From c092892488a1ed8e5213b9dcdf3d4da617fe0dd2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 May 2023 09:26:24 +0200 Subject: disable macos in the ci, works fine for me --- .github/workflows/ci.yml | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 03e4151d..fdf618b9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -36,23 +36,23 @@ jobs: run: make distrib ASAN_BUILD=1 NO_NYX=1 - name: run tests run: sudo -E ./afl-system-config; make tests - macos: - runs-on: macOS-latest - env: - AFL_MAP_SIZE: 65536 - AFL_SKIP_CPUFREQ: 1 - AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1 - steps: - - uses: actions/checkout@v3 - - name: install - run: brew install make gcc llvm - - name: fix install - run: cd /usr/local/bin; ln -s gcc-11 gcc; ln -s g++-11 g++; which gcc; gcc -v - - name: build - run: export PATH=/usr/local/Cellar/llvm/*/":$PATH"; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; sudo -E ./afl-system-config; gmake ASAN_BUILD=1 - - name: frida - run: export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; cd frida_mode; gmake - - name: run tests - run: sudo -E ./afl-system-config; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export PATH=/usr/local/Cellar/llvm/*/":/usr/local/bin:$PATH"; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; gmake tests - - name: force frida test for MacOS - run: export AFL_PATH=`pwd`; /usr/local/bin/gcc -o test-instr test-instr.c; mkdir in; echo > in/in; AFL_NO_UI=1 ./afl-fuzz -O -i in -o out -V 5 -- ./test-instr + # macos: + # runs-on: macOS-latest + # env: + # AFL_MAP_SIZE: 65536 + # AFL_SKIP_CPUFREQ: 1 + # AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1 + # steps: + # - uses: actions/checkout@v3 + # - name: install + # run: brew install make gcc llvm + # - name: fix install + # run: cd /usr/local/bin; ln -s gcc-11 gcc; ln -s g++-11 g++; which gcc; gcc -v + # - name: build + # run: export PATH=/usr/local/Cellar/llvm/*/":$PATH"; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; sudo -E ./afl-system-config; gmake ASAN_BUILD=1 + # - name: frida + # run: export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; cd frida_mode; gmake + # - name: run tests + # run: sudo -E ./afl-system-config; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export PATH=/usr/local/Cellar/llvm/*/":/usr/local/bin:$PATH"; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; gmake tests + # - name: force frida test for MacOS + # run: export AFL_PATH=`pwd`; /usr/local/bin/gcc -o test-instr test-instr.c; mkdir in; echo > in/in; AFL_NO_UI=1 ./afl-fuzz -O -i in -o out -V 5 -- ./test-instr -- cgit 1.4.1 From c33de471208bfe62bfae63fb4c6864c79026a8c0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 08:44:45 +0100 Subject: enable nyx --- .github/workflows/ci.yml | 3 ++- Dockerfile | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fdf618b9..3d20956b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,7 +33,8 @@ jobs: - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: make distrib ASAN_BUILD=1 NO_NYX=1 + run: make distrib ASAN_BUILD=1 + # NO_NYX=1 - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/Dockerfile b/Dockerfile index e1616198..50dcd944 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,8 +16,8 @@ ENV NO_CORESIGHT=1 ENV NO_NYX=1 ### Only change these if you know what you are doing: -# LLVM 15 does not look good so we stay at 14 to still have LTO -ENV LLVM_VERSION=14 +# Current recommended LLVM version is 16 +ENV LLVM_VERSION=16 # GCC 12 is producing compile errors for some targets so we stay at GCC 11 ENV GCC_VERSION=11 -- cgit 1.4.1 From 5da5d6e0dfe1e3f8a0068d9289ecc34dd8a7b6af Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 08:48:35 +0100 Subject: debug ci --- .github/workflows/ci.yml | 3 +-- test/test-nyx-mode.sh | 3 +++ 2 files changed, 4 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3d20956b..fdf618b9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,8 +33,7 @@ jobs: - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: make distrib ASAN_BUILD=1 - # NO_NYX=1 + run: make distrib ASAN_BUILD=1 NO_NYX=1 - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 95829828..7cffb321 