diff options
Diffstat (limited to 'src/afl-as.c')
| -rw-r--r-- | src/afl-as.c | 164 |
1 files changed, 94 insertions, 70 deletions
diff --git a/src/afl-as.c b/src/afl-as.c index 94595f24..57f4c4a3 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -48,39 +48,38 @@ #include <sys/wait.h> #include <sys/time.h> -static u8** as_params; /* Parameters passed to the real 'as' */ +static u8** as_params; /* Parameters passed to the real 'as' */ -static u8* input_file; /* Originally specified input file */ -static u8* modified_file; /* Instrumented file for the real 'as' */ +static u8* input_file; /* Originally specified input file */ +static u8* modified_file; /* Instrumented file for the real 'as' */ -static u8 be_quiet, /* Quiet mode (no stderr output) */ - clang_mode, /* Running in clang mode? */ - pass_thru, /* Just pass data through? */ - just_version, /* Just show version? */ - sanitizer; /* Using ASAN / MSAN */ +static u8 be_quiet, /* Quiet mode (no stderr output) */ + clang_mode, /* Running in clang mode? */ + pass_thru, /* Just pass data through? */ + just_version, /* Just show version? */ + sanitizer; /* Using ASAN / MSAN */ -static u32 inst_ratio = 100, /* Instrumentation probability (%) */ - as_par_cnt = 1; /* Number of params to 'as' */ +static u32 inst_ratio = 100, /* Instrumentation probability (%) */ + as_par_cnt = 1; /* Number of params to 'as' */ -/* If we don't find --32 or --64 in the command line, default to +/* If we don't find --32 or --64 in the command line, default to instrumentation for whichever mode we were compiled with. This is not perfect, but should do the trick for almost all use cases. */ #ifdef __x86_64__ -static u8 use_64bit = 1; +static u8 use_64bit = 1; #else -static u8 use_64bit = 0; +static u8 use_64bit = 0; -#ifdef __APPLE__ -# error "Sorry, 32-bit Apple platforms are not supported." -#endif /* __APPLE__ */ +# ifdef __APPLE__ +# error "Sorry, 32-bit Apple platforms are not supported." +# endif /* __APPLE__ */ #endif /* ^__x86_64__ */ - /* Examine and modify parameters to pass to 'as'. Note that the file name is always the last parameter passed by GCC, so we exploit this property to keep the code simple. */ @@ -134,8 +133,10 @@ static void edit_params(int argc, char** argv) { for (i = 1; i < argc - 1; i++) { - if (!strcmp(argv[i], "--64")) use_64bit = 1; - else if (!strcmp(argv[i], "--32")) use_64bit = 0; + if (!strcmp(argv[i], "--64")) + use_64bit = 1; + else if (!strcmp(argv[i], "--32")) + use_64bit = 0; #ifdef __APPLE__ @@ -143,7 +144,8 @@ static void edit_params(int argc, char** argv) { if (!strcmp(argv[i], "-arch") && i + 1 < argc) { - if (!strcmp(argv[i + 1], "x86_64")) use_64bit = 1; + if (!strcmp(argv[i + 1], "x86_64")) + use_64bit = 1; else if (!strcmp(argv[i + 1], "i386")) FATAL("Sorry, 32-bit Apple platforms are not supported."); @@ -181,13 +183,17 @@ static void edit_params(int argc, char** argv) { if (input_file[0] == '-') { if (!strcmp(input_file + 1, "-version")) { + just_version = 1; modified_file = input_file; goto wrap_things_up; + } - if (input_file[1]) FATAL("Incorrect use (not called through afl-gcc?)"); - else input_file = NULL; + if (input_file[1]) + FATAL("Incorrect use (not called through afl-gcc?)"); + else + input_file = NULL; } else { @@ -197,22 +203,21 @@ static void