diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz-globals.c | 5 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 39 | ||||
| -rw-r--r-- | src/afl-fuzz-one.c | 13 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 38 | ||||
| -rw-r--r-- | src/afl-gotcpu.c | 27 |
5 files changed, 77 insertions, 45 deletions
diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index 01b242b8..a8c17922 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -260,6 +260,7 @@ PyObject *py_functions[PY_FUNC_COUNT]; #endif #ifdef _AFL_DOCUMENT_MUTATIONS - u8 do_document; - u32 document_counter; +u8 do_document; +u32 document_counter; #endif + diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index cb340107..12dcafae 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -32,7 +32,7 @@ void bind_to_free_cpu(void) { - cpu_set_t c; + cpu_set_t c; u8 cpu_used[4096] = {0}; u32 i; @@ -114,28 +114,34 @@ void bind_to_free_cpu(void) { closedir(d); #elif defined(__FreeBSD__) - struct kinfo_proc *procs; - size_t nprocs; - size_t proccount; - int s_name[] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL}; - size_t s_name_l = sizeof(s_name)/sizeof(s_name[0]); + struct kinfo_proc* procs; + size_t nprocs; + size_t proccount; + int s_name[] = {CTL_KERN, KERN_PROC, KERN_PROC_ALL}; + size_t s_name_l = sizeof(s_name) / sizeof(s_name[0]); if (sysctl(s_name, s_name_l, NULL, &nprocs, NULL, 0) != 0) return; proccount = nprocs / sizeof(*procs); - nprocs = nprocs * 4/3; + nprocs = nprocs * 4 / 3; procs = ck_alloc(nprocs); if (sysctl(s_name, s_name_l, procs, &nprocs, NULL, 0) != 0) { + ck_free(procs); return; + } - for (i = 0; i < proccount; i ++) { - if (procs[i].ki_oncpu < sizeof(cpu_used)) - cpu_used[procs[i].ki_oncpu] = 1; + for (i = 0; i < proccount; i++) { + + if (procs[i].ki_oncpu < sizeof(cpu_used)) cpu_used[procs[i].ki_oncpu] = 1; + } ck_free(procs); +#else +#warning \ + "For this platform we do not have free CPU binding code yet. If poxxible, please supply a PR to https://github.com/vanhauser-thc/AFLplusplus" #endif for (i = 0; i < cpu_core_count; ++i) @@ -166,7 +172,10 @@ void bind_to_free_cpu(void) { #if defined(__linux__) if (sched_setaffinity(0, sizeof(c), &c)) PFATAL("sched_setaffinity failed"); #elif defined(__FreeBSD__) - if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) PFATAL("pthread_setaffinity failed"); + if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) + PFATAL("pthread_setaffinity failed"); +#else + // this will need something for other platforms #endif } @@ -815,7 +824,8 @@ double get_runnable_processes(void) { static double res; -#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__NetBSD__) +#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \ + defined(__NetBSD__) /* I don't see any portable sysctl or so that would quickly give us the number of runnable processes; the 1-minute load average can be a @@ -856,7 +866,7 @@ double get_runnable_processes(void) { } -#endif /* ^(__APPLE__ || __FreeBSD__ || __OpenBSD__ || __NetBSD__) */ +#endif /* ^(__APPLE__ || __FreeBSD__ || __OpenBSD__ || __NetBSD__) */ return res; @@ -1510,7 +1520,7 @@ void check_cpu_governor(void) { FATAL("Suboptimal CPU scaling governor"); #elif defined __APPLE__ - u64 min = 0, max = 0; + u64 min = 0, max = 0; size_t mlen = sizeof(min); if (getenv("AFL_SKIP_CPUFREQ")) return; @@ -1542,6 +1552,7 @@ void check_cpu_governor(void) { min / 1024, max / 1024); FATAL("Suboptimal CPU scaling governor"); #endif + } /* Count the number of logical CPU cores. */ diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 7db25254..31d58a10 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -4231,7 +4231,6 @@ pacemaker_fuzzing: #define core_fuzzing(a) common_fuzzing((a), MOpt_globals_core) - void pso_updating(void) { g_now += 1; @@ -4314,17 +4313,25 @@ u8 