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -4,6 +4,9 @@ $ECHO "$BLUE[*] Testing: nyx_mode" +env|grep -E 'NYX|AFL' +ls -al ../libnyx.so +ls -al ../afl-cc ../*.so test -e ../libnyx.so && { ../afl-cc -o test-instr ../test-instr.c > errors 2>&1 test -e test-instr && { -- cgit 1.4.1 From e5d305ad42dc29030cb256f3182a316cc806b6da Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 11:43:04 +0100 Subject: debug ci --- .github/workflows/ci.yml | 7 +++---- src/afl-cc.c | 4 ++++ 2 files changed, 7 insertions(+), 4 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fdf618b9..0a18a891 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -23,17 +23,16 @@ jobs: - name: debug run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: update - run: sudo apt-get update - # && sudo apt-get upgrade -y + run: sudo apt-get update && sudo apt-get upgrade -y - name: install packages #run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - run: sudo apt-get install -y -m -f build-essential git libtool libtool-bin automake flex bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip + run: sudo apt-get install -y -m -f build-essential git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - name: compiler installed run: gcc -v; echo; clang -v - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: make distrib ASAN_BUILD=1 NO_NYX=1 + run: make distrib ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/src/afl-cc.c b/src/afl-cc.c index a3b453fc..24dc1055 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1458,11 +1458,13 @@ void add_real_argv0(aflcc_state_t *aflcc) { } else { u8 *alt_cc = getenv("AFL_CC"); +printf("AFL_CC=%s\n", alt_cc); if (!alt_cc) { if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { +printf("is gcc %d == %d || %d == %d\n", aflcc->compiler_mode, GCC, aflcc->compiler_mode, GCC_PLUGIN); alt_cc = "gcc"; } else if (aflcc->compiler_mode == CLANG) { @@ -1478,6 +1480,8 @@ void add_real_argv0(aflcc_state_t *aflcc) { snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANG_BIN); alt_cc = llvm_fullpath; +printf("use_bindir=%s llvm_fullpath=%s\n", USE_BINDIR ? "true" : "false", llvm_fullpath); + } } -- cgit 1.4.1 From 236fb9b1456d15a0c0962a95db87f3005446f1a0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 12:03:02 +0100 Subject: debug ci --- .github/workflows/ci.yml | 6 +++--- test/test-nyx-mode.sh | 3 +++ 2 files changed, 6 insertions(+), 3 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a18a891..9b2031ae 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -20,13 +20,13 @@ jobs: AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1 steps: - uses: actions/checkout@v3 - - name: debug - run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: update run: sudo apt-get update && sudo apt-get upgrade -y + - name: debug + run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: install packages #run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - run: sudo apt-get install -y -m -f build-essential git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip + run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev - name: compiler installed run: gcc -v; echo; clang -v - name: install gcc plugin diff --git a/test/test-nyx-mode.sh b/test/test-nyx-mode.sh index 5b63d1b7..4d5f66ff 100755 --- a/test/test-nyx-mode.sh +++ b/test/test-nyx-mode.sh @@ -4,7 +4,10 @@ $ECHO "$BLUE[*] Testing: nyx_mode" +echo AFL_CC=$AFL_CC +unset AFL_CC apt-cache search clang|grep -E '^clang-1' +apt-cache search gcc|grep -E '^gcc-1' ls -al ../libnyx.so ../afl-* ../*.so ../afl-cc -h echo AFL-CC -- cgit 1.4.1 From eb52f1cc08e0aacc3c46d1c5a9742526657c842a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 12:58:51 +0100 Subject: fix ci --- .github/workflows/ci.yml | 2 +- GNUmakefile | 14 +++++++------- src/afl-cc.c | 14 -------------- 3 files changed, 8 insertions(+), 22 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b2031ae..bd16602f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -32,7 +32,7 @@ jobs: - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: make distrib ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 + run: export NO_NYX=1; export