ diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h index 5e5d7b85..edf69a67 100644 --- a/include/afl-prealloc.h +++ b/include/afl-prealloc.h @@ -60,7 +60,7 @@ typedef enum prealloc_status { \ if ((prealloc_counter) >= (prealloc_size)) { \ \ - el_ptr = malloc(sizeof(*el_ptr)); \ + el_ptr = (void *)malloc(sizeof(*el_ptr)); \ if (!el_ptr) { FATAL("error in list.h -> out of memory for element!"); } \ el_ptr->pre_status = PRE_STATUS_MALLOC; \ \ diff --git a/include/alloc-inl.h b/include/alloc-inl.h index ca593549..832b2de4 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -170,10 +170,10 @@ static inline u8 *DFL_ck_strdup(u8 *str) { size = strlen((char *)str) + 1; ALLOC_CHECK_SIZE(size); - ret = malloc(size); + ret = (u8 *)malloc(size); ALLOC_CHECK_RESULT(ret, size); - return memcpy(ret, str, size); + return (u8 *)memcpy(ret, str, size); } @@ -204,7 +204,7 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) { if (!mem || !size) { return NULL; } ALLOC_CHECK_SIZE(size); - ret = malloc(size + 1); + ret = (u8 *)malloc(size + 1); ALLOC_CHECK_RESULT(ret, size); memcpy(ret, mem, size); diff --git a/include/config.h b/include/config.h index 711d0b77..7de74009 100644 --- a/include/config.h +++ b/include/config.h @@ -28,7 +28,7 @@ /* Version string: */ // c = release, d = volatile github dev, e = experimental branch -#define VERSION "++2.65d" +#define VERSION "++2.66d" /****************************************************** * * @@ -234,7 +234,7 @@ /* Sync interval (every n havoc cycles): */ -#define SYNC_INTERVAL 5 +#define SYNC_INTERVAL 8 /* Output directory reuse grace period (minutes): */ @@ -397,6 +397,5 @@ // #define IGNORE_FINDS - #endif /* ! _HAVE_CONFIG_H */ diff --git a/include/debug.h b/include/debug.h index 9dd21ace..d1bd971b 100644 --- a/include/debug.h +++ b/include/debug.h @@ -262,7 +262,7 @@ \ } while (0) -/* Die with FAULT() or PFAULT() depending on the value of res (used to +/* Die with FATAL() or PFATAL() depending on the value of res (used to interpret different failure modes for read(), write(), etc). */ #define RPFATAL(res, x...) \ diff --git a/include/envs.h b/include/envs.h index 0651f9da..86222418 100644 --- a/include/envs.h +++ b/include/envs.h @@ -1,3 +1,139 @@ +#ifndef _ENVS_H + +#define _ENVS_H + +static char *afl_environment_deprecated[] = { + + "AFL_LLVM_WHITELIST", + "AFL_GCC_WHITELIST", + "AFL_DEFER_FORKSRV", + "AFL_POST_LIBRARY", + "AFL_PERSISTENT", + NULL + +}; + +static char *afl_environment_variables[] = { + + "AFL_ALIGNED_ALLOC", + "AFL_ALLOW_TMP", + "AFL_ANALYZE_HEX", + "AFL_AS", + "AFL_AUTORESUME", + "AFL_AS_FORCE_INSTRUMENT", + "AFL_BENCH_JUST_ONE", + "AFL_BENCH_UNTIL_CRASH", + "AFL_CAL_FAST", + "AFL_CC", + "AFL_CMIN_ALLOW_ANY", + "AFL_CMIN_CRASHES_ONLY", + "AFL_CODE_END", + "AFL_CODE_START", + "AFL_COMPCOV_BINNAME", + "AFL_COMPCOV_LEVEL", + "AFL_CUSTOM_MUTATOR_LIBRARY", + "AFL_CUSTOM_MUTATOR_ONLY", + "AFL_CXX", + "AFL_DEBUG", + "AFL_DEBUG_CHILD_OUTPUT", + "AFL_DEBUG_GDB", + "AFL_DISABLE_TRIM", + "AFL_DONT_OPTIMIZE", + "AFL_DUMB_FORKSRV", + "AFL_ENTRYPOINT", + "AFL_EXIT_WHEN_DONE", + "AFL_FAST_CAL", + "AFL_FORCE_UI", + "AFL_GCC_INSTRUMENT_FILE", + "AFL_GCJ", + "AFL_HANG_TMOUT", + "AFL_HARDEN", + "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", + "AFL_IMPORT_FIRST", + "AFL_INST_LIBS", + "AFL_INST_RATIO", + "AFL_KEEP_TRACES", + "AFL_KEEP_ASSEMBLY", + "AFL_LD_HARD_FAIL", + "AFL_LD_LIMIT_MB", + "AFL_LD_NO_CALLOC_OVER", + "AFL_LD_PASSTHROUGH", + "AFL_REAL