fuzz_one(char** argv) { #ifdef _AFL_DOCUMENT_MUTATIONS if (do_document == 0) { - char *fn = alloc_printf("%s/mutations", out_dir); + + char* fn = alloc_printf("%s/mutations", out_dir); if (fn) { - do_document = mkdir(fn, 0700); // if it exists we do not care + + do_document = mkdir(fn, 0700); // if it exists we do not care do_document = 1; ck_free(fn); + } else + PFATAL("malloc()"); + } else { + do_document = 2; stop_soon = 2; + } + #endif if (limit_time_sig == 0) { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index c0fa928e..46d12423 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -178,15 +178,21 @@ u8 run_target(char** argv, u32 timeout) { if ((res = read(fsrv_st_fd, &status, 4)) != 4) { if (stop_soon) return 0; - SAYF("\n" cLRD "[-] " cRST - "Unable to communicate with fork server. Some possible reasons:\n\n" - " - You've run out of memory. Use -m to increase the the memory limit\n" - " to something higher than %lld.\n" - " - The binary or one of the libraries it uses manages to create\n" - " threads before the forkserver initializes.\n" - " - The binary, at least in some circumstances, exits in a way that\n" - " also kills the parent process - raise() could be the culprit.\n\n" - "If all else fails you can disable the fork server via AFL_NO_FORKSRV=1.\n", mem_limit); + SAYF( + "\n" cLRD "[-] " cRST + "Unable to communicate with fork server. Some possible reasons:\n\n" + " - You've run out of memory. Use -m to increase the the memory " + "limit\n" + " to something higher than %lld.\n" + " - The binary or one of the libraries it uses manages to create\n" + " threads before the forkserver initializes.\n" + " - The binary, at least in some circumstances, exits in a way " + "that\n" + " also kills the parent process - raise() could be the " + "culprit.\n\n" + "If all else fails you can disable the fork server via " + "AFL_NO_FORKSRV=1.\n", + mem_limit); RPFATAL(res, "Unable to communicate with fork server"); } @@ -261,15 +267,23 @@ void write_to_testcase(void* mem, u32 len) { s32 fd = out_fd; #ifdef _AFL_DOCUMENT_MUTATIONS - s32 doc_fd; - char *fn = alloc_printf("%s/mutations/%09u:%s", out_dir, document_counter++, describe_op(0)); + s32 doc_fd; + char* fn = alloc_printf("%s/mutations/%09u:%s", out_dir, document_counter++, + describe_op(0)); if (fn != NULL) { + if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600)) >= 0) { - if (write(doc_fd, mem, len) != len) PFATAL("write to mutation file failed: %s", fn); + + if (write(doc_fd, mem, len) != len) + PFATAL("write to mutation file failed: %s", fn); close(doc_fd); + } + ck_free(fn); + } + #endif if (out_file) { diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index ece5a850..bdb727de 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -54,16 +54,16 @@ #if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) #define HAVE_AFFINITY 1 -# if defined(__FreeBSD__) -# include <pthread.h> -# include <pthread_np.h> -# include <sys/cpuset.h> -# define cpu_set_t cpuset_t -# elif defined(__NetBSD__) -# include <pthread.h> -# include <sched.h> -# endif -#endif /* __linux__ || __FreeBSD__ || __NetBSD__ */ +#if defined(__FreeBSD__) +#include <pthread.h> +#include <pthread_np.h> +#include <sys/cpuset.h> +#define cpu_set_t cpuset_t +#elif defined(__NetBSD__) +#include <pthread.h> +#include <sched.h> +#endif +#endif /* __linux__ || __FreeBSD__ || __NetBSD__ */ /* Get unix time in microseconds. */ @@ -163,18 +163,17 @@ int main(int argc, char** argv) { if (!fr) { - u32 util_perc; + u32 util_perc; #if defined(__linux__) || defined(__FreeBSD__) cpu_set_t c; CPU_ZERO(&c); CPU_SET(i, &c); #elif defined(__NetBSD__) - cpuset_t *c; + cpuset_t* c; c = cpuset_create(); - if (c == NULL) - PFATAL("cpuset_create failed"); + if (c == NULL) PFATAL("cpuset_create failed"); cpuset_set(i, c); #endif |