ASAN_BUILD=1; export LLVM_CONFIG=llvm-config-12; make distrib ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/GNUmakefile b/GNUmakefile index be5b8146..2226b5a7 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -653,16 +653,16 @@ endif # -$(MAKE) -C utils/plot_ui -$(MAKE) -C frida_mode ifneq "$(SYS)" "Darwin" - ifeq "$(ARCH)" "aarch64" - ifndef NO_CORESIGHT +ifeq "$(ARCH)" "aarch64" + ifndef NO_CORESIGHT -$(MAKE) -C coresight_mode - endif endif - ifeq "$(SYS)" "Linux" - ifndef NO_NYX +endif +ifeq "$(SYS)" "Linux" +ifndef NO_NYX -cd nyx_mode && ./build_nyx_support.sh - endif - endif +endif +endif -cd qemu_mode && sh ./build_qemu_support.sh ifeq "$(ARCH)" "aarch64" ifndef NO_UNICORN_ARM64 diff --git a/src/afl-cc.c b/src/afl-cc.c index 24dc1055..c300ddfc 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1458,13 +1458,11 @@ void add_real_argv0(aflcc_state_t *aflcc) { } else { u8 *alt_cc = getenv("AFL_CC"); -printf("AFL_CC=%s\n", alt_cc); if (!alt_cc) { if (aflcc->compiler_mode == GCC || aflcc->compiler_mode == GCC_PLUGIN) { -printf("is gcc %d == %d || %d == %d\n", aflcc->compiler_mode, GCC, aflcc->compiler_mode, GCC_PLUGIN); alt_cc = "gcc"; } else if (aflcc->compiler_mode == CLANG) { @@ -1480,8 +1478,6 @@ printf("is gcc %d == %d || %d == %d\n", aflcc->compiler_mode, GCC, aflcc->compil snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANG_BIN); alt_cc = llvm_fullpath; -printf("use_bindir=%s llvm_fullpath=%s\n", USE_BINDIR ? "true" : "false", llvm_fullpath); - } } @@ -3443,29 +3439,19 @@ int main(int argc, char **argv, char **envp) { mode_final_checkout(aflcc, argc, argv); - printf("DEBUGXXX0: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - process_params(aflcc, 1, argc, argv); maybe_usage(aflcc, argc, argv); - printf("DEBUGXXX1: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - mode_notification(aflcc); if (aflcc->debug) debugf_args(argc, argv); - printf("DEBUGXXX2: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - edit_params(aflcc, argc, argv, envp); - printf("DEBUGXXX3: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - if (aflcc->debug) debugf_args((s32)aflcc->cc_par_cnt, (char **)aflcc->cc_params); - printf("DEBUGXXX4: param0=%s aflcc->compiler_mode=%d aflcc->instrument_mode=%d\n", aflcc->cc_params[0], aflcc->compiler_mode, aflcc->instrument_mode); - if (aflcc->passthrough) { argv[0] = aflcc->cc_params[0]; -- cgit 1.4.1 From 87596105efd7e7ebe31556a777e288c9eed6ae5d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 14:01:59 +0100 Subject: fix ci --- .github/workflows/ci.yml | 4 ++-- GNUmakefile | 2 +- nyx_mode/build_nyx_support.sh | 5 +++++ 3 files changed, 8 insertions(+), 3 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bd16602f..53128a17 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -26,13 +26,13 @@ jobs: run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: install packages #run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev + run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev; sudo apt-get install -y libgtk-3-dev pax-utils python3-msgpack python3-jinja2 - name: compiler installed run: gcc -v; echo; clang -v - name: install gcc plugin run: sudo apt-get install -y -m -f --install-suggests $(readlink /usr/bin/gcc)-plugin-dev - name: build afl++ - run: export NO_NYX=1; export ASAN_BUILD=1; export LLVM_CONFIG=llvm-config-12; make distrib ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 + run: export NO_NYX=1; export ASAN_BUILD=1; export LLVM_CONFIG=llvm-config-12; make ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 distrib - name: run tests run: sudo -E ./afl-system-config; make tests # macos: diff --git a/GNUmakefile b/GNUmakefile index 2226b5a7..283c57c2 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -399,7 +399,7 @@ help: @echo INTROSPECTION - compile afl-fuzz with mutation introspection @echo NO_PYTHON - disable python support @echo NO_SPLICING - disables splicing mutation in afl-fuzz, not recommended for normal fuzzing - @echo NO_UTF - do not use UTF-8 for line rendering in status screen (fallback to G1 box drawing, of vanilla AFL) + @echo "NO_UTF - do not use UTF-8 for line