diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-analyze.c | 19 | ||||
| -rw-r--r-- | src/afl-as.c | 7 | ||||
| -rw-r--r-- | src/afl-cc.c | 14 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 24 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 23 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-redqueen.c | 26 | ||||
| -rw-r--r-- | src/afl-fuzz-state.c | 7 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 131 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 10 | ||||
| -rw-r--r-- | src/afl-showmap.c | 7 | ||||
| -rw-r--r-- | src/afl-tmin.c | 19 |
12 files changed, 226 insertions, 67 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 8e5a1772..aabdbf1a 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -784,6 +784,18 @@ static void set_up_environment(char **argv) { } + x = get_afl_env("LSAN_OPTIONS"); + + if (x) { + + if (!strstr(x, "symbolize=0")) { + + FATAL("Custom LSAN_OPTIONS set without symbolize=0 - please fix!"); + + } + + } + setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" @@ -821,6 +833,13 @@ static void set_up_environment(char **argv) { "handle_sigfpe=0:" "handle_sigill=0", 0); + setenv("LSAN_OPTIONS", + "exitcode=" STRINGIFY(LSAN_ERROR) ":" + "fast_unwind_on_malloc=0:" + "symbolize=0:" + "print_suppressions=0", + 0); + if (get_afl_env("AFL_PRELOAD")) { if (qemu_mode) { diff --git a/src/afl-as.c b/src/afl-as.c index aebd0ac8..7119d630 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -517,11 +517,12 @@ static void add_instrumentation(void) { } else { char modeline[100]; - snprintf(modeline, sizeof(modeline), "%s%s%s%s", + snprintf(modeline, sizeof(modeline), "%s%s%s%s%s", getenv("AFL_HARDEN") ? "hardened" : "non-hardened", getenv("AFL_USE_ASAN") ? ", ASAN" : "", getenv("AFL_USE_MSAN") ? ", MSAN" : "", - getenv("AFL_USE_UBSAN") ? ", UBSAN" : ""); + getenv("AFL_USE_UBSAN") ? ", UBSAN" : "", + getenv("AFL_USE_LSAN") ? ", LSAN" : ""); OKF("Instrumented %u locations (%s-bit, %s mode, ratio %u%%).", ins_lines, use_64bit ? "64" : "32", modeline, inst_ratio); @@ -585,7 +586,7 @@ int main(int argc, char **argv) { "AFL_QUIET: suppress verbose output\n" "AFL_KEEP_ASSEMBLY: leave instrumented assembly files\n" "AFL_AS_FORCE_INSTRUMENT: force instrumentation for asm sources\n" - "AFL_HARDEN, AFL_USE_ASAN, AFL_USE_MSAN, AFL_USE_UBSAN:\n" + "AFL_HARDEN, AFL_USE_ASAN, AFL_USE_MSAN, AFL_USE_UBSAN, AFL_USE_LSAN:\n" " used in the instrumentation summary message\n", argv[0]); diff --git a/src/afl-cc.c b/src/afl-cc.c index b354077e..1f89bac5 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -430,9 +430,6 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument"; - if (lto_mode && plusplus_mode) - cc_params[cc_par_cnt++] = "-lc++"; // needed by fuzzbench, early - if (lto_mode && have_instr_env) { cc_params[cc_par_cnt++] = "-Xclang"; @@ -819,6 +816,14 @@ static void edit_params(u32 argc, char **argv, char **envp) { } + if (getenv("AFL_USE_LSAN")) { + + cc_params[cc_par_cnt++] = "-fsanitize=leak"; + cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h"; + cc_params[cc_par_cnt++] = "-D__AFL_LEAK_CHECK()=__lsan_do_leak_check()"; + + } + if (getenv("AFL_USE_CFISAN")) { if (!lto_mode) { @@ -1730,7 +1735,8 @@ int main(int argc, char **argv, char **envp) { " AFL_USE_ASAN: activate address sanitizer\n" " AFL_USE_CFISAN: activate control flow sanitizer\n" " AFL_USE_MSAN: activate memory sanitizer\n" - " AFL_USE_UBSAN: activate undefined behaviour sanitizer\n"); + " AFL_USE_UBSAN: activate undefined behaviour sanitizer\n" + " AFL_USE_LSAN: activate leak-checker sanitizer\n"); if (have_gcc_plugin) SAYF( diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 0037d2d5..727e7f8d 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -502,7 +502,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!getenv("LD_BIND_LAZY")) { setenv("LD_BIND_NOW", "1", 1); } - /* Set sane defaults for ASAN if nothing else