| Age | Commit message (Collapse) | Author |
|---|
|
* afl++ -> AFL++
* update readme
* more debug
* slightly different weighting algo (#1719)
* better seed selection
* slightly different weighting calculation
* remove unnecessary memset
* Add "Hangs saved" to afl-whatsup (#1717)
The hangs could show long or infinite loops. This is important.
Co-authored-by: van Hauser <vh@thc.org>
* nits
* afl-showmap: Start a only a single fork server (#1718)
A forkserver is started by afl_fsrv_get_mapsize() when dynamically
finding the map size. When an input directory option is specified a
second fork server was also started. This commit re-arranges the inits
for several forkserver struct members so that we can re-use the server
started by the get_mapsize() call when not in coresight/qemu/unicorn
modes and just start the server otherwise.
* Source Code Coverage support for Nyx (Part 1) (#1720)
* Additional source code reformatting in afl-compiler-rt
* Add source code coverage support to afl-compiler-rt (for use with Nyx)
* doc, code format
* llvm 17 changes
* more llvm 17
* add frida mode tutorial
* fix effector map
* docs
* Should memset EFF_ALEN(len) of eff_map (#1722)
* fix reallocs
* fix afl-system-config for macos
* afl-fuzz.c: Document -i - in --help (#1725)
afl-fuzz.c: Document `-i -` in `--help`, to write that `-i` can be passed '-' to resume the prior fuzzing job. Also reference AFL_AUTORESUME so users know they can set that parameter to sidestep the issue entirely.
* tritondse custom mutator attempt
* tritondse fixes
* update libnyx (#1727)
* GNUmakefile: Update LLVM instructions (#1728)
Update LLVM instructions, because versions higher than 14 are supported and to be explicit that LLD is also required
* disable macos in the ci, works fine for me
* fix makefile
* better tritondse support
* next steps for tritondse
* qemuafl: Persistent mode for PPC32 targets
* update qemu_mode
* afl-clang-lto incomptable with -flto=thin
* add @responsefile support for afl-cc
---------
Co-authored-by: fxlb <devel.fx.lebail@orange.fr>
Co-authored-by: Nick Potenski <nick.potenski@garmin.com>
Co-authored-by: Christian Holler (:decoder) <choller@mozilla.com>
Co-authored-by: lazymio <mio@lazym.io>
Co-authored-by: Moshe Kaplan <me@moshekaplan.com>
Co-authored-by: Sergej Schumilo <sergej@schumilo.de>
Co-authored-by: Dominik Maier <domenukk@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
llvm-lto: allow skipping initialisation
|
|
|
|
|
|
AFL_POST_PROCESS_KEEP_ORIGINAL env variable for intermediate file formats and ATNwalk custom mutator
|
|
|
|
|
|
Dev
|
|
|
|
|
|
|
|
# Conflicts:
# include/afl-fuzz.h
# src/afl-fuzz-run.c
|
|
|
|
AFL_POST_PROCESS_KEEP_ORIGINAL in AFL++ to integrate atnwalk without re-compiling afl-fuzz
|
|
|
|
|
|
add Nyx support in afl-showmap, afl-tmin, afl-cmin and afl-analyze
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
afl-cc: Don't offer __AFL_INIT() etc. in GCC/CLANG modes
|
|
instrumentation/README.persistent_mode.md documents in the section about
deferred forkserver initialization:
> With the location selected, add this code in the appropriate spot:
>
> ```c
> #ifdef __AFL_HAVE_MANUAL_CONTROL
> __AFL_INIT();
> #endif
> ```
>
> You don't need the #ifdef guards, but including them ensures that the program
> will keep working normally when compiled with a tool other than afl-clang-fast/
> afl-clang-lto/afl-gcc-fast.
>
> Finally, recompile the program with afl-clang-fast/afl-clang-lto/afl-gcc-fast
> (afl-gcc or afl-clang will *not* generate a deferred-initialization binary) -
> and you should be all set!
This strongly implies that you can compile a program that uses __AFL_INIT()
under an `#ifdef __AFL_HAVE_MANUAL_CONTROL` guard with afl-gcc/-clang.
However, this currently fails:
$ cat example.c
#include <stdio.h>
int main(void) {
#ifdef __AFL_HAVE_MANUAL_CONTROL
__AFL_INIT();
#endif
puts("Hello");
}
$ afl-gcc example.c -o example
afl-cc++4.06a by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: GCC-GCC
[!] WARNING: You are using outdated instrumentation, install LLVM and/or gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast instead!
afl-as++4.06a by Michal Zalewski
[+] Instrumented 1 locations (64-bit, non-hardened mode, ratio 100%).
/usr/bin/ld: /tmp/ccuJHcpt.o: in function `main':
/home/jn/dev/fuzz/AFLplusplus/example.c:5: undefined reference to `__afl_manual_init'
collect2: error: ld returned 1 exit status
The issue here is an inconsistency in afl-gcc (i.e. afl-cc operating in GCC mode):
- afl-cc defines __AFL_HAVE_MANUAL_CONTROL and __AFL_INIT unconditionally
- __AFL_INIT relies on __afl_manual_init, which is defined in afl-compiler-rt.o
- afl-cc doesn't link afl-compiler-rt in GCC or CLANG mode
Since afl-gcc/-clang is documented as not supporting deferred forkserver
initialization, this patch omits the definitions of __AFL_HAVE_MANUAL_CONTROL
and related macros in GCC/CLANG mode.
This restores the ability to compile a deferred-forkserver program under
afl-gcc, if it can also be compiled under gcc.
[ In case someone reads this an feels adventurous enough (as I did) to
think about enabling deferred forkserver under afl-gcc: Whether the
deferred forkserver actually works can be verified by placing a
usleep(100000) or similar at the start of main (before __AFL_INIT()),
and watching the execution speed. It doesn't work. ]
|
|
|
|
__AFL_INIT() etc.
With the right -W options, compilers may complain about the cast of
string literals (for PERSIST_SIG and DEFER_SIG) to (char*), and they're
right to do so, because string literals are constant. Since some
projects enable -Werror, this can lead to a broken build with afl-cc.
Let's simply cast to (const char *), which preserves the constness of
the string literal.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Clang may call as with extra debugging arguments after the input file,
e.g. as --64 -o /tmp/hello-617ff5.o /tmp/hello-6b6f52.s -g -gdwarf-4
|
|
|
|
|
