diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-analyze.c | 2 | ||||
| -rw-r--r-- | src/afl-forkserver.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 22 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 7 | ||||
| -rw-r--r-- | src/afl-tmin.c | 15 | ||||
| -rw-r--r-- | src/third_party/libradamsa/GNUmakefile | 26 | ||||
| -rw-r--r-- | src/third_party/libradamsa/Makefile | 28 |
9 files changed, 55 insertions, 59 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 473a257d..427fbe6d 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -62,7 +62,7 @@ u8 *trace_bits; /* SHM with instrumentation bitmap */ static u8 *in_file, /* Analyzer input test case */ *prog_in; /* Targeted program input file */ - static u8 *in_data; /* Input data for analysis */ +static u8 *in_data; /* Input data for analysis */ static u32 in_len, /* Input data length */ orig_cksum, /* Original checksum */ diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 962ca86d..11b359da 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -319,13 +319,15 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) { u32 time = read_timed(fsrv->fsrv_st_fd, &status, rlen, fsrv->exec_tmout * FORK_WAIT_MULT); - if (!time) { + if (time > fsrv->exec_tmout * FORK_WAIT_MULT) { fsrv->child_timed_out = 1; - kill(fsrv->child_pid, SIGKILL); + kill(fsrv->fsrv_pid, SIGKILL); } + if (!time) { kill(fsrv->fsrv_pid, SIGKILL); } + } else { rlen = read(fsrv->fsrv_st_fd, &status, 4); diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index fe2be4d2..e2495524 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -391,7 +391,7 @@ void read_testcases(afl_state_t *afl) { if (!S_ISREG(st.st_mode) || !st.st_size || strstr(fn2, "/README.txt")) { - free(fn2); + ck_free(fn2); continue; } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 4f1bd041..61bf62f5 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -184,7 +184,7 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { u32 i; u64 fav_factor; - u64 fuzz_p2 = next_p2(q->n_fuzz); + u64 fuzz_p2 = next_pow2(q->n_fuzz); if (afl->schedule == MMOPT || afl->schedule == RARE) fav_factor = q->len << 2; @@ -201,7 +201,7 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { /* Faster-executing or smaller test cases are favored. */ u64 top_rated_fav_factor; - u64 top_rated_fuzz_p2 = next_p2(afl->top_rated[i]->n_fuzz); + u64 top_rated_fuzz_p2 = next_pow2(afl->top_rated[i]->n_fuzz); if (afl->schedule == MMOPT || afl->schedule == RARE) top_rated_fav_factor = afl->top_rated[i]->len << 2; @@ -440,7 +440,7 @@ u32 calculate_score(afl_state_t *afl, struct queue_entry *q) { if (q->fuzz_level < 16) factor = ((u32)(1 << q->fuzz_level)) / (fuzz == 0 ? 1 : fuzz); else - factor = MAX_FACTOR / (fuzz == 0 ? 1 : next_p2(fuzz)); + factor = MAX_FACTOR / (fuzz == 0 ? 1 : next_pow2(fuzz)); break; case LIN: factor = q->fuzz_level / (fuzz == 0 ? 1 : fuzz); break; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 8cef78b9..5875eb68 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -167,20 +167,16 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) { s32 fd = afl->fsrv.out_fd; #ifdef _AFL_DOCUMENT_MUTATIONS - s32 doc_fd; - char *fn = alloc_printf("%s/mutations/%09u:%s", afl->out_dir, + s32 doc_fd; + char fn[PATH_MAX]; + snprintf(fn, PATH_MAX, ("%s/mutations/%09u:%s", afl->out_dir, afl->document_counter++, describe_op(afl, 0)); - if (fn != NULL) { - if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600)) >= 0) { + if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600)) >= 0) { - if (write(doc_fd, mem, len) != len) - PFATAL("write to mutation file failed: %s", fn); - close(doc_fd); - - } - - ck_free(fn); + if (write(doc_fd, mem, len) != len) + PFATAL("write to mutation file failed: %s", fn); + close(doc_fd); } @@ -612,7 +608,7 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { /* Select initial chunk len, starting with large steps. */ - len_p2 = next_p2(q->len); + len_p2 = next_pow2(q->len); remove_len = MAX(len_p2 / TRIM_START_STEPS, TRIM_MIN_BYTES); @@ -657,7 +653,7 