From 898353c87ae2b7e212e1012e847f02f8e18f9428 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 3 Aug 2020 14:17:51 +0200 Subject: enforce no built-ins for lto --- llvm_mode/afl-clang-fast.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 738433ac..484943d2 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -255,12 +255,6 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (getenv("LAF_TRANSFORM_COMPARES") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES")) { - if (!be_quiet && getenv("AFL_LLVM_LTO_AUTODICTIONARY") && lto_mode) - WARNF( - "using AFL_LLVM_LAF_TRANSFORM_COMPARES together with " - "AFL_LLVM_LTO_AUTODICTIONARY makes no sense. Use only " - "AFL_LLVM_LTO_AUTODICTIONARY."); - cc_params[cc_par_cnt++] = "-Xclang"; cc_params[cc_par_cnt++] = "-load"; cc_params[cc_par_cnt++] = "-Xclang"; @@ -472,9 +466,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { } if (getenv("AFL_NO_BUILTIN") || getenv("AFL_LLVM_LAF_TRANSFORM_COMPARES") || - getenv("LAF_TRANSFORM_COMPARES") || - (lto_mode && (getenv("AFL_LLVM_LTO_AUTODICTIONARY") || - getenv("AFL_LLVM_AUTODICTIONARY")))) { + getenv("LAF_TRANSFORM_COMPARES") || lto_mode) { cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; -- cgit 1.4.1 From f18c2eb8ae0b2d6c0d4147684b8efcaa1a0b2aae Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 3 Aug 2020 15:16:46 +0200 Subject: no support for DragonFlyBSD. --- libtokencap/Makefile | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/libtokencap/Makefile b/libtokencap/Makefile index 8bdfa5ac..8edda394 100644 --- a/libtokencap/Makefile +++ b/libtokencap/Makefile @@ -28,21 +28,20 @@ UNAME_S =$(shell uname -s)# GNU make UNAME_S:sh=uname -s # BSD make _UNIQ=_QINU_ - _OS_DL = $(_UNIQ)$(UNAME_S) - __OS_DL = $(_OS_DL:$(_UNIQ)Linux=$(_UNIQ)) - ___OS_DL = $(__OS_DL:$(_UNIQ)Darwin=$(_UNIQ)) - ____OS_DL = $(___OS_DL:$(_UNIQ)DragonFly=$(_UNIQ)) - _____OS_DL = $(____OS_DL:$(_UNIQ)$(UNAME_S)=) -______OS_DL = $(_____OS_DL:$(_UNIQ)="-ldl") + _OS_DL = $(_UNIQ)$(UNAME_S) + __OS_DL = $(_OS_DL:$(_UNIQ)Linux=$(_UNIQ)) + ___OS_DL = $(__OS_DL:$(_UNIQ)Darwin=$(_UNIQ)) + ____OS_DL = $(___OS_DL:$(_UNIQ)$(UNAME_S)=) +_____OS_DL = $(____OS_DL:$(_UNIQ)="-ldl") - _OS_TARGET = $(____OS_DL:$(_UNIQ)FreeBSD=$(_UNIQ)) + _OS_TARGET = $(___OS_DL:$(_UNIQ)FreeBSD=$(_UNIQ)) __OS_TARGET = $(_OS_TARGET:$(_UNIQ)OpenBSD=$(_UNIQ)) ___OS_TARGET = $(__OS_TARGET:$(_UNIQ)NetBSD=$(_UNIQ)) ____OS_TARGET = $(___OS_TARGET:$(_UNIQ)Haiku=$(_UNIQ)) _____OS_TARGET = $(____OS_TARGET:$(_UNIQ)SunOS=$(_UNIQ)) -______OS_TARGET = $(____OS_TARGET:$(_UNIQ)$(UNAME_S)=) +______OS_TARGET = $(_____OS_TARGET:$(_UNIQ)$(UNAME_S)=) -TARGETS = $(_____OS_TARGET:$(_UNIQ)=libtokencap.so) +TARGETS = $(______OS_TARGET:$(_UNIQ)=libtokencap.so) LDFLAGS += $(______OS_DL) -- cgit 1.4.1 From ed63364a777dd7a01a0cfdba938888707053e192 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 3 Aug 2020 18:13:06 +0200 Subject: add touch shmem in forkserver, add binary library and patches.txt for easy testing --- examples/afl_untracer/afl-untracer.c | 2 ++ examples/afl_untracer/libtestinstr.so | Bin 0 -> 17152 bytes examples/afl_untracer/patches.txt | 57 ++++++++++++++++++++-------------- 3 files changed, 36 insertions(+), 23 deletions(-) create mode 100755 examples/afl_untracer/libtestinstr.so diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index 77b15eb8..f6dbbcd6 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -437,6 +437,8 @@ inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) { if (write(FORKSRV_FD + 1, &pid, 4) != 4) do_exit = 1; // fprintf(stderr, "write1 %d\n", do_exit); + __afl_area_ptr[0] = 1; // put something in the map + return status; } diff --git a/examples/afl_untracer/libtestinstr.so b/examples/afl_untracer/libtestinstr.so new file mode 100755 index 00000000..389a946c Binary files /dev/null and b/examples/afl_untracer/libtestinstr.so differ diff --git a/examples/afl_untracer/patches.txt b/examples/afl_untracer/patches.txt index b3063e3a..7e964249 100644 --- a/examples/afl_untracer/patches.txt +++ b/examples/afl_untracer/patches.txt @@ -1,23 +1,34 @@ -libtestinstr.so:0x2000L -0x1050L -0x1063L -0x106fL -0x1078L -0x1080L -0x10a4L -0x10b0L -0x10b8L -0x10c0L -0x10c9L -0x10d7L -0x10e3L -0x10f8L -0x1100L -0x1105L -0x111aL -0x1135L -0x1143L -0x114eL -0x115cL -0x116aL -0x116bL +libtestinstr.so:0x1000 +0x10 +0x12 +0x20 +0x36 +0x30 +0x40 +0x50 +0x63 +0x6f +0x78 +0x80 +0xa4 +0xb0 +0xb8 +0x100 +0xc0 +0xc9 +0xd7 +0xe3 +0xe8 +0xf8 +0x105 +0x11a +0x135 +0x141 +0x143 +0x14e +0x15a +0x15c +0x168 +0x16a +0x16b +0x170 -- cgit 1.4.1 From 38bed607d1f52ad7ede7792fe01163358a703953 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 3 Aug 2020 20:50:47 +0200 Subject: code format --- src/afl-fuzz-init.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 396a20f0..2c17ffbb 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -490,9 +490,13 @@ void read_foreign_testcases(afl_state_t *afl, int first) { if (nl_cnt == 0) { - if (first) + if (first) { + WARNF("directory %s is currently empty", afl->foreign_syncs[iter].dir); + + } + continue; } @@ -540,11 +544,15 @@ void read_foreign_testcases(afl_state_t *afl, int first) { if (st.st_size > MAX_FILE) { - if (first) + if (first) { + WARNF( "Test case '%s' is too big (%s, limit is %s), skipping", fn2, stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE)); + + } + ck_free(fn2); continue; -- cgit 1.4.1 From e6e38d1703c5765a1d62cba211e881b0f34b959c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 3 Aug 2020 21:25:32 +0200 Subject: give document edge id a unique id per module --- examples/afl_untracer/afl-untracer.c | 2 +- llvm_mode/afl-llvm-lto-instrumentation.so.cc | 30 +++++++++++