rendering in status screen (fallback to G1 box drawing, of vanilla AFL)" @echo NO_NYX - disable building nyx mode dependencies @echo "NO_CORESIGHT - disable building coresight (arm64 only)" @echo NO_UNICORN_ARM64 - disable building unicorn on arm64 diff --git a/nyx_mode/build_nyx_support.sh b/nyx_mode/build_nyx_support.sh index 239b18d5..cd04ce7e 100755 --- a/nyx_mode/build_nyx_support.sh +++ b/nyx_mode/build_nyx_support.sh @@ -30,6 +30,11 @@ if [ ! "$(uname -m)" = "x86_64" ]; then fi +cargo help > /dev/null 2>&1 || { + echo "[-] Error: Rust is not installed." + exit 0 +} + echo "[*] Making sure all Nyx is checked out" -- cgit 1.4.1 From 37d20392117b2d7e887b9ef3694f31ef43b2c9b6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Feb 2024 14:53:10 +0100 Subject: finalize ci fix --- .github/workflows/ci.yml | 3 +-- nyx_mode/build_nyx_support.sh | 8 ++++++++ 2 files changed, 9 insertions(+), 2 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 53128a17..ed382fbb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,8 +25,7 @@ jobs: - name: debug run: apt-cache search plugin-dev | grep gcc-; echo; apt-cache search clang-format- | grep clang-format- - name: install packages - #run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip - run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev; sudo apt-get install -y libgtk-3-dev pax-utils python3-msgpack python3-jinja2 + run: sudo apt-get install -y -m -f build-essential gcc-10 g++-10 git libtool libtool-bin automake flex bison libglib2.0-0 clang-12 llvm-12-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build python3-pip gcc-10-plugin-dev - name: compiler installed run: gcc -v; echo; clang -v - name: install gcc plugin diff --git a/nyx_mode/build_nyx_support.sh b/nyx_mode/build_nyx_support.sh index cd04ce7e..fda4ec12 100755 --- a/nyx_mode/build_nyx_support.sh +++ b/nyx_mode/build_nyx_support.sh @@ -9,6 +9,14 @@ echo echo "[*] Performing basic sanity checks..." +if [ "$CI" = "true" ]; then + + echo "[-] Error: nyx_mode cannot be tested in the Github CI, skipping ..." + exit 0 + +fi + + if [ -n "$NO_NYX" ]; then echo "[-] Error: the NO_NYX environment variable is set, please unset." -- cgit 1.4.1 From 40df85d1e6fb80e9d641064e645a48b623aee681 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 5 Feb 2024 15:05:46 +0100 Subject: adjust cmplog header --- .github/workflows/ci.yml | 1 + GNUmakefile | 4 +- include/cmplog.h | 10 ++-- src/afl-fuzz-redqueen.c | 43 ++++++++++++-- src/hashmap.c | 149 +++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 194 insertions(+), 13 deletions(-) create mode 100644 src/hashmap.c (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ed382fbb..dd0d13e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,6 +5,7 @@ on: branches: - stable - dev + - 420 pull_request: branches: - dev # No need for stable-pull-request, as that equals dev-push diff --git a/GNUmakefile b/GNUmakefile index 283c57c2..d3cf2674 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -464,8 +464,8 @@ src/afl-forkserver.o : $(COMM_HDR) src/afl-forkserver.c include/forkserver.h src/afl-sharedmem.o : $(COMM_HDR) src/afl-sharedmem.c include/sharedmem.h $(CC) $(CFLAGS) $(CFLAGS_FLTO) -c src/afl-sharedmem.c -o src/afl-sharedmem.o -afl-fuzz: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o | test_x86 - $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(PYFLAGS) $(LDFLAGS) -lm +afl-fuzz: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o src/hashmap.c | test_x86 + $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) -Wno-shift-count-overflow $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o src/hashmap.c -o $@ $(PYFLAGS) $(LDFLAGS) -lm afl-showmap: src/afl-showmap.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o $(COMM_HDR) | test_x86 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-fuzz-mutators.c src/afl-fuzz-python.