diff options
Diffstat (limited to 'src/afl-showmap.c')
| -rw-r--r-- | src/afl-showmap.c | 34 |
1 files changed, 16 insertions, 18 deletions
diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 9c029035..7e875040 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -7,12 +7,12 @@ Forkserver design by Jann Horn <jannhorn@googlemail.com> Now maintained by Marc Heuse <mh@mh-sec.de>, - Heiko Eißfeldt <heiko.eissfeldt@hexco.de> and + Heiko Eissfeldt <heiko.eissfeldt@hexco.de> and Andrea Fioraldi <andreafioraldi@gmail.com> and Dominik Maier <mail@dmnk.co> Copyright 2016, 2017 Google Inc. All rights reserved. - Copyright 2019-2023 AFLplusplus Project. All rights reserved. + Copyright 2019-2024 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -111,8 +111,9 @@ static sharedmem_t *shm_fuzz; static const u8 count_class_human[256] = { - [0] = 0, [1] = 1, [2] = 2, [3] = 3, [4] = 4, - [8] = 5, [16] = 6, [32] = 7, [128] = 8 + [0] = 0, [1] = 1, [2] = 2, [3] = 3, + [4 ... 7] = 4, [8 ... 15] = 5, [16 ... 31] = 6, [32 ... 127] = 7, + [128 ... 255] = 8 }; @@ -177,7 +178,8 @@ fsrv_run_result_t fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, void classify_counts(afl_forkserver_t *fsrv) { u8 *mem = fsrv->trace_bits; - const u8 *map = binary_mode ? count_class_binary : count_class_human; + const u8 *map = (binary_mode || collect_coverage) ? count_class_binary + : count_class_human; u32 i = map_size; @@ -239,13 +241,7 @@ static void analyze_results(afl_forkserver_t *fsrv) { u32 i; for (i = 0; i < map_size; i++) { - if (fsrv->trace_bits[i]) { - - total += fsrv->trace_bits[i]; - if (fsrv->trace_bits[i] > highest) highest = fsrv->trace_bits[i]; - if (!coverage_map[i]) { coverage_map[i] = 1; } - - } + if (fsrv->trace_bits[i]) { coverage_map[i] |= fsrv->trace_bits[i]; } } @@ -328,7 +324,7 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { if (cmin_mode) { - fprintf(f, "%u%u\n", fsrv->trace_bits[i], i); + fprintf(f, "%u%03u\n", i, fsrv->trace_bits[i]); } else { @@ -423,9 +419,9 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, } - if (fsrv->trace_bits[0] == 1) { + if (fsrv->trace_bits[0]) { - fsrv->trace_bits[0] = 0; + fsrv->trace_bits[0] -= 1; have_coverage = true; } else { @@ -654,9 +650,9 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { } - if (fsrv->trace_bits[0] == 1) { + if (fsrv->trace_bits[0]) { - fsrv->trace_bits[0] = 0; + fsrv->trace_bits[0] -= 1; have_coverage = true; } else { @@ -1337,6 +1333,8 @@ int main(int argc, char **argv_orig, char **envp) { } + if (collect_coverage) { binary_mode = false; } // ensure this + if (optind == argc || !out_file) { usage(argv[0]); } if (in_dir && in_filelist) { FATAL("you can only specify either -i or -I"); } @@ -1609,6 +1607,7 @@ int main(int argc, char **argv_orig, char **envp) { if (in_dir || in_filelist) { afl->fsrv.dev_urandom_fd = open("/dev/urandom", O_RDONLY); + if (afl->fsrv.dev_urandom_fd < 0) { PFATAL("Unable to open /dev/urandom"); } afl->afl_env.afl_custom_mutator_library = getenv("AFL_CUSTOM_MUTATOR_LIBRARY"); afl->afl_env.afl_python_module = getenv("AFL_PYTHON_MODULE"); @@ -1674,7 +1673,6 @@ int main(int argc, char **argv_orig, char **envp) { if ((coverage_map = (u8 *)malloc(map_size + 64)) == NULL) FATAL("coult not grab memory"); edges_only = false; - raw_instr_output = true; } |