about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-common.c33
-rw-r--r--src/afl-forkserver.c31
-rw-r--r--src/afl-fuzz-queue.c6
-rw-r--r--src/afl-fuzz-redqueen.c23
-rw-r--r--src/afl-fuzz-stats.c77
-rw-r--r--src/afl-fuzz.c2
-rw-r--r--src/afl-performance.c5
7 files changed, 143 insertions, 34 deletions
diff --git a/src/afl-common.c b/src/afl-common.c
index 367dec72..d66440aa 100644
--- a/src/afl-common.c
+++ b/src/afl-common.c
@@ -877,3 +877,36 @@ u32 get_map_size(void) {
 
 }
 
+/* Create a stream file */
+
+FILE *create_ffile(u8 *fn) {
+
+  s32   fd;
+  FILE *f;
+
+  fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+
+  if (fd < 0) { PFATAL("Unable to create '%s'", fn); }
+
+  f = fdopen(fd, "w");
+
+  if (!f) { PFATAL("fdopen() failed"); }
+
+  return f;
+
+}
+
+/* Create a file */
+
+s32 create_file(u8 *fn) {
+
+  s32 fd;
+
+  fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+
+  if (fd < 0) { PFATAL("Unable to create '%s'", fn); }
+
+  return fd;
+
+}
+
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 93203cb2..58932bc4 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -240,6 +240,23 @@ static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) {
 
     if (!child_pid) {  // New child
 
+      close(fsrv->out_dir_fd);
+      close(fsrv->dev_null_fd);
+      close(fsrv->dev_urandom_fd);
+
+      if (fsrv->plot_file != NULL) {
+
+        fclose(fsrv->plot_file);
+        fsrv->plot_file = NULL;
+
+      }
+
+      // enable terminating on sigpipe in the childs
+      struct sigaction sa;
+      memset((char *)&sa, 0, sizeof(sa));
+      sa.sa_handler = SIG_DFL;
+      sigaction(SIGPIPE, &sa, NULL);
+
       signal(SIGCHLD, old_sigchld_handler);
       // FORKSRV_FD is for communication with AFL, we don't need it in the
       // child.
@@ -361,11 +378,16 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
 
     /* CHILD PROCESS */
 
+    // enable terminating on sigpipe in the childs
+    struct sigaction sa;
+    memset((char *)&sa, 0, sizeof(sa));
+    sa.sa_handler = SIG_DFL;
+    sigaction(SIGPIPE, &sa, NULL);
+
     struct rlimit r;
 
     /* Umpf. On OpenBSD, the default fd limit for root users is set to
        soft 128. Let's try to fix that... */
-
     if (!getrlimit(RLIMIT_NOFILE, &r) && r.rlim_cur < FORKSRV_FD + 2) {
 
       r.rlim_cur = FORKSRV_FD + 2;
@@ -432,7 +454,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
     close(fsrv->dev_null_fd);
     close(fsrv->dev_urandom_fd);
 
-    if (fsrv->plot_file != NULL) { fclose(fsrv->plot_file); }
+    if (fsrv->plot_file != NULL) {
+
+      fclose(fsrv->plot_file);
+      fsrv->plot_file = NULL;
+
+    }
 
     /* This should improve performance a bit, since it stops the linker from
        doing extra work post-fork(). */
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 0c472845..c6d8225f 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -138,9 +138,9 @@ static u8 check_if_text(struct queue_entry *q) {
     }
 
     // non-overlong 2-byte
-    if (((0xC2 <= buf[offset + 0] && buf[offset + 0] <= 0xDF) &&
-         (0x80 <= buf[offset + 1] && buf[offset + 1] <= 0xBF)) &&
-        len - offset > 1) {
+    if (len - offset > 1 &&
+        ((0xC2 <= buf[offset + 0] && buf[offset + 0] <= 0xDF) &&
+         (0x80 <= buf[offset + 1] && buf[offset + 1] <= 0xBF))) {
 
       offset += 2;
       utf8++;
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index 73d00f9a..9a9ac33f 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -265,7 +265,7 @@ static u8 its_fuzz(afl_state_t *afl, u8 *buf, u32 len, u8 *status) {
 }
 
 static int strntoll(const char *str, size_t sz, char **end, int base,
-                    long long* out) {
+                    long long *out) {
 
   char        buf[64];
   long long   ret;
@@ -273,16 +273,13 @@ static int strntoll(const char *str, size_t sz, char **end, int base,
 
   for (; beg && sz && *beg == ' '; beg++, sz--) {};
 
-  if (!sz)
-    return 1;
-  if (sz >= sizeof(buf))
-    sz = sizeof(buf) -1;
+  if (!sz) return 1;
+  if (sz >= sizeof(buf)) sz = sizeof(buf) - 1;
 
   memcpy(buf, beg, sz);
   buf[sz] = '\0';
   ret = strtoll(buf, end, base);
-  if ((ret == LLONG_MIN || ret == LLONG_MAX) && errno == ERANGE)
-    return 1;
+  if ((ret == LLONG_MIN || ret == LLONG_MAX) && errno == ERANGE) return 1;
   if (end) *end = (char *)beg + (*end - buf);
   *out = ret;
 
