diff options
Diffstat (limited to 'src/afl-showmap.c')
| -rw-r--r-- | src/afl-showmap.c | 252 |
1 files changed, 169 insertions, 83 deletions
diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 59b4963d..63b54851 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -121,7 +121,7 @@ static void classify_counts(afl_forkserver_t *fsrv) { while (i--) { - if (*mem) *mem = 1; + if (*mem) { *mem = 1; } mem++; } @@ -143,7 +143,7 @@ static void classify_counts(afl_forkserver_t *fsrv) { static void at_exit_handler(void) { - if (stdin_file) unlink(stdin_file); + if (stdin_file) { unlink(stdin_file); } } @@ -161,25 +161,28 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { fd = open(outfile, O_WRONLY); - if (fd < 0) PFATAL("Unable to open '%s'", out_file); + if (fd < 0) { PFATAL("Unable to open '%s'", out_file); } } else if (!strcmp(outfile, "-")) { fd = dup(1); - if (fd < 0) PFATAL("Unable to open stdout"); + if (fd < 0) { PFATAL("Unable to open stdout"); } } else { unlink(outfile); /* Ignore errors */ fd = open(outfile, O_WRONLY | O_CREAT | O_EXCL, 0600); - if (fd < 0) PFATAL("Unable to create '%s'", outfile); + if (fd < 0) { PFATAL("Unable to create '%s'", outfile); } } if (binary_mode) { - for (i = 0; i < map_size; i++) - if (fsrv->trace_bits[i]) ret++; + for (i = 0; i < map_size; i++) { + + if (fsrv->trace_bits[i]) { ret++; } + + } ck_write(fd, fsrv->trace_bits, map_size, outfile); close(fd); @@ -188,27 +191,29 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { FILE *f = fdopen(fd, "w"); - if (!f) PFATAL("fdopen() failed"); + if (!f) { PFATAL("fdopen() failed"); } for (i = 0; i < map_size; i++) { - if (!fsrv->trace_bits[i]) continue; + if (!fsrv->trace_bits[i]) { continue; } ret++; total += fsrv->trace_bits[i]; - if (highest < fsrv->trace_bits[i]) highest = fsrv->trace_bits[i]; + if (highest < fsrv->trace_bits[i]) { highest = fsrv->trace_bits[i]; } if (cmin_mode) { - if (fsrv->last_run_timed_out) break; - if (!caa && child_crashed != cco) break; + if (fsrv->last_run_timed_out) { break; } + if (!caa && child_crashed != cco) { break; } fprintf(f, "%u%u\n", fsrv->trace_bits[i], i); - } else + } else { fprintf(f, "%06u:%u\n", i, fsrv->trace_bits[i]); + } + } fclose(f); @@ -251,11 +256,14 @@ static u32 read_file(u8 *in_file) { struct stat st; s32 fd = open(in_file, O_RDONLY); - if (fd < 0) WARNF("Unable to open '%s'", in_file); + if (fd < 0) { WARNF("Unable to open '%s'", in_file); } + + if (fstat(fd, &st) || !st.st_size) { - if (fstat(fd, &st) || !st.st_size) WARNF("Zero-sized input file '%s'.", in_file); + } + in_len = st.st_size; in_data = ck_alloc_nozero(in_len); @@ -276,13 +284,13 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { static struct itimerval it; int status = 0; - if (!quiet_mode) SAYF("-- Program output begins --\n" cRST); + if (!quiet_mode) { SAYF("-- Program output begins --\n" cRST); } MEM_BARRIER(); fsrv->child_pid = fork(); - if (fsrv->child_pid < 0) PFATAL("fork() failed"); + if (fsrv->child_pid < 0) { PFATAL("fork() failed"); } if (!fsrv->child_pid) { @@ -319,14 +327,19 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { } - if (!keep_cores) + if (!keep_cores) { + r.rlim_max = r.rlim_cur = 0; - else + + } else { + r.rlim_max = r.rlim_cur = RLIM_INFINITY; + } + setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ - if (!getenv("LD_BIND_LAZY")) setenv("LD_BIND_NOW", "1", 0); + if (!getenv("LD_BIND_LAZY")) { setenv("LD_BIND_NOW", "1", 0); } setsid(); @@ -349,7 +362,7 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { setitimer(ITIMER_REAL, &it, NULL); - if (waitpid(fsrv->child_pid, &status, 