diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz.c | 51 | ||||
| -rw-r--r-- | src/afl-gcc.c | 55 | ||||
| -rw-r--r-- | src/afl-showmap.c | 11 |
3 files changed, 67 insertions, 50 deletions
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 0609061c..740fb5cb 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -100,7 +100,6 @@ static void usage(u8* argv0) { " -f file - location read by the fuzzed program (stdin)\n" " -t msec - timeout for each run (auto-scaled, 50-%d ms)\n" " -m megs - memory limit for child process (%d MB)\n" - " -c program - enable CmpLog by specifying a binary compiled for it\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" " -W - use qemu-based instrumentation with Wine (Wine " @@ -113,7 +112,9 @@ static void usage(u8* argv0) { "entering the\n" " pacemaker mode (minutes of no new paths, 0 = " "immediately).\n" - " a recommended value is 10-60. see docs/README.MOpt\n\n" + " a recommended value is 10-60. see docs/README.MOpt\n" + " -c program - enable CmpLog by specifying a binary compiled for it.\n" + " if using QEMU, just use -c 0.\n\n" "Fuzzing behavior settings:\n" " -N - do not unlink the fuzzing input file\n" @@ -653,25 +654,6 @@ int main(int argc, char** argv, char** envp) { if (!strcmp(in_dir, out_dir)) FATAL("Input and output directories can't be the same"); - if ((tmp_dir = getenv("AFL_TMPDIR")) != NULL) { - - char tmpfile[file_extension - ? strlen(tmp_dir) + 1 + 10 + 1 + strlen(file_extension) + 1 - : strlen(tmp_dir) + 1 + 10 + 1]; - if (file_extension) { - sprintf(tmpfile, "%s/.cur_input.%s", tmp_dir, file_extension); - } else { - sprintf(tmpfile, "%s/.cur_input", tmp_dir); - } - if (access(tmpfile, F_OK) != - -1) // there is still a race condition here, but well ... - FATAL("AFL_TMPDIR already has an existing temporary input file: %s", - tmpfile); - - } else - - tmp_dir = out_dir; - if (dumb_mode) { if (crash_mode) FATAL("-C and -n are mutually exclusive"); @@ -845,6 +827,26 @@ int main(int argc, char** argv, char** envp) { if (!timeout_given) find_timeout(); + if ((tmp_dir = getenv("AFL_TMPDIR")) != NULL && !in_place_resume) { + + char tmpfile[file_extension + ? strlen(tmp_dir) + 1 + 10 + 1 + strlen(file_extension) + 1 + : strlen(tmp_dir) + 1 + 10 + 1]; + if (file_extension) { + sprintf(tmpfile, "%s/.cur_input.%s", tmp_dir, file_extension); + } else { + sprintf(tmpfile, "%s/.cur_input", tmp_dir); + } + if (access(tmpfile, F_OK) != + -1) // there is still a race condition here, but well ... + FATAL("AFL_TMPDIR already has an existing temporary input file: %s - if this is not from another instance, then just remove the file.", + tmpfile); + + } else + + tmp_dir = out_dir; + + /* If we don't have a file name chosen yet, use a safe default. */ if (!out_file) { @@ -881,7 +883,12 @@ int main(int argc, char** argv, char** envp) { if (!out_file) setup_stdio_file(); - if (cmplog_binary) check_binary(cmplog_binary); + if (cmplog_binary) { + if (unicorn_mode) + FATAL("CmpLog and Unicorn mode are not compatible at the moment, sorry"); + if (!qemu_mode) + check_binary(cmplog_binary); + } check_binary(argv[optind]); start_time = get_cur_time(); diff --git a/src/afl-gcc.c b/src/afl-gcc.c index 51c78843..ff53cc8d 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -342,11 +342,37 @@ static void edit_params(u32 argc, char** argv) { int main(int argc, char** argv) { + char *env_info = + "Environment variables used by afl-gcc:\n" + "AFL_CC: path to the C compiler to use\n" + "AFL_CXX: path to the C++ compiler to use\n" + "AFL_GCJ: path to the java compiler to use\n" + "AFL_PATH: path to the instrumenting