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { u32 move_tail = q->len - remove_pos - trim_avail; q->len -= trim_avail; - len_p2 = next_p2(q->len); + len_p2 = next_pow2(q->len); memmove(in_buf + remove_pos, in_buf + remove_pos + trim_avail, move_tail); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 617a42ec..6e86285d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -721,6 +721,13 @@ int main(int argc, char **argv_orig, char **envp) { } +#if defined(__SANITIZE_ADDRESS__) + if (afl->fsrv.mem_limit) { + WARNF("in the ASAN build we disable all memory limits"); + afl->fsrv.mem_limit = 0; + } +#endif + setup_signal_handlers(); check_asan_opts(); diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 8a5e3eef..30e76d42 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -404,17 +404,6 @@ static u8 run_target(afl_forkserver_t *fsrv, char **argv, u8 *mem, u32 len, } -/* Find first power of two greater or equal to val. */ - -static u32 next_p2(u32 val) { - - u32 ret = 1; - while (val > ret) - ret <<= 1; - return ret; - -} - /* Actually minimize! */ static void minimize(afl_forkserver_t *fsrv, char **argv) { @@ -432,7 +421,7 @@ static void minimize(afl_forkserver_t *fsrv, char **argv) { * BLOCK NORMALIZATION * ***********************/ - set_len = next_p2(in_len / TMIN_SET_STEPS); + set_len = next_pow2(in_len / TMIN_SET_STEPS); set_pos = 0; if (set_len < TMIN_SET_MIN_SIZE) set_len = TMIN_SET_MIN_SIZE; @@ -482,7 +471,7 @@ next_pass: * BLOCK DELETION * ******************/ - del_len = next_p2(in_len / TRIM_START_STEPS); + del_len = next_pow2(in_len / TRIM_START_STEPS); stage_o_len = in_len; ACTF(cBRI "Stage #1: " cRST "Removing blocks of data..."); diff --git a/src/third_party/libradamsa/GNUmakefile b/src/third_party/libradamsa/GNUmakefile new file mode 100644 index 00000000..c5a78ead --- /dev/null +++ b/src/third_party/libradamsa/GNUmakefile @@ -0,0 +1,26 @@ +CUR_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) + +all: libradamsa.so + +# These can be overriden: +CFLAGS ?= -march=native $(CFLAGS_FLTO) + +# These are required: (otherwise radamsa gets very very slooooow) +CFLAGS += -O3 -funroll-loops + +libradamsa.so: libradamsa.a + $(CC) $(CFLAGS) -shared libradamsa.a -o libradamsa.so + +libradamsa.a: libradamsa.c radamsa.h + @echo " ***************************************************************" + @echo " * Compiling libradamsa, wait some minutes (~3 on modern CPUs) *" + @echo " ***************************************************************" + $(CC) -fPIC $(CFLAGS) -I $(CUR_DIR) -o libradamsa.a -c libradamsa.c + +test: libradamsa.a libradamsa-test.c + $(CC) $(CFLAGS) -I $(CUR_DIR) -o libradamsa-test libradamsa-test.c libradamsa.a + ./libradamsa-test libradamsa-test.c | grep "library test passed" + rm /tmp/libradamsa-*.fuzz + +clean: + rm -f libradamsa.a libradamsa.so libradamsa-test diff --git a/src/third_party/libradamsa/Makefile b/src/third_party/libradamsa/Makefile index c5a78ead..0b306dde 100644 --- a/src/third_party/libradamsa/Makefile +++ b/src/third_party/libradamsa/Makefile @@ -1,26 +1,2 @@ -CUR_DIR := $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST)))) - -all: libradamsa.so - -# These can be overriden: -CFLAGS ?= -march=native $(CFLAGS_FLTO) - -# These are required: (otherwise radamsa gets very very slooooow) -CFLAGS += -O3 -funroll-loops - -libradamsa.so: libradamsa.a - $(CC) $(CFLAGS) -shared libradamsa.a -o libradamsa.so - -libradamsa.a: libradamsa.c radamsa.h - @echo " ***************************************************************" - @echo " * Compiling libradamsa, wait some minutes (~3 on modern CPUs) *" - @echo " ***************************************************************" - $(CC) -fPIC $(CFLAGS) -I $(CUR_DIR) -o libradamsa.a -c libradamsa.c - -test: libradamsa.a libradamsa-test.c - $(CC) $(CFLAGS) -I $(CUR_DIR) -o libradamsa-test libradamsa-test.c libradamsa.a - ./libradamsa-test libradamsa-test.c | grep "library test passed" - rm /tmp/libradamsa-*.fuzz - -clean: - rm -f libradamsa.a libradamsa.so libradamsa-test +all: + @echo please use GNU make, thanks! |