0) <= 0) FATAL("waitpid() failed"); + if (waitpid(fsrv->child_pid, &status, 0) <= 0) { FATAL("waitpid() failed"); } fsrv->child_pid = 0; it.it_value.tv_sec = 0; @@ -360,26 +373,39 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { /* Clean up bitmap, analyze exit condition, etc. */ - if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG) + if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG) { + FATAL("Unable to execute '%s'", argv[0]); + } + classify_counts(fsrv); - if (!quiet_mode) SAYF(cRST "-- Program output ends --\n"); + if (!quiet_mode) { SAYF(cRST "-- Program output ends --\n"); } + + if (!fsrv->last_run_timed_out && !stop_soon && WIFSIGNALED(status)) { - if (!fsrv->last_run_timed_out && !stop_soon && WIFSIGNALED(status)) child_crashed = 1; + } + if (!quiet_mode) { - if (fsrv->last_run_timed_out) + if (fsrv->last_run_timed_out) { + SAYF(cLRD "\n+++ Program timed off +++\n" cRST); - else if (stop_soon) + + } else if (stop_soon) { + SAYF(cLRD "\n+++ Program aborted by user +++\n" cRST); - else if (child_crashed) + + } else if (child_crashed) { + SAYF(cLRD "\n+++ Program killed by signal %u +++\n" cRST, WTERMSIG(status)); + } + } } @@ -421,20 +447,28 @@ static void set_up_environment(afl_forkserver_t *fsrv) { s32 i, afl_preload_size = strlen(afl_preload); for (i = 0; i < afl_preload_size; ++i) { - if (afl_preload[i] == ',') + if (afl_preload[i] == ',') { + PFATAL( "Comma (',') is not allowed in AFL_PRELOAD when -Q is " "specified!"); + } + } - if (qemu_preload) + if (qemu_preload) { + buf = alloc_printf("%s,LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", qemu_preload, afl_preload, afl_preload); - else + + } else { + buf = alloc_printf("LD_PRELOAD=%s,DYLD_INSERT_LIBRARIES=%s", afl_preload, afl_preload); + } + setenv("QEMU_SET_ENV", buf, 1); ck_free(buf); @@ -549,20 +583,20 @@ int main(int argc, char **argv_orig, char **envp) { doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - if (getenv("AFL_QUIET") != NULL) be_quiet = 1; + if (getenv("AFL_QUIET") != NULL) { be_quiet = 1; } - while ((opt = getopt(argc, argv, "+i:o:f:m:t:A:eqZQUWbcrh")) > 0) + while ((opt = getopt(argc, argv, "+i:o:f:m:t:A:eqZQUWbcrh")) > 0) { switch (opt) { case 'i': - if (in_dir) FATAL("Multiple -i options not supported"); + if (in_dir) { FATAL("Multiple -i options not supported"); } in_dir = optarg; break; case 'o': - if (out_file) FATAL("Multiple -o options not supported"); + if (out_file) { FATAL("Multiple -o options not supported"); } out_file = optarg; break; @@ -570,10 +604,10 @@ int main(int argc, char **argv_orig, char **envp) { u8 suffix = 'M'; - if (mem_limit_given) FATAL("Multiple -m options not supported"); + if (mem_limit_given) { FATAL("Multiple -m options not supported"); } mem_limit_given = 1; - if (!optarg) FATAL("Wrong usage of -m"); + if (!optarg) { FATAL("Wrong usage of -m"); } if (!strcmp(optarg, "none")) { @@ -583,25 +617,39 @@ int main(int argc, char **argv_orig, char **envp) { } if (sscanf(optarg, "%llu%c", &fsrv->mem_limit, &suffix) < 1 || - optarg[0] == '-') + optarg[0] == '-') { + FATAL("Bad syntax used for -m"); - switch (suffix) { + } - case 'T': fsrv->mem_limit *= 1024 * 1024; break; - case 'G': fsrv->mem_limit *= 1024; break; - case 'k': fsrv->mem_limit /= 1024; break; - case 'M': break; + switch (suffix) { - default: FATAL("Unsupported suffix or bad syntax for -m"); + case 'T': + fsrv->mem_limit *= 1024 * 1024; + break; + case 'G': + fsrv->mem_limit *= 1024; + break; + case 'k': + fsrv->mem_limit /= 1024; + break; + case 'M': + break; + + default: + FATAL("Unsupported suffix or bad