assembler\n" + "AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n" + "AFL_NO_BUILTIN: compile for use with libtokencap.so\n" + "AFL_QUIET: suppress verbose output\n" + "AFL_CAL_FAST: speed up the initial calibration\n" + "AFL_HARDEN: adds code hardening to catch memory bugs\n" + "AFL_USE_ASAN: activate address sanitizer\n" + "AFL_USE_MSAN: activate memory sanitizer\n" + "AFL_USE_UBSAN: activate undefined behaviour sanitizer\n" + + "\nEnvironment variables used by afl-as (called by afl-gcc):\n" + "AFL_AS: path to the assembler to use\n" + "TMPDIR: set the directory for temporary files of afl-as\n" + "TEMP: fall back path to directory for temporary files\n" + "TMP: fall back path to directory for temporary files\n" + "AFL_INST_RATIO: percentage of branches to instrument\n" + "AFL_QUIET: suppress verbose output\n" + "AFL_KEEP_ASSEMBLY: leave instrumented assembly files\n" + "AFL_AS_FORCE_INSTRUMENT: force instrumentation for asm sources\n" + ; + if (argc == 2 && strcmp(argv[1], "-h") == 0) { printf("afl-cc" VERSION " by Michal Zalewski\n\n"); printf("%s \n\n", argv[0]); - printf("afl-gcc has no command line options\n"); + printf("afl-gcc has no command line options\n\n%s", env_info); printf( "NOTE: afl-gcc is deprecated, llvm_mode is much faster and has more " "options\n"); @@ -382,32 +408,9 @@ int main(int argc, char** argv) { "You can specify custom next-stage toolchain via AFL_CC, AFL_CXX, and " "AFL_AS.\n" "Setting AFL_HARDEN enables hardening optimizations in the compiled " - "code.\n\n" + "code.\n\n%s" - "Environment variables used by afl-gcc:\n" - "AFL_CC: path to the C compiler to use\n" - "AFL_CXX: path to the C++ compiler to use\n" - "AFL_GCJ: path to the java compiler to use\n" - "AFL_PATH: path to the instrumenting assembler\n" - "AFL_DONT_OPTIMIZE: disable optimization instead of -O3\n" - "AFL_NO_BUILTIN: compile for use with libtokencap.so\n" - "AFL_QUIET: suppress verbose output\n" - "AFL_CAL_FAST: speed up the initial calibration\n" - "AFL_HARDEN: adds code hardening to catch memory bugs\n" - "AFL_USE_ASAN: activate address sanitizer\n" - "AFL_USE_MSAN: activate memory sanitizer\n" - "AFL_USE_UBSAN: activate undefined behaviour sanitizer\n" - - "\nEnvironment variables used by afl-as (called by afl-gcc):\n" - "AFL_AS: path to the assembler to use\n" - "TMPDIR: set the directory for temporary files of afl-as\n" - "TEMP: fall back path to directory for temporary files\n" - "TMP: fall back path to directory for temporary files\n" - "AFL_INST_RATIO: percentage of branches to instrument\n" - "AFL_QUIET: suppress verbose output\n" - "AFL_KEEP_ASSEMBLY: leave instrumented assembly files\n" - "AFL_AS_FORCE_INSTRUMENT: force instrumentation for asm sources\n" - , BIN_PATH, BIN_PATH); + , BIN_PATH, BIN_PATH, env_info); exit(1); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 99022983..a46645ab 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -162,7 +162,7 @@ static void classify_counts(u8* mem, const u8* map) { static void at_exit_handler(void) { - if (out_file) unlink(out_file); /* Ignore errors */ + if (stdin_file) unlink(stdin_file); } @@ -949,7 +949,7 @@ int main(int argc, char** argv, char** envp) { } - stdin_file = alloc_printf("%s/.afl-tmin-temp-%u", use_dir, getpid()); + stdin_file = alloc_printf("%s/.afl-showmap-temp-%u", use_dir, getpid()); unlink(stdin_file); atexit(at_exit_handler); out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600); @@ -1014,6 +1014,13 @@ int main(int argc, char** argv, char** envp) { tcnt, highest, total, out_file); } + + if (stdin_file) { + + unlink(stdin_file); + stdin_file = NULL; + + } exit(child_crashed * 2 + child_timed_out); |