specified. */ + /* Set sane defaults for ASAN if nothing else is specified. */ if (!getenv("ASAN_OPTIONS")) setenv("ASAN_OPTIONS", @@ -519,7 +519,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, "handle_sigill=0", 1); - /* Set sane defaults for UBSAN if nothing else specified. */ + /* Set sane defaults for UBSAN if nothing else is specified. */ if (!getenv("UBSAN_OPTIONS")) setenv("UBSAN_OPTIONS", @@ -557,6 +557,16 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, "handle_sigill=0", 1); + /* LSAN, too, does not support abort_on_error=1. */ + + if (!getenv("LSAN_OPTIONS")) + setenv("LSAN_OPTIONS", + "exitcode=" STRINGIFY(LSAN_ERROR) ":" + "fast_unwind_on_malloc=0:" + "symbolize=0:" + "print_suppressions=0", + 1); + fsrv->init_child_func(fsrv, argv); /* Use a distinctive bitmap signature to tell the parent about execv() @@ -811,7 +821,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (fsrv->last_run_timed_out) { - FATAL("Timeout while initializing fork server (adjusting -t may help)"); + FATAL( + "Timeout while initializing fork server (setting " + "AFL_FORKSRV_INIT_TMOUT may help)"); } @@ -1303,8 +1315,10 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, if (unlikely( /* A normal crash/abort */ (WIFSIGNALED(fsrv->child_status)) || - /* special handling for msan */ - (fsrv->uses_asan && WEXITSTATUS(fsrv->child_status) == MSAN_ERROR) || + /* special handling for msan and lsan */ + (fsrv->uses_asan && + (WEXITSTATUS(fsrv->child_status) == MSAN_ERROR || + WEXITSTATUS(fsrv->child_status) == LSAN_ERROR)) || /* the custom crash_exitcode was returned by the target */ (fsrv->uses_crash_exitcode && WEXITSTATUS(fsrv->child_status) == fsrv->crash_exitcode))) { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index cb0190a0..b6bfbc29 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -881,7 +881,7 @@ void perform_dry_run(afl_state_t *afl) { case FSRV_RUN_TMOUT: - if (afl->timeout_given) { + if (afl->timeout_given && !afl->afl_env.afl_exit_on_seed_issues) { /* if we have a timeout but a timeout value was given then always skip. The '+' meaning has been changed! */ @@ -1036,6 +1036,12 @@ void perform_dry_run(afl_state_t *afl) { } + if (afl->afl_env.afl_exit_on_seed_issues) { + + FATAL("As AFL_EXIT_ON_SEED_ISSUES is set, afl-fuzz exits."); + + } + /* Remove from fuzzing queue but keep for splicing */ struct queue_entry *p = afl->queue; @@ -2490,6 +2496,18 @@ void check_asan_opts(afl_state_t *afl) { } + x = get_afl_env("LSAN_OPTIONS"); + + if (x) { + + if (!strstr(x, "symbolize=0")) { + + FATAL("Custom LSAN_OPTIONS set without symbolize=0 - please fix!"); + + } + + } + } /* Handle stop signal (Ctrl-C, etc). */ @@ -2735,7 +2753,8 @@ void check_binary(afl_state_t *afl, u8 *fname) { } if (memmem(f_data, f_len, "__asan_init", 11) || - memmem(f_data, f_len, "__msan_init", 11)) { + memmem(f_data, f_len, "__msan_init", 11) || + memmem(f_data, f_len, "__lsan_init", 11)) { afl->fsrv.uses_asan = 1; diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index e5f51a6c..811e805c 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -478,7 +478,11 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { u8 *fname_orig = NULL; /* At the initialization stage, queue_cur is NULL */ - if (afl->queue_cur) fname_orig = afl->queue_cur->fname; + if (afl->queue_cur && !afl->syncing_party) { + + fname_orig = afl->queue_cur->fname; + + } el->afl_custom_queue_new_entry(el->data, fname, fname_orig); diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 9bfbf95b..cf1e5ea5 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -437,7 +437,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, if (taint) { - if (afl->colorize_success && + if (afl->colorize_success && afl->cmplog_lvl < 3 && (len / positions == 1 && positions > CMPLOG_POSITIONS_MAX && afl->active_paths / afl->colorize_success > CMPLOG_CORPUS_PERCENT)) { @@ -1749,6 +1749,12 