diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-cc.c | 29 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 2 | ||||
| -rw-r--r-- | src/afl-sharedmem.c | 8 |
3 files changed, 30 insertions, 9 deletions
diff --git a/src/afl-cc.c b/src/afl-cc.c index 273a9f2f..14d8e070 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -130,20 +130,27 @@ static u8 *find_object(u8 *obj, u8 *argv0) { u8 *afl_path = getenv("AFL_PATH"); u8 *slash = NULL, *tmp; - if (obj_path) { + /* + if (obj_path) { - tmp = alloc_printf("%s/%s", obj_path, obj); + tmp = alloc_printf("%s/%s", obj_path, obj); - if (!access(tmp, R_OK)) { return tmp; } + if (debug) DEBUGF("Trying %s\n", tmp); - ck_free(tmp); + if (!access(tmp, R_OK)) { return tmp; } - } + ck_free(tmp); + + } + + */ if (afl_path) { tmp = alloc_printf("%s/%s", afl_path, obj); + if (debug) DEBUGF("Trying %s\n", tmp); + if (!access(tmp, R_OK)) { obj_path = afl_path; @@ -168,6 +175,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) { tmp = alloc_printf("%s/%s", dir, obj); + if (debug) DEBUGF("Trying %s\n", tmp); + if (!access(tmp, R_OK)) { obj_path = dir; @@ -178,6 +187,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) { ck_free(tmp); tmp = alloc_printf("%s/../lib/afl/%s", dir, obj); + if (debug) DEBUGF("Trying %s\n", tmp); + if (!access(tmp, R_OK)) { u8 *dir2 = alloc_printf("%s/../lib/afl", dir); @@ -232,6 +243,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) { ck_free(tmp); tmp = alloc_printf("%s/../lib/afl/%s", exepath, obj); + if (debug) DEBUGF("Trying %s\n", tmp); + if (!access(tmp, R_OK)) { u8 *dir = alloc_printf("%s/../lib/afl/", exepath); @@ -255,6 +268,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) { tmp = alloc_printf("%s/%s", AFL_PATH, obj); + if (debug) DEBUGF("Trying %s\n", tmp); + if (!access(tmp, R_OK)) { obj_path = AFL_PATH; @@ -266,6 +281,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) { tmp = alloc_printf("./%s", obj); + if (debug) DEBUGF("Trying %s\n", tmp); + if (!access(tmp, R_OK)) { obj_path = "."; @@ -275,6 +292,8 @@ static u8 *find_object(u8 *obj, u8 *argv0) { ck_free(tmp); + if (debug) DEBUGF("Trying ... giving up\n"); + return NULL; } diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 5a8e56b2..3afb94be 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -960,6 +960,8 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { if (fsrv->shmem_fuzz) { + if (unlikely(len > MAX_FILE)) len = MAX_FILE; + *fsrv->shmem_fuzz_len = len; memcpy(fsrv->shmem_fuzz, buf, len); #ifdef _DEBUG diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index cef908e0..3e671df5 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -252,10 +252,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, shm_str = alloc_printf("%d", shm->shm_id); - /* If somebody is asking us to fuzz instrumented binaries in non-instrumented - mode, we don't want them to detect instrumentation, since we won't be - sending fork server commands. This should be replaced with better - auto-detection later on, perhaps? */ + /* If somebody is asking us to fuzz instrumented binaries in + non-instrumented mode, we don't want them to detect instrumentation, + since we won't be sending fork server commands. This should be replaced + with better auto-detection later on, perhaps? */ setenv(SHM_ENV_VAR, shm_str, 1); |