edit_params(int argc, char** argv) { NSS. */ if (strncmp(input_file, tmp_dir, strlen(tmp_dir)) && - strncmp(input_file, "/var/tmp/", 9) && - strncmp(input_file, "/tmp/", 5)) pass_thru = 1; + strncmp(input_file, "/var/tmp/", 9) && strncmp(input_file, "/tmp/", 5)) + pass_thru = 1; } - modified_file = alloc_printf("%s/.afl-%u-%u.s", tmp_dir, getpid(), - (u32)time(NULL)); + modified_file = + alloc_printf("%s/.afl-%u-%u.s", tmp_dir, getpid(), (u32)time(NULL)); wrap_things_up: as_params[as_par_cnt++] = modified_file; - as_params[as_par_cnt] = NULL; + as_params[as_par_cnt] = NULL; } - /* Process input file, generate modified_file. Insert instrumentation in all the appropriate places. */ @@ -222,11 +227,11 @@ static void add_instrumentation(void) { FILE* inf; FILE* outf; - s32 outfd; - u32 ins_lines = 0; + s32 outfd; + u32 ins_lines = 0; - u8 instr_ok = 0, skip_csect = 0, skip_next_label = 0, - skip_intel = 0, skip_app = 0, instrument_next = 0; + u8 instr_ok = 0, skip_csect = 0, skip_next_label = 0, skip_intel = 0, + skip_app = 0, instrument_next = 0; #ifdef __APPLE__ @@ -239,7 +244,9 @@ static void add_instrumentation(void) { inf = fopen(input_file, "r"); if (!inf) PFATAL("Unable to read '%s'", input_file); - } else inf = stdin; + } else + + inf = stdin; outfd = open(modified_file, O_WRONLY | O_EXCL | O_CREAT, 0600); @@ -247,7 +254,7 @@ static void add_instrumentation(void) { outf = fdopen(outfd, "w"); - if (!outf) PFATAL("fdopen() failed"); + if (!outf) PFATAL("fdopen() failed"); while (fgets(line, MAX_LINE, inf)) { @@ -284,22 +291,26 @@ static void add_instrumentation(void) { around them, so we use that as a signal. */ if (!clang_mode && instr_ok && !strncmp(line + 2, "p2align ", 8) && - isdigit(line[10]) && line[11] == '\n') skip_next_label = 1; + isdigit(line[10]) && line[11] == '\n') + skip_next_label = 1; if (!strncmp(line + 2, "text\n", 5) || !strncmp(line + 2, "section\t.text", 13) || !strncmp(line + 2, "section\t__TEXT,__text", 21) || !strncmp(line + 2, "section __TEXT,__text", 21)) { + instr_ok = 1; - continue; + continue; + } if (!strncmp(line + 2, "section\t", 8) || - !strncmp(line + 2, "section ", 8) || - !strncmp(line + 2, "bss\n", 4) || + !strncmp(line + 2, "section ", 8) || !strncmp(line + 2, "bss\n", 4) || !strncmp(line + 2, "data\n", 5)) { + instr_ok = 0; continue; + } } @@ -354,8 +365,9 @@ static void add_instrumentation(void) { */ - if (skip_intel || skip_app || skip_csect || !instr_ok || - line[0] == '#' || line[0] == ' ') continue; + if (skip_intel || skip_app || skip_csect || !instr_ok || line[0] == '#' || + line[0] == ' ') + continue; /* Conditional branch instruction (jnz, etc). We append the instrumentation right after the branch (to instrument the not-taken path) and at the @@ -404,15 +416,16 @@ static void add_instrumentation(void) { /* Apple: L<num> / LBB<num> */ - if ((isdigit(line[1]) || (clang_mode && !strncmp(line, "LBB", 3))) - && R(100) < inst_ratio) { + if ((isdigit(line[1]) || (clang_mode && !strncmp(line, "LBB", 3))) && + R(100) < inst_ratio) { #else /* Apple: .L<num> / .LBB<num> */ - if ((isdigit(line[2]) || (clang_mode && !strncmp(line + 1, "LBB", 3))) - && R(100) < inst_ratio) { + if ((isdigit(line[2]) || + (clang_mode && !strncmp(line + 1, "LBB", 3))) && + R(100) < inst_ratio) { #endif /* __APPLE__ */ @@ -427,7 +440,10 @@ static void add_instrumentation(void) { .Lfunc_begin0-style exception handling calculations (a problem on MacOS X). */ - if (!skip_next_label) instrument_next = 1; else skip_next_label = 0; + if (!skip_next_label) + instrument_next = 1; + else + skip_next_label = 0; } @@ -436,34 +452,34 @@ static void add_instrumentation(void) { /* Function label (always instrumented, deferred mode). */ instrument_next = 1; - + } } } - if (ins_lines) - fputs(use_64bit ? main_payload_64 : main_payload_32, outf); + if (ins_lines) fputs(use_64bit ? main_payload_64 : main_payload_32, outf); if (input_file) fclose(inf); fclose(outf); if (!be_quiet) { - if (!ins_lines) WARNF("No instrumentation targets found%s.", - pass_thru ? " (pass-thru mode)" : ""); - else OKF("Instrumented %u locations (%s-bit, %s mode, ratio %u%%).", - ins_lines, use_64bit ? "64" : "32", - getenv("AFL_HARDEN") ? "hardened" : - (sanitizer ? "ASAN/MSAN" : "non-hardened"), - inst_ratio); - + if (!ins_lines) + WARNF("No instrumentation targets found%s.", + pass_thru ? " (pass-thru mode)" : ""); + else + OKF("Instrumented %u locations (%s-bit, %s mode, ratio %u%%).", ins_lines, + use_64bit ? "64" : "32", + getenv("AFL_HARDEN") ? "hardened" + : (sanitizer ? "ASAN/MSAN" : "non-hardened"), + inst_ratio); + } } - /* Main entry point */ int main(int argc, char** argv) { @@ -473,7 +489,7 @@ int main(int argc, char** argv) { int status; u8* inst_ratio_str = getenv("AFL_INST_RATIO"); - struct timeval tv; + struct timeval tv; struct timezone tz; clang_mode = !!getenv(CLANG_ENV_VAR); @@ -481,19 +497,26 @@ int main(int argc, char** argv) { if (isatty(2) && !getenv("AFL_QUIET")) { SAYF(cCYA "afl-as" VERSION cRST " by <lcamtuf@google.com>\n"); - - } else be_quiet = 1; + + } else + + be_quiet = 1; if (argc < 2) { - SAYF("\n" - "This is a helper application for afl-fuzz. It is a wrapper around GNU 'as',\n" - "executed by the toolchain whenever using afl-gcc or afl-clang. You probably\n" - "don't want to run this program directly.\n\n" + SAYF( + "\n" + "This is a helper application for afl-fuzz. It is a wrapper around GNU " + "'as',\n" + "executed by the toolchain whenever using afl-gcc or afl-clang. You " + "probably\n" + "don't want to run this program directly.\n\n" - "Rarely, when dealing with extremely complex projects, it may be advisable to\n" - "set AFL_INST_RATIO to a value less than 100 in order to reduce the odds of\n" - "instrumenting every discovered branch.\n\n"); + "Rarely, when dealing with extremely complex projects, it may be " + "advisable to\n" + "set AFL_INST_RATIO to a value less than 100 in order to reduce the " + "odds of\n" + "instrumenting every discovered branch.\n\n"); exit(1); @@ -509,7 +532,7 @@ int main(int argc, char** argv) { if (inst_ratio_str) { - if (sscanf(inst_ratio_str, "%u", &inst_ratio) != 1 || inst_ratio > 100) + if (sscanf(inst_ratio_str, "%u", &inst_ratio) != 1 || inst_ratio > 100) FATAL("Bad value of AFL_INST_RATIO (must be between 0 and 100)"); } @@ -524,9 +547,10 @@ int main(int argc, char** argv) { that... */ if (getenv("AFL_USE_ASAN") || getenv("AFL_USE_MSAN")) { + sanitizer = 1; - if (!getenv("AFL_INST_RATIO")) - inst_ratio /= 3; + if (!getenv("AFL_INST_RATIO")) inst_ratio /= 3; + } if (!just_version) add_instrumentation(); |