@@ -291,7 +288,7 @@ static int strntoll(const char *str, size_t sz, char **end, int base,
 }
 
 static int strntoull(const char *str, size_t sz, char **end, int base,
-                     unsigned long long* out) {
+                     unsigned long long *out) {
 
   char               buf[64];
   unsigned long long ret;
@@ -300,16 +297,13 @@ static int strntoull(const char *str, size_t sz, char **end, int base,
   for (; beg && sz && *beg == ' '; beg++, sz--)
     ;
 
-  if (!sz)
-    return 1;
-  if (sz >= sizeof(buf))
-    sz = sizeof(buf) -1;
+  if (!sz) return 1;
+  if (sz >= sizeof(buf)) sz = sizeof(buf) - 1;
 
   memcpy(buf, beg, sz);
   buf[sz] = '\0';
   ret = strtoull(buf, end, base);
-  if (ret == ULLONG_MAX && errno == ERANGE)
-    return 1;
+  if (ret == ULLONG_MAX && errno == ERANGE) return 1;
   if (end) *end = (char *)beg + (*end - buf);
   *out = ret;
 
@@ -350,6 +344,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
         use_unum = 1;
 
     } else
+
       use_num = 1;
 
   }
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index 0ce35cb7..51eed14b 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -24,8 +24,64 @@
  */
 
 #include "afl-fuzz.h"
+#include "envs.h"
 #include <limits.h>
 
+/* Write fuzzer setup file */
+
+void write_setup_file(afl_state_t *afl, u32 argc, char **argv) {
+
+  char *val;
+  u8    fn[PATH_MAX];
+  snprintf(fn, PATH_MAX, "%s/fuzzer_setup", afl->out_dir);
+  FILE *f = create_ffile(fn);
+  u32 i;
+
+  fprintf(f, "# environment variables:\n");
+  u32 s_afl_env = (u32)
+      sizeof(afl_environment_variables) / sizeof(afl_environment_variables[0]) -
+      1U;
+
+  for (i = 0; i < s_afl_env; ++i) {
+
+    if ((val = getenv(afl_environment_variables[i])) != NULL) {
+
+      fprintf(f, "%s=%s\n", afl_environment_variables[i], val);
+
+    }
+
+  }
+
+  fprintf(f, "# command line:\n");
+
+  size_t j;
+  for (i = 0; i < argc; ++i) {
+
+    if (i) fprintf(f, " ");
+    if (index(argv[i], '\'')) {
+
+      fprintf(f, "'");
+      for (j = 0; j < strlen(argv[i]); j++)
+        if (argv[i][j] == '\'')
+          fprintf(f, "'\"'\"'");
+        else
+          fprintf(f, "%c", argv[i][j]);
+      fprintf(f, "'");
+
+    } else {
+
+      fprintf(f, "'%s'", argv[i]);
+
+    }
+
+  }
+  fprintf(f, "\n");
+
+  fclose(f);
+  (void)(afl_environment_deprecated);
+
+}
+
 /* Update stats file for unattended monitoring. */
 
 void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
@@ -35,21 +91,13 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
   struct rusage rus;
 #endif
 
-  unsigned long long int cur_time = get_cur_time();
-  u8                     fn[PATH_MAX];
-  s32                    fd;
-  FILE *                 f;
-  u32                    t_bytes = count_non_255_bytes(afl, afl->virgin_bits);
+  u64   cur_time = get_cur_time();
+  u32   t_bytes = count_non_255_bytes(afl, afl->virgin_bits);
+  u8    fn[PATH_MAX];
+  FILE *f;
 
   snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir);
-
-  fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600);
-
-  if (fd < 0) { PFATAL("Unable to create '%s'", fn); }
-
-  f = fdopen(fd, "w");
-
-  if (!f) { PFATAL("fdopen() failed"); }
+  f = create_ffile(fn);
 
   /* Keep last values in case we're called from another context
      where exec/sec stats and such are not readily available. */
@@ -163,11 +211,12 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
               ? ""
               : "default",
           afl->orig_cmdline);
+
   /* ignore errors */
 
   if (afl->debug) {
 
-    uint32_t i = 0;
+    u32 i = 0;
     fprintf(f, "virgin_bytes     :");
     for (i = 0; i < afl->fsrv.map_size; i++) {
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 0df6c15c..c12d5db5 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -1128,6 +1128,8 @@ int main(int argc, char **argv_orig, char **envp) {
 
   setup_custom_mutators(afl);
 
+  write_setup_file(afl, argc, argv);
+
   setup_cmdline_file(afl, argv + optind);
 
   read_testcases(afl);
diff --git a/src/afl-performance.c b/src/afl-performance.c
index a9d7cefa..7a80ac4b 100644
--- a/src/afl-performance.c
+++ b/src/afl-performance.c
@@ -22,7 +22,10 @@
 #include <stdint.h>
 #include "afl-fuzz.h"
 #include "types.h"
-#include "xxh3.h"
+
+#define XXH_INLINE_ALL
+#include "xxhash.h"
+#undef XXH_INLINE_ALL
 
 /* we use xoshiro256** instead of rand/random because it is 10x faster and has
    better randomness properties. */
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-18 16:33:39 +0000