about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-analyze.c10
-rw-r--r--src/afl-cc.c27
-rw-r--r--src/afl-forkserver.c3
-rw-r--r--src/afl-fuzz-one.c12
-rw-r--r--src/afl-fuzz-run.c3
-rw-r--r--src/afl-fuzz-stats.c9
-rw-r--r--src/afl-showmap.c60
7 files changed, 70 insertions, 54 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index dbf2920f..a5cad03c 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -877,8 +877,6 @@ int main(int argc, char **argv_orig, char **envp) {
 
   SAYF(cCYA "afl-analyze" VERSION cRST " by Michal Zalewski\n");
 
-  afl_fsrv_init(&fsrv);
-
   while ((opt = getopt(argc, argv, "+i:f:m:t:eOQUWh")) > 0) {
 
     switch (opt) {
@@ -987,6 +985,14 @@ int main(int argc, char **argv_orig, char **envp) {
 
         break;
 
+      case 'O':                                               /* FRIDA mode */
+
+        if (frida_mode) { FATAL("Multiple -O options not supported"); }
+
+        frida_mode = 1;
+
+        break;
+
       case 'Q':
 
         if (qemu_mode) { FATAL("Multiple -Q options not supported"); }
diff --git a/src/afl-cc.c b/src/afl-cc.c
index 9899f973..6a60fb85 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -637,33 +637,6 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
     }
 
-    if (cmplog_mode) {
-
-      if (lto_mode && !have_c) {
-
-        cc_params[cc_par_cnt++] = alloc_printf(
-            "-Wl,-mllvm=-load=%s/cmplog-instructions-pass.so", obj_path);
-        cc_params[cc_par_cnt++] = alloc_printf(
-            "-Wl,-mllvm=-load=%s/cmplog-routines-pass.so", obj_path);
-
-      } else {
-
-        cc_params[cc_par_cnt++] = "-Xclang";
-        cc_params[cc_par_cnt++] = "-load";
-        cc_params[cc_par_cnt++] = "-Xclang";
-        cc_params[cc_par_cnt++] =
-            alloc_printf("%s/cmplog-instructions-pass.so", obj_path);
-
-        cc_params[cc_par_cnt++] = "-Xclang";
-        cc_params[cc_par_cnt++] = "-load";
-        cc_params[cc_par_cnt++] = "-Xclang";
-        cc_params[cc_par_cnt++] =
-            alloc_printf("%s/cmplog-routines-pass.so", obj_path);
-
-      }
-
-    }
-
     // cc_params[cc_par_cnt++] = "-Qunused-arguments";
 
     // in case LLVM is installed not via a package manager or "make install"
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 5e8fb9b5..8fb8a75a 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -418,7 +418,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
 
     struct rlimit r;
 
-    if (!fsrv->cmplog_binary) {
+    if (!fsrv->cmplog_binary && fsrv->qemu_mode == false &&
+        fsrv->frida_mode == false) {
 
       unsetenv(CMPLOG_SHM_ENV_VAR);  // we do not want that in non-cmplog fsrv
 
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 7274f679..1bc5854e 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -2102,9 +2102,9 @@ havoc_stage:
 
         case 8 ... 9: {
 
-          /* Set word to interesting value, little endian. */
+        case 8 ... 9: {
 
-          if (temp_len < 2) { break; }
+          /* Set word to interesting value, little endian. */
 
 #ifdef INTROSPECTION
           snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING16");
@@ -2119,7 +2119,7 @@ havoc_stage:
 
         case 10 ... 11: {
 
-          /* Set word to interesting value, big endian. */
+          /* Set word to interesting value, randomly choosing endian. */
 
           if (temp_len < 2) { break; }
 
@@ -2136,9 +2136,9 @@ havoc_stage:
 
         case 12 ... 13: {
 
-          /* Set dword to interesting value, little endian. */
+        case 12 ... 13: {
 
-          if (temp_len < 4) { break; }
+          /* Set dword to interesting value, little endian. */
 
 #ifdef INTROSPECTION
           snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING32");
@@ -2153,7 +2153,7 @@ havoc_stage:
 
         case 14 ... 15: {
 
-          /* Set dword to interesting value, big endian. */
+          /* Set dword to interesting value, randomly choosing endian. */
 
           if (temp_len < 4) { break; }
 
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index e876beea..fb81522e 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -424,8 +424,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
         }
 
         var_detected = 1;
-        afl->stage_max =
-            afl->afl_env.afl_cal_fast ? CAL_CYCLES : CAL_CYCLES_LONG;
+        afl->stage_max = afl->fast_cal ? CAL_CYCLES : CAL_CYCLES_LONG;
 
       } else {
 
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index e0930234..c2294f7c 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -881,6 +881,10 @@ void show_stats(afl_state_t *afl) {
 
     strcpy(tmp, "disabled (custom-mutator-only mode)");
 
