From c1d9a4fab9b652a0ea810086ce064ec3836c7bd9 Mon Sep 17 00:00:00 2001 From: rapt0r Date: Sat, 19 Oct 2024 22:19:41 +0900 Subject: feat: introduce GCC disable environment variable This change is to disable the GCC plugin version check for GCC plugin and CMPLOG, to overcome the issues with incompatability with expected GCC version and actual GCC version used to compile using `AFL_GCC_DISABLE_VERSION_CHECK` environment variable. --- include/envs.h | 6 +++--- instrumentation/README.gcc_plugin.md | 5 ++++- instrumentation/afl-gcc-cmplog-pass.so.cc | 3 ++- instrumentation/afl-gcc-cmptrs-pass.so.cc | 3 ++- instrumentation/afl-gcc-pass.so.cc | 3 ++- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/include/envs.h b/include/envs.h index 202de752..cca9baa8 100644 --- a/include/envs.h +++ b/include/envs.h @@ -52,9 +52,9 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_VERBOSE", "AFL_OLD_FORKSERVER", "AFL_OPT_LEVEL", "AFL_FUZZER_ARGS", // oss-fuzz "AFL_FUZZER_STATS_UPDATE_INTERVAL", "AFL_GDB", "AFL_GCC_ALLOWLIST", - "AFL_GCC_DENYLIST", "AFL_GCC_BLOCKLIST", "AFL_GCC_INSTRUMENT_FILE", - "AFL_GCC_OUT_OF_LINE", "AFL_GCC_SKIP_NEVERZERO", "AFL_GCJ", - "AFL_HANG_TMOUT", "AFL_FORKSRV_INIT_TMOUT", "AFL_HARDEN", + "AFL_GCC_DENYLIST", "AFL_GCC_BLOCKLIST", "AFL_GCC_DISABLE_VERSION_CHECK", + "AFL_GCC_INSTRUMENT_FILE", "AFL_GCC_OUT_OF_LINE", "AFL_GCC_SKIP_NEVERZERO", + "AFL_GCJ", "AFL_HANG_TMOUT", "AFL_FORKSRV_INIT_TMOUT", "AFL_HARDEN", "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", "AFL_IGNORE_PROBLEMS", "AFL_IGNORE_PROBLEMS_COVERAGE", "AFL_IGNORE_SEED_PROBLEMS", "AFL_IGNORE_TIMEOUTS", "AFL_IGNORE_UNKNOWN_ENVS", "AFL_IMPORT_FIRST", diff --git a/instrumentation/README.gcc_plugin.md b/instrumentation/README.gcc_plugin.md index 011a574a..34004dc7 100644 --- a/instrumentation/README.gcc_plugin.md +++ b/instrumentation/README.gcc_plugin.md @@ -51,7 +51,10 @@ The idea and much of the implementation comes from Laszlo Szekeres. In order to leverage this mechanism, you need to have modern enough GCC (>= version 4.5.0) and the plugin development headers installed on your system. That should be all you need. On Debian machines, these headers can be acquired by -installing the `gcc-VERSION-plugin-dev` packages. +installing the `gcc-VERSION-plugin-dev` packages. If you're compiling a GCC +plugin that differs from the system-installed version and encounter issues +with version checks, you can use the `AFL_GCC_DISABLE_VERSION_CHECK` environment +variable. To build the instrumentation itself, type `make`. This will generate binaries called `afl-gcc-fast` and `afl-g++-fast` in the parent directory. diff --git a/instrumentation/afl-gcc-cmplog-pass.so.cc b/instrumentation/afl-gcc-cmplog-pass.so.cc index 774dd5fd..38fce961 100644 --- a/instrumentation/afl-gcc-cmplog-pass.so.cc +++ b/instrumentation/afl-gcc-cmplog-pass.so.cc @@ -370,7 +370,8 @@ Set AFL_QUIET in the environment to silence it.\n\ int plugin_init(struct plugin_name_args *info, struct plugin_gcc_version *version) { - if (!plugin_default_version_check(version, &gcc_version)) + if (!plugin_default_version_check(version, &gcc_version) && + !getenv("AFL_GCC_DISABLE_VERSION_CHECK")) FATAL(G_("GCC and plugin have incompatible versions, expected GCC %s, " "is %s"), gcc_version.basever, version->basever); diff --git a/instrumentation/afl-gcc-cmptrs-pass.so.cc b/instrumentation/afl-gcc-cmptrs-pass.so.cc index 96bd5ba8..360b035a 100644 --- a/instrumentation/afl-gcc-cmptrs-pass.so.cc +++ b/instrumentation/afl-gcc-cmptrs-pass.so.cc @@ -338,7 +338,8 @@ Set AFL_QUIET in the environment to silence it.\n\ int plugin_init(struct plugin_name_args *info, struct plugin_gcc_version *version) { - if (!plugin_default_version_check(version, &gcc_version)) + if (!plugin_default_version_check(version, &gcc_version) && + !getenv("AFL_GCC_DISABLE_VERSION_CHECK")) FATAL(G_("GCC and plugin have incompatible versions, expected GCC %s, " "is %s"), gcc_version.basever, version->basever); diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index 41b1e5af..26f7bd19 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -478,7 +478,8 @@ Specify -frandom-seed for reproducible instrumentation.\n\ int plugin_init(struct plugin_name_args *info, struct plugin_gcc_version *version) { - if (!plugin_default_version_check(version, &gcc_version)) + if (!plugin_default_version_check(version, &gcc_version) && + !getenv("AFL_GCC_DISABLE_VERSION_CHECK")) FATAL(G_("GCC and plugin have incompatible versions, expected GCC %s, " "is %s"), gcc_version.basever, version->basever); -- cgit 1.4.1 From 04d2476b324f5c6124c665b24989d15dd61f0f2b Mon Sep 17 00:00:00 2001 From: rapt0r Date: Sun, 20 Oct 2024 16:00:17 +0900 Subject: doc: add description for AFL_GCC_DISABLE_VERSION_CHECK --- docs/env_variables.md | 5 +++++ src/afl-cc.c | 2 ++ 2 files changed, 7 insertions(+) diff --git a/docs/env_variables.md b/docs/env_variables.md index d0789105..d1edb6fd 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -326,6 +326,11 @@ mode. [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md) for more information. + Setting `AFL_GCC_DISABLE_VERSION_CHECK=1` will disable the GCC plugin + version check if the target GCC plugin differs from the system-installed + version, resolving issues caused by version mismatches between GCC and + the plugin. + Setting `AFL_GCC_OUT_OF_LINE=1` will instruct afl-gcc-fast to instrument the code with calls to an injected subroutine instead of the much more efficient inline instrumentation. diff --git a/src/afl-cc.c b/src/afl-cc.c index 677a6b2f..6f634b53 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2958,6 +2958,8 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { SAYF( "\nGCC Plugin-specific environment variables:\n" " AFL_GCC_CMPLOG: log operands of comparisons (RedQueen mutator)\n" + " AFL_GCC_DISABLE_VERSION_CHECK: disable GCC plugin version " + "control\n" " AFL_GCC_OUT_OF_LINE: disable inlined instrumentation\n" " AFL_GCC_SKIP_NEVERZERO: do not skip zero on trace counters\n" " AFL_GCC_INSTRUMENT_FILE: enable selective instrumentation by " -- cgit 1.4.1