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, #endif +#ifdef _DEBUG + if (o->v0 != orig_o->v0 || o->v1 != orig_o->v1) + fprintf(stderr, "key=%u idx=%u o0=%llu v0=%llu o1=%llu v1=%llu\n", key, + idx, orig_o->v0, o->v0, orig_o->v1, o->v1); +#endif + // even for u128 and _ExtInt we do cmp_extend_encoding() because // if we got here their own special trials failed and it might just be // a cast from e.g. u64 to u128 from the input data. @@ -2365,6 +2371,24 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, status = 0; +#ifdef _DEBUG + int w; + fprintf(stderr, "key=%u idx=%u len=%u o0=", key, idx, + SHAPE_BYTES(h->shape)); + for (w = 0; w < SHAPE_BYTES(h->shape); ++w) + fprintf(stderr, "%02x", orig_o->v0[w]); + fprintf(stderr, " v0="); + for (w = 0; w < SHAPE_BYTES(h->shape); ++w) + fprintf(stderr, "%02x", o->v0[w]); + fprintf(stderr, " o1="); + for (w = 0; w < SHAPE_BYTES(h->shape); ++w) + fprintf(stderr, "%02x", orig_o->v1[w]); + fprintf(stderr, " v1="); + for (w = 0; w < SHAPE_BYTES(h->shape); ++w) + fprintf(stderr, "%02x", o->v1[w]); + fprintf(stderr, "\n"); +#endif + if (unlikely(rtn_extend_encoding( afl, o->v0, o->v1, orig_o->v0, orig_o->v1, SHAPE_BYTES(h->shape), idx, taint_len, orig_buf, buf, cbuf, len, lvl, &status))) { diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index f65ff1bb..28d3339a 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -306,6 +306,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->cycle_schedules = afl->afl_env.afl_cycle_schedules = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_EXIT_ON_SEED_ISSUES", + + afl_environment_variable_len)) { + + afl->afl_env.afl_exit_on_seed_issues = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_EXPAND_HAVOC_NOW", afl_environment_variable_len)) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 2c814d90..52d9de87 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -355,18 +355,18 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, double eps) { - if (unlikely(afl->stop_soon) || - unlikely(afl->plot_prev_qp == afl->queued_paths && - afl->plot_prev_pf == afl->pending_favored && - afl->plot_prev_pnf == afl->pending_not_fuzzed && - afl->plot_prev_ce == afl->current_entry && - afl->plot_prev_qc == afl->queue_cycle && - afl->plot_prev_uc == afl->unique_crashes && - afl->plot_prev_uh == afl->unique_hangs && - afl->plot_prev_md == afl->max_depth && - afl->plot_prev_ed == afl->fsrv.total_execs) || - unlikely(!afl->queue_cycle) || - unlikely(get_cur_time() - afl->start_time <= 60)) { + if (unlikely(!afl->force_ui_update && + (afl->stop_soon || + (afl->plot_prev_qp == afl->queued_paths && + afl->plot_prev_pf == afl->pending_favored && + afl->plot_prev_pnf == afl->pending_not_fuzzed && + afl->plot_prev_ce == afl->current_entry && + afl->plot_prev_qc == afl->queue_cycle && + afl->plot_prev_uc == afl->unique_crashes && + afl->plot_prev_uh == afl->unique_hangs && + afl->plot_prev_md == afl->max_depth && + afl->plot_prev_ed == afl->fsrv.total_execs) || + !afl->queue_cycle || get_cur_time() - afl->start_time <= 60))) { return; @@ -427,7 +427,7 @@ void show_stats(afl_state_t *afl) { u32 t_bytes, t_bits; u32 banner_len, banner_pad; - u8 tmp[256]; + u8 tmp[256], tmp2[256]; u8 time_tmp[64]; u8 val_buf[8][STRINGIFY_VAL_SIZE_MAX]; @@ -531,7 +531,8 @@ void show_stats(afl_state_t *afl) { /* Roughly every minute, update fuzzer stats and save auto tokens. */ - if (cur_ms - afl->stats_last_stats_ms > STATS_UPDATE_SEC * 1000) { + if (unlikely(afl->force_ui_update || + cur_ms - afl->stats_last_stats_ms > STATS_UPDATE_SEC * 1000)) { afl->stats_last_stats_ms = cur_ms; write_stats_file(afl, t_bytes, t_byte_ratio, stab_ratio, @@ -543,7 +544,8 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->afl_env.afl_statsd)) { - if (cur_ms - afl->statsd_last_send_ms > STATSD_UPDATE_SEC * 1000) { + if (unlikely(afl->force_ui_update && cur_ms - afl->statsd_last_send_ms > + STATSD_UPDATE_SEC * 1000)) { /* reset