syntax for -m"); } - if (fsrv->mem_limit < 5) FATAL("Dangerously low value of -m"); + if (fsrv->mem_limit < 5) { FATAL("Dangerously low value of -m"); } + + if (sizeof(rlim_t) == 4 && fsrv->mem_limit > 2000) { - if (sizeof(rlim_t) == 4 && fsrv->mem_limit > 2000) FATAL("Value of -m out of range on 32-bit systems"); + } + } break; @@ -615,32 +663,35 @@ int main(int argc, char **argv_orig, char **envp) { case 't': - if (timeout_given) FATAL("Multiple -t options not supported"); + if (timeout_given) { FATAL("Multiple -t options not supported"); } timeout_given = 1; - if (!optarg) FATAL("Wrong usage of -t"); + if (!optarg) { FATAL("Wrong usage of -t"); } if (strcmp(optarg, "none")) { fsrv->exec_tmout = atoi(optarg); - if (fsrv->exec_tmout < 20 || optarg[0] == '-') + if (fsrv->exec_tmout < 20 || optarg[0] == '-') { + FATAL("Dangerously low value of -t"); + } + } break; case 'e': - if (edges_only) FATAL("Multiple -e options not supported"); - if (raw_instr_output) FATAL("-e and -r are mutually exclusive"); + if (edges_only) { FATAL("Multiple -e options not supported"); } + if (raw_instr_output) { FATAL("-e and -r are mutually exclusive"); } edges_only = 1; break; case 'q': - if (quiet_mode) FATAL("Multiple -q options not supported"); + if (quiet_mode) { FATAL("Multiple -q options not supported"); } quiet_mode = 1; break; @@ -660,27 +711,27 @@ int main(int argc, char **argv_orig, char **envp) { case 'Q': - if (fsrv->qemu_mode) FATAL("Multiple -Q options not supported"); - if (!mem_limit_given) fsrv->mem_limit = MEM_LIMIT_QEMU; + if (fsrv->qemu_mode) { FATAL("Multiple -Q options not supported"); } + if (!mem_limit_given) { fsrv->mem_limit = MEM_LIMIT_QEMU; } fsrv->qemu_mode = 1; break; case 'U': - if (unicorn_mode) FATAL("Multiple -U options not supported"); - if (!mem_limit_given) fsrv->mem_limit = MEM_LIMIT_UNICORN; + if (unicorn_mode) { FATAL("Multiple -U options not supported"); } + if (!mem_limit_given) { fsrv->mem_limit = MEM_LIMIT_UNICORN; } unicorn_mode = 1; break; case 'W': /* Wine+QEMU mode */ - if (use_wine) FATAL("Multiple -W options not supported"); + if (use_wine) { FATAL("Multiple -W options not supported"); } fsrv->qemu_mode = 1; use_wine = 1; - if (!mem_limit_given) fsrv->mem_limit = 0; + if (!mem_limit_given) { fsrv->mem_limit = 0; } break; @@ -694,14 +745,14 @@ int main(int argc, char **argv_orig, char **envp) { case 'c': - if (keep_cores) FATAL("Multiple -c options not supported"); + if (keep_cores) { FATAL("Multiple -c options not supported"); } keep_cores = 1; break; case 'r': - if (raw_instr_output) FATAL("Multiple -r options not supported"); - if (edges_only) FATAL("-e and -r are mutually exclusive"); + if (raw_instr_output) { FATAL("Multiple -r options not supported"); } + if (edges_only) { FATAL("-e and -r are mutually exclusive"); } raw_instr_output = 1; break; @@ -710,11 +761,14 @@ int main(int argc, char **argv_orig, char **envp) { return -1; break; - default: usage(argv[0]); + default: + usage(argv[0]); } - if (optind == argc || !out_file) usage(argv[0]); + } + + if (optind == argc || !out_file) { usage(argv[0]); } check_environment_vars(envp); @@ -735,7 +789,7 @@ int main(int argc, char **argv_orig, char **envp) { if (in_dir) { - if (at_file) PFATAL("Options -A and -i are mutually exclusive"); + if (at_file) { PFATAL("Options -A and -i are mutually exclusive"); } detect_file_args(argv + optind, "", &fsrv->use_stdin); } else { @@ -744,22 +798,32 @@ int main(int argc, char **argv_orig, char **envp) { } - for (i = optind; i < argc; i++) - if (strcmp(argv[i], "@@") == 0) arg_offset = i; + for (i = optind; i < argc; i++) { + + if (strcmp(argv[i], "@@") == 0) { arg_offset = i; } + + } if (fsrv->qemu_mode) { - if (use_wine) + if (use_wine) { + use_argv = get_wine_argv(argv[0], &fsrv->target_path, argc - optind, argv + optind); - else + + } else { + use_argv = get_qemu_argv(argv[0], &fsrv->target_path, argc - optind, argv + optind); - } else + } + + } else { use_argv = argv + optind; + } + if (in_dir) { DIR * dir_in, *dir_out; @@ -771,20 +835,30 @@ int main(int argc, char **argv_orig, char **envp) { #endif fsrv->dev_null_fd = open("/dev/null", O_RDWR); - if (fsrv->dev_null_fd < 0) PFATAL("Unable to open /dev/null"); + if (fsrv->dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } - if (!(dir_in = opendir(in_dir))) PFATAL("cannot open directory %s", in_dir); + if (!(dir_in = opendir(in_dir))) { + + PFATAL("cannot open directory %s", in_dir); + + } + + if (!(dir_out = opendir(out_file))) { + + if (mkdir(out_file, 0700)) { - if (!(dir_out = opendir(out_file))) - if (mkdir(out_file, 0700)) PFATAL("cannot create output directory %s", out_file); + } + + } + u8 *use_dir = "."; if (access(use_dir, R_OK | W_OK | X_OK)) { use_dir = get_afl_env("TMPDIR"); - if (!use_dir) use_dir = "/tmp"; + if (!use_dir) { use_dir = "/tmp"; } } @@ -792,7 +866,7 @@ int main(int argc, char **argv_orig, char **envp) { unlink(stdin_file); atexit(at_exit_handler); fsrv->out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600); - if (fsrv->out_fd < 0) PFATAL("Unable to create '%s'", out_file); + if (fsrv->out_fd < 0) { PFATAL("Unable to create '%s'", out_file); } if (arg_offset && argv[arg_offset] != stdin_file) { @@ -805,8 +879,12 @@ int main(int argc, char **argv_orig, char **envp) { int i = optind; SAYF(cMGN "[D]" cRST " %s:", fsrv->target_path); - while (argv[i] != NULL) + while (argv[i] != NULL) { + SAYF(" \"%s\"", argv[i++]); + + } + SAYF("\n"); SAYF(cMGN "[D]" cRST " %d - %d = %d, %s\n", arg_offset, optind, arg_offset - optind, infile); @@ -818,11 +896,19 @@ int main(int argc, char **argv_orig, char **envp) { while (done == 0 && (dir_ent = readdir(dir_in))) { - if (dir_ent->d_name[0] == '.') + if (dir_ent->d_name[0] == '.') { + continue; // skip anything that starts with '.' + } + #if defined(DT_REG) /* Posix and Solaris do not know d_type and DT_REG */ - if (dir_ent->d_type != DT_REG) continue; // only regular files + if (dir_ent->d_type != DT_REG) { + + continue; // only regular files + + } + #endif snprintf(infile, sizeof(infile), "%s/%s", in_dir, dir_ent->d_name); @@ -843,10 +929,10 @@ int main(int argc, char **argv_orig, char **envp) { } - if (!quiet_mode) OKF("Processed %llu input files.", fsrv->total_execs); + if (!quiet_mode) { OKF("Processed %llu input files.", fsrv->total_execs); } closedir(dir_in); - if (dir_out) closedir(dir_out); + if (dir_out) { closedir(dir_out); } } else { @@ -857,7 +943,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!quiet_mode) { - if (!tcnt) FATAL("No instrumentation detected" cRST); + if (!tcnt) { FATAL("No instrumentation detected" cRST); } OKF("Captured %u tuples (highest value %u, total values %u) in '%s'." cRST, tcnt, highest, total, out_file); @@ -875,13 +961,13 @@ int main(int argc, char **argv_orig, char **envp) { u32 ret = child_crashed * 2 + fsrv->last_run_timed_out; - if (fsrv->target_path) ck_free(fsrv->target_path); + if (fsrv->target_path) { ck_free(fsrv->target_path); } afl_fsrv_deinit(fsrv); - if (stdin_file) ck_free(stdin_file); + if (stdin_file) { ck_free(stdin_file); } argv_cpy_free(argv); - if (fsrv->qemu_mode) free(use_argv[2]); + if (fsrv->qemu_mode) { free(use_argv[2]); } exit(ret); |