_LD", + "AFL_LD_PRELOAD", + "AFL_LD_VERBOSE", + "AFL_LLVM_CMPLOG", + "AFL_LLVM_INSTRIM", + "AFL_LLVM_CTX", + "AFL_LLVM_INSTRUMENT", + "AFL_LLVM_INSTRIM_LOOPHEAD", + "AFL_LLVM_LTO_AUTODICTIONARY", + "AFL_LLVM_AUTODICTIONARY", + "AFL_LLVM_SKIPSINGLEBLOCK", + "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", + "AFL_LLVM_LAF_SPLIT_COMPARES", + "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", + "AFL_LLVM_LAF_SPLIT_FLOATS", + "AFL_LLVM_LAF_SPLIT_SWITCHES", + "AFL_LLVM_LAF_ALL", + "AFL_LLVM_LAF_TRANSFORM_COMPARES", + "AFL_LLVM_MAP_ADDR", + "AFL_LLVM_MAP_DYNAMIC", + "AFL_LLVM_NGRAM_SIZE", + "AFL_NGRAM_SIZE", + "AFL_LLVM_NOT_ZERO", + "AFL_LLVM_INSTRUMENT_FILE", + "AFL_LLVM_SKIP_NEVERZERO", + "AFL_NO_AFFINITY", + "AFL_LLVM_LTO_STARTID", + "AFL_LLVM_LTO_DONTWRITEID", + "AFL_NO_ARITH", + "AFL_NO_BUILTIN", + "AFL_NO_CPU_RED", + "AFL_NO_FORKSRV", + "AFL_NO_UI", + "AFL_NO_PYTHON", + "AFL_UNTRACER_FILE", + "AFL_LLVM_USE_TRACE_PC", + "AFL_NO_X86", // not really an env but we dont want to warn on it + "AFL_MAP_SIZE", + "AFL_MAPSIZE", + "AFL_PATH", + "AFL_PERFORMANCE_FILE", + "AFL_PRELOAD", + "AFL_PYTHON_MODULE", + "AFL_QEMU_COMPCOV", + "AFL_QEMU_COMPCOV_DEBUG", + "AFL_QEMU_DEBUG_MAPS", + "AFL_QEMU_DISABLE_CACHE", + "AFL_QEMU_PERSISTENT_ADDR", + "AFL_QEMU_PERSISTENT_CNT", + "AFL_QEMU_PERSISTENT_GPR", + "AFL_QEMU_PERSISTENT_HOOK", + "AFL_QEMU_PERSISTENT_RET", + "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", + "AFL_QUIET", + "AFL_RANDOM_ALLOC_CANARY", + "AFL_REAL_PATH", + "AFL_SHUFFLE_QUEUE", + "AFL_SKIP_BIN_CHECK", + "AFL_SKIP_CPUFREQ", + "AFL_SKIP_CRASHES", + "AFL_TMIN_EXACT", + "AFL_TMPDIR", + "AFL_TOKEN_FILE", + "AFL_TRACE_PC", + "AFL_USE_ASAN", + "AFL_USE_MSAN", + "AFL_USE_TRACE_PC", + "AFL_USE_UBSAN", + "AFL_USE_CFISAN", + "AFL_WINE_PATH", + "AFL_NO_SNAPSHOT", + NULL + +}; extern char *afl_environment_variables[]; +#endif + diff --git a/include/hash.h b/include/hash.h index 6910e0e2..9319ab95 100644 --- a/include/hash.h +++ b/include/hash.h @@ -30,8 +30,8 @@ #include "types.h" -u32 hash32(const void *key, u32 len, u32 seed); -u64 hash64(const void *key, u32 len, u64 seed); +u32 hash32(u8 *key, u32 len, u32 seed); +u64 hash64(u8 *key, u32 len, u64 seed); #if 0 @@ -41,7 +41,7 @@ The following code is disabled because xxh3 is 30% faster #define ROL64(_x, _r) ((((u64)(_x)) << (_r)) | (((u64)(_x)) >> (64 - (_r)))) -static inline u32 hash32(const void *key, u32 len, u32 seed) { +static inline u32 hash32(u8 *key, u32 len, u32 seed) { const u64 *data = (u64 *)key; u64 h1 = seed ^ len; diff --git a/include/sharedmem.h b/include/sharedmem.h index a77ab7c0..b15d0535 100644 --- a/include/sharedmem.h +++ b/include/sharedmem.h @@ -38,6 +38,8 @@ typedef struct sharedmem { /* ================ Proteas ================ */ int g_shm_fd; char g_shm_file_path[L_tmpnam]; + int cmplog_g_shm_fd; + char cmplog_g_shm_file_path[L_tmpnam]; /* ========================================= */ #else s32 shm_id; /* ID of the SHM region */ diff --git a/include/types.h b/include/types.h index 77b7ae74..39f599a0 100644 --- a/include/types.h +++ b/include/types.h @@ -48,6 +48,7 @@ typedef uint32_t u32; #define FS_OPT_SNAPSHOT 0x20000000 #define FS_OPT_AUTODICT 0x10000000 #define FS_OPT_SHDMEM_FUZZ 0x01000000 +#define FS_OPT_OLD_AFLPP_WORKAROUND 0x0f000000 // FS_OPT_MAX_MAPSIZE is 8388608 = 0x800000 = 2^23 = 1 << 22 #define FS_OPT_MAX_MAPSIZE ((0x00fffffe >> 1) + 1) #define FS_OPT_GET_MAPSIZE(x) (((x & 0x00fffffe) >> 1) + 1) |