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(PYFLAGS) $(LDFLAGS) diff --git a/include/cmplog.h b/include/cmplog.h index 91c2a665..589570fe 100644 --- a/include/cmplog.h +++ b/include/cmplog.h @@ -38,16 +38,16 @@ #define SHAPE_BYTES(x) (x + 1) -#define CMP_TYPE_INS 1 -#define CMP_TYPE_RTN 2 +#define CMP_TYPE_INS 0 +#define CMP_TYPE_RTN 1 struct cmp_header { unsigned hits : 6; // up to 63 entries, we have CMP_MAP_H = 32 - unsigned shape : 6; // 63 bytes, we support 32 max - unsigned type : 2; // 4, we use 3: none, rtn, cmp + unsigned shape : 5; // 31+1 bytes + unsigned type : 1; // 4, we use 3: none, rtn, cmp unsigned attribute : 4; // 16 for arithmetic comparison types - unsigned reserved : 6; + //unsigned reserved : 6; } __attribute__((packed)); diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index eb96de68..bc83c9ed 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -87,6 +87,11 @@ static u32 hshape; static u64 screen_update; static u64 last_update; +// hashmap functions +void hashmap_reset(); +bool hashmap_search_and_add(uint8_t type, uint64_t key); +bool hashmap_search_and_add_ptr(uint8_t type, u8 *key); + static struct range *add_range(struct range *ranges, u32 start, u32 end) { struct range *r = ck_alloc_nozero(sizeof(struct range)); @@ -795,7 +800,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, u64 *o_buf_64 = (u64 *)&orig_buf[idx]; u32 *o_buf_32 = (u32 *)&orig_buf[idx]; u16 *o_buf_16 = (u16 *)&orig_buf[idx]; - u8 *o_buf_8 = &orig_buf[idx]; + // u8 *o_buf_8 = &orig_buf[idx]; u32 its_len = MIN(len - idx, taint_len); @@ -836,6 +841,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, // necessary for preventing heap access overflow bytes = MIN(bytes, len - idx); + if (unlikely(bytes <= 1)) { return 0; } // reverse atoi()/strnu?toll() is expensive, so we only to it in lvl 3 if (afl->cmplog_enable_transform && (lvl & LVL3)) { @@ -1266,6 +1272,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } + /* if (*status != 1) { // u8 // if (its_len >= 1) @@ -1290,6 +1297,8 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } + */ + } // If 'S' is set for cmplog mode then we try a scale encoding of the value. @@ -1881,6 +1890,8 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, hshape = SHAPE_BYTES(h->shape); + if (hshape < 2) { return 0; } + if (h->hits > CMP_MAP_H) { loggeds = CMP_MAP_H; @@ -1906,8 +1917,6 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, #endif - if (hshape < 2) { return 0; } - for (i = 0; i < loggeds; ++i) { struct cmp_operands *o = &afl->shm.cmp_map->log[key][i]; @@ -1945,6 +1954,16 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, } + // TODO: add attribute? not sure + if (hshape <= 8 && !hashmap_search_and_add(hshape - 1, o->v0) && + !hashmap_search_and_add(hshape - 1, orig_o->v0) && + !hashmap_search_and_add(hshape - 1, o->v1) && + !hashmap_search_and_add(hshape - 1, orig_o->v1)) { + + continue; + + } + #ifdef _DEBUG fprintf(stderr, "Handling: %llx->%llx vs %llx->%llx attr=%u shape=%u\n", orig_o->v0, o->v0, orig_o->v1, o->v1, h->attribute, hshape); @@ -2615,12 +2634,13 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 entry, } - memcpy(buf + idx, tmp, hlen + 1 + off); + u32 tmp_l = hlen + 1 + off; + memcpy(buf + idx, tmp, tmp_l); if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } - tmp[hlen + 1 + off] = 0; + tmp[tmp_l] = 0; // fprintf(stderr, "RTN ATTEMPT idx=%u len=%u fromhex %u %s %s result // %u\n", idx, len, fromhex, tmp, repl, *status); - memcpy(buf + idx, save, hlen + 1 + off); + memcpy(buf + idx, save, tmp_l); } @@ -2755,6 +2775,15 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, fprintf(stderr, "\n"); #endif + if (hshape <= 8 && !hashmap_search_and_add_ptr(hshape - 1, o->v0) && + !hashmap_search_and_add_ptr(hshape - 1, orig_o->v0) && + !hashmap_search_and_add_ptr(hshape - 1, o->v1) && + !hashmap_search_and_add_ptr(hshape - 1, orig_o->v1)) { + + continue; + + } + t = taint; while (t->next) { @@ -3021,6 +3050,8 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) { // Start insertion loop + hashmap_reset(); + u64 orig_hit_cnt, new_hit_cnt; u64 orig_execs = afl->fsrv.total_execs; orig_hit_cnt = afl->queued_items + afl->saved_crashes; diff --git a/src/hashmap.c b/src/hashmap.c new file mode 100644 index 00000000..a0a9283c --- /dev/null +++ b/src/hashmap.c @@ -0,0 +1,149 @@ +#include +#include +#include +#include +#include "types.h" +#define TABLE_SIZE 10007 // Use a prime number for better distribution + +typedef struct HashNode { + + uint64_t key; + struct HashNode *next; + +} HashNode; + +typedef struct HashMap { + + HashNode **table; + +} HashMap; + +static HashMap *_hashmap; + +void hashmap_reset() { + + if (unlikely(!