+  if (unlikely(afl->custom_only)) {
+
+    strcpy(tmp, "disabled (custom-mutator-only mode)");
+
   } else if (likely(afl->skip_deterministic)) {
 
     strcpy(tmp, "disabled (default, enable with -D)");
@@ -1017,10 +1021,9 @@ void show_stats(afl_state_t *afl) {
   if (unlikely(afl->afl_env.afl_custom_mutator_library)) {
 
     strcat(tmp, " ");
-    strcat(tmp, u_stringify_int(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR]));
+    strcat(tmp, u_stringify_int(IB(2), afl->stage_finds[STAGE_PYTHON]));
     strcat(tmp, "/");
-    strcat(tmp,
-           u_stringify_int(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR]));
+    strcat(tmp, u_stringify_int(IB(3), afl->stage_cycles[STAGE_PYTHON]));
     strcat(tmp, ",");
 
   } else {
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 5c899e69..5278c839 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -90,8 +90,7 @@ static bool quiet_mode,                /* Hide non-essential messages?      */
     have_coverage,                     /* have coverage?                    */
     no_classify,                       /* do not classify counts            */
     debug,                             /* debug mode                        */
-    print_filenames,                   /* print the current filename        */
-    wait_for_gdb;
+    print_filenames;                   /* print the current filename        */
 
 static volatile u8 stop_soon,          /* Ctrl-C pressed?                   */
     child_crashed;                     /* Child crashed?                    */
@@ -426,6 +425,18 @@ static u32 read_file(u8 *in_file) {
 
   }
 
+  if (st.st_size > MAX_FILE) {
+
+    WARNF("Input file '%s' is too large, only reading %u bytes.", in_file,
+          MAX_FILE);
+    in_len = MAX_FILE;
+
+  } else {
+
+    in_len = st.st_size;
+
+  }
+
   in_data = ck_alloc_nozero(in_len);
 
   ck_read(fd, in_data, in_len, in_file);
@@ -819,13 +830,13 @@ static void usage(u8 *argv0) {
       "  -o file    - file to write the trace data to\n\n"
 
       "Execution control settings:\n"
-      "  -t msec    - timeout for each run (none)\n"
-      "  -m megs    - memory limit for child process (%u MB)\n"
-      "  -O         - use binary-only instrumentation (FRIDA mode)\n"
-      "  -Q         - use binary-only instrumentation (QEMU mode)\n"
-      "  -U         - use Unicorn-based instrumentation (Unicorn mode)\n"
-      "  -W         - use qemu-based instrumentation with Wine (Wine mode)\n"
-      "               (Not necessary, here for consistency with other afl-* "
+      "  -t msec       - timeout for each run (none)\n"
+      "  -m megs       - memory limit for child process (%u MB)\n"
+      "  -O            - use binary-only instrumentation (FRIDA mode)\n"
+      "  -Q            - use binary-only instrumentation (QEMU mode)\n"
+      "  -U            - use Unicorn-based instrumentation (Unicorn mode)\n"
+      "  -W            - use qemu-based instrumentation with Wine (Wine mode)\n"
+      "                  (Not necessary, here for consistency with other afl-* "
       "tools)\n\n"
       "Other settings:\n"
       "  -i dir     - process all files below this directory, must be combined "
@@ -862,8 +873,7 @@ static void usage(u8 *argv0) {
       "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
       "AFL_PRINT_FILENAMES: If set, the filename currently processed will be "
       "printed to stdout\n"
-      "AFL_QUIET: do not print extra informational output\n"
-      "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n",
+      "AFL_QUIET: do not print extra informational output\n",
       argv0, MEM_LIMIT, doc_path);
 
   exit(1);
@@ -1248,7 +1258,15 @@ int main(int argc, char **argv_orig, char **envp) {
 
   if (in_dir) {
 
-    DIR *dir_in, *dir_out = NULL;
+    DIR *           dir_in, *dir_out = NULL;
+    struct dirent **file_list;
+
+    //    int            done = 0;
+    u8 infile[PATH_MAX], outfile[PATH_MAX];
+    u8 wait_for_gdb = 0;
+#if !defined(DT_REG)
+    struct stat statbuf;
+#endif
 
     if (getenv("AFL_DEBUG_GDB")) wait_for_gdb = true;
 
@@ -1349,12 +1367,28 @@ int main(int argc, char **argv_orig, char **envp) {
     if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz)
       shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
 
-    if (execute_testcases(in_dir) == 0) {
+    int file_count = scandir(in_dir, &file_list, NULL, alphasort);
+    if (file_count < 0) {
+
+      PFATAL("Failed to read from input dir at %s\n", in_dir);
+
+    }
+
+    for (int i = 0; i < file_count; i++) {
+
+      struct dirent *dir_ent = file_list[i];
+
+      if (dir_ent->d_name[0] == '.') {
+
+        continue;  // skip anything that starts with '.'
 
       FATAL("could not read input testcases from %s", in_dir);
 
     }
 
+    free(file_list);
+    file_list = NULL;
+
     if (!quiet_mode) { OKF("Processed %llu input files.", fsrv->total_execs); }
 
     if (dir_out) { closedir(dir_out); }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-18 21:59:47 +0000