counter, even if send failed. */ afl->statsd_last_send_ms = cur_ms; @@ -555,7 +557,8 @@ void show_stats(afl_state_t *afl) { /* Every now and then, write plot data. */ - if (cur_ms - afl->stats_last_plot_ms > PLOT_UPDATE_SEC * 1000) { + if (unlikely(afl->force_ui_update || + cur_ms - afl->stats_last_plot_ms > PLOT_UPDATE_SEC * 1000)) { afl->stats_last_plot_ms = cur_ms; maybe_update_plot_file(afl, t_bytes, t_byte_ratio, afl->stats_avg_exec); @@ -564,14 +567,14 @@ void show_stats(afl_state_t *afl) { /* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */ - if (!afl->non_instrumented_mode && afl->cycles_wo_finds > 100 && - !afl->pending_not_fuzzed && afl->afl_env.afl_exit_when_done) { + if (unlikely(!afl->non_instrumented_mode && afl->cycles_wo_finds > 100 && + !afl->pending_not_fuzzed && afl->afl_env.afl_exit_when_done)) { afl->stop_soon = 2; } - if (afl->total_crashes && afl->afl_env.afl_bench_until_crash) { + if (unlikely(afl->total_crashes && afl->afl_env.afl_bench_until_crash)) { afl->stop_soon = 2; @@ -583,7 +586,7 @@ void show_stats(afl_state_t *afl) { /* If we haven't started doing things, bail out. */ - if (!afl->queue_cur) { return; } + if (unlikely(!afl->queue_cur)) { return; } /* Compute some mildly useful bitmap stats. */ @@ -602,7 +605,7 @@ void show_stats(afl_state_t *afl) { SAYF(TERM_HOME); - if (afl->term_too_small) { + if (unlikely(afl->term_too_small)) { SAYF(cBRI "Your terminal is too small to display the UI.\n" @@ -861,9 +864,13 @@ void show_stats(afl_state_t *afl) { " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); - if (afl->skip_deterministic) { + if (unlikely(afl->custom_only)) { - strcpy(tmp, "n/a, n/a, n/a"); + strcpy(tmp, "disabled (custom-mutator-only mode)"); + + } else if (likely(afl->skip_deterministic)) { + + strcpy(tmp, "disabled (default, enable with -D)"); } else { @@ -881,7 +888,7 @@ void show_stats(afl_state_t *afl) { " levels : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->max_depth)); - if (!afl->skip_deterministic) { + if (unlikely(!afl->skip_deterministic)) { sprintf(tmp, "%s/%s, %s/%s, %s/%s", u_stringify_int(IB(0), afl->stage_finds[STAGE_FLIP8]), @@ -897,7 +904,7 @@ void show_stats(afl_state_t *afl) { " pending : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed)); - if (!afl->skip_deterministic) { + if (unlikely(!afl->skip_deterministic)) { sprintf(tmp, "%s/%s, %s/%s, %s/%s", u_stringify_int(IB(0), afl->stage_finds[STAGE_ARITH8]), @@ -913,7 +920,7 @@ void show_stats(afl_state_t *afl) { " pend fav : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_favored)); - if (!afl->skip_deterministic) { + if (unlikely(!afl->skip_deterministic)) { sprintf(tmp, "%s/%s, %s/%s, %s/%s", u_stringify_int(IB(0), afl->stage_finds[STAGE_INTEREST8]), @@ -929,7 +936,7 @@ void show_stats(afl_state_t *afl) { " own finds : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->queued_discovered)); - if (!afl->skip_deterministic) { + if (unlikely(!afl->skip_deterministic)) { sprintf(tmp, "%s/%s, %s/%s, %s/%s", u_stringify_int(IB(0), afl->stage_finds[STAGE_EXTRAS_UO]), @@ -939,6 +946,14 @@ void show_stats(afl_state_t *afl) { u_stringify_int(IB(4), afl->stage_finds[STAGE_EXTRAS_AO]), u_stringify_int(IB(5), afl->stage_cycles[STAGE_EXTRAS_AO])); + } else if (unlikely(!afl->extras_cnt || afl->custom_only)) { + + strcpy(tmp, "n/a"); + + } else { + + strcpy(tmp, "havoc mode"); + } SAYF(bV bSTOP " dictionary : " cRST "%-36s " bSTG bV bSTOP @@ -974,35 +989,52 @@ void show_stats(afl_state_t *afl) { : cRST), tmp); - if (afl->shm.cmplog_mode) { + if (unlikely(afl->afl_env.afl_python_module)) { - sprintf(tmp, "%s/%s, %s/%s, %s/%s, %s/%s", + sprintf(tmp, "%s/%s,", u_stringify_int(IB(0), afl->stage_finds[STAGE_PYTHON]), - u_stringify_int(IB(1), afl->stage_cycles[STAGE_PYTHON]), - u_stringify_int(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR]), - u_stringify_int(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR]), + u_stringify_int(IB(1), afl->stage_cycles[STAGE_PYTHON])); + + } else { + + strcpy(tmp, "unused,"); + + } + + if (unlikely(afl->afl_env.afl_custom_mutator_library)) { + + sprintf(tmp2, "%s %s/%s,", tmp, + u_stringify_int(IB(2), afl->stage_finds[STAGE_PYTHON]), + u_stringify_int(IB(3), afl->stage_cycles[STAGE_PYTHON])); + + } else { + + sprintf(tmp2, "%s unused,", tmp); + + } + + if (unlikely(afl->shm.cmplog_mode)) { + + sprintf(tmp, "%s %s/%s, %s/%s", tmp2, u_stringify_int(IB(4), afl->stage_finds[STAGE_COLORIZATION]), u_stringify_int(IB(5), afl->stage_cycles[STAGE_COLORIZATION]), u_stringify_int(IB(6), afl->stage_finds[STAGE_ITS]), u_stringify_int(IB(7), afl->stage_cycles[STAGE_ITS])); - SAYF(bV bSTOP " custom/rq : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n", - tmp); - } else { - sprintf(tmp, "%s/%s, %s/%s", - u_stringify_int(IB(0), afl->stage_finds[STAGE_PYTHON]), - u_stringify_int(IB(1), afl->stage_cycles[STAGE_PYTHON]), - u_stringify_int(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR]), - u_stringify_int(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR])); - - SAYF(bV bSTOP " py/custom : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n", - tmp); + sprintf(tmp, "%s unused, unused", tmp2); } - if (!afl->bytes_trim_out) { + SAYF(bV bSTOP "py/custom/rq : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n", + tmp); + + if (likely(afl->disable_trim)) { + + sprintf(tmp, "disabled, "); + + } else if (unlikely(!afl->bytes_trim_out)) { sprintf(tmp, "n/a, "); @@ -1015,12 +1047,13 @@ void show_stats(afl_state_t *afl) { } - if (!afl->blocks_eff_total) { + if (likely(afl->skip_deterministic)) { - u8 tmp2[128]; + strcat(tmp, "disabled"); - sprintf(tmp2, "n/a"); - strcat(tmp, tmp2); + } else if (unlikely(!afl->blocks_eff_total)) { + + strcat(tmp, "n/a"); } else { @@ -1044,7 +1077,7 @@ void show_stats(afl_state_t *afl) { // //} else { - SAYF(bV bSTOP " trim : " cRST "%-36s " bSTG bV RESET_G1, tmp); + SAYF(bV bSTOP " trim/eff : " cRST "%-36s " bSTG bV RESET_G1, tmp); //} diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9688c84f..2b035a23 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -855,6 +855,14 @@ int main(int argc, char **argv_orig, char **envp) { break; case '3': afl->cmplog_lvl = 3; + + if (!afl->disable_trim) { + + ACTF("Deactivating trimming due CMPLOG level 3"); + afl->disable_trim = 1; + + } + break; case 'a': case 'A': @@ -2125,12 +2133,10 @@ int main(int argc, char **argv_orig, char **envp) { } write_bitmap(afl); - maybe_update_plot_file(afl, 0, 0, 0); save_auto(afl); stop_fuzzing: - write_stats_file(afl, 0, 0, 0, 0); afl->force_ui_update = 1; // ensure the screen is reprinted show_stats(afl); // print the screen one last time diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 38d03d80..946b19cd 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -572,6 +572,13 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { "handle_sigill=0", 0); + setenv("LSAN_OPTIONS", + "exitcode=" STRINGIFY(LSAN_ERROR) ":" + "fast_unwind_on_malloc=0:" + "symbolize=0:" + "print_suppressions=0", + 0); + setenv("UBSAN_OPTIONS", "halt_on_error=1:" "abort_on_error=1:" diff --git a/src/afl-tmin.c b/src/afl-tmin.c index bad5d71b..6656712a 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -714,6 +714,18 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { } + x = get_afl_env("LSAN_OPTIONS"); + + if (x) { + + if (!strstr(x, "symbolize=0")) { + + FATAL("Custom LSAN_OPTIONS set without symbolize=0 - please fix!"); + + } + + } + setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" @@ -751,6 +763,13 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { "handle_sigfpe=0:" "handle_sigill=0", 0); + setenv("LSAN_OPTIONS", + "exitcode=" STRINGIFY(LSAN_ERROR) ":" + "fast_unwind_on_malloc=0:" + "symbolize=0:" + "print_suppressions=0", + 0); + if (get_afl_env("AFL_PRELOAD")) { if (fsrv->qemu_mode) { |