_hashmap)) { + + _hashmap = (HashMap *)malloc(sizeof(HashMap)); + _hashmap->table = (HashNode **)malloc(sizeof(HashNode *) * TABLE_SIZE); + memset((char *)_hashmap->table, 0, sizeof(HashNode *) * TABLE_SIZE); + + } else { + + for (int i = 0; i < TABLE_SIZE; i++) { + + HashNode *node = _hashmap->table[i]; + while (node) { + + HashNode *temp = node; + node = node->next; + free(temp); + + } + + } + + memset((char *)_hashmap->table, 0, sizeof(HashNode *) * TABLE_SIZE); + + } + +} + +static inline unsigned int hash(uint64_t key) { + + return key % TABLE_SIZE; + +} + +// type must be below 8 +bool hashmap_search_and_add(uint8_t type, uint64_t key) { + + if (unlikely(type >= 8)) return false; + uint64_t val = (key & 0xf8ffffffffffffff) + (type << 56); + unsigned int index = hash(val); + HashNode *node = _hashmap->table[index]; + while (node) { + + if (node->key == val) return true; + node = node->next; + + } + + // not found so add it + node = (HashNode *)malloc(sizeof(HashNode)); + node->key = val; + node->next = _hashmap->table[index]; + _hashmap->table[index] = node; + + return false; + +} + +// type must be below 8 +bool hashmap_search_and_add_ptr(uint8_t type, u8 *key) { + + if (unlikely(type >= 8)) return false; + uint64_t key_t = 0; + memcpy(((char *)key_t) + (7 - type), key, type + 1); + return hashmap_search_and_add(type, key_t); + +} + +/* below is not used */ + +void hashmap_insert(uint64_t key) { + + unsigned int index = hash(key); + HashNode *node = (HashNode *)malloc(sizeof(HashNode)); + node->key = key; + node->next = _hashmap->table[index]; + _hashmap->table[index] = node; + +} + +bool hashmap_search(uint64_t key) { + + unsigned int index = hash(key); + HashNode *node = _hashmap->table[index]; + while (node) { + + if (node->key == key) return true; + node = node->next; + + } + + return false; + +} + +void delete(uint64_t key) { + + unsigned int index = hash(key); + HashNode *prev = NULL, *node = _hashmap->table[index]; + while (node) { + + if (node->key == key) { + + if (prev) + prev->next = node->next; + else + _hashmap->table[index] = node->next; + free(node); + return; + + } + + prev = node; + node = node->next; + + } + +} + +void freeHashMap(HashMap *map) { + + free(_hashmap->table); + free(map); + +} + -- cgit 1.4.1 From 6b049536f1614892df99f7c1ebd7710192b607a8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 13 Apr 2024 11:54:02 +0200 Subject: v4.21 init --- .github/workflows/ci.yml | 1 - README.md | 2 +- docs/Changelog.md | 4 ++++ include/config.h | 2 +- 4 files changed, 6 insertions(+), 3 deletions(-) (limited to '.github/workflows') diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dd0d13e9..ed382fbb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,7 +5,6 @@ on: branches: - stable - dev - - 420 pull_request: branches: - dev # No need for stable-pull-request, as that equals dev-push diff --git a/README.md b/README.md index 2583407e..34d73890 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Release version: [4.20c](https://github.com/AFLplusplus/AFLplusplus/releases) -GitHub version: 4.20c +GitHub version: 4.21a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/docs/Changelog.md b/docs/Changelog.md index 2428d63f..a7eb239b 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -3,6 +3,10 @@ This is the list of all noteworthy changes made in every public release of the tool. See README.md for the general instruction manual. +### Version ++4.21a (dev) + * your PR? :-) + + ### Version ++4.20c (release) ! A new forkserver communication model is now introduced. afl-fuzz is backward compatible to old compiled targets if they are not built diff --git a/include/config.h b/include/config.h index 3ea059ff..a2ff68ea 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.20c" +#define VERSION "++4.21a" /****************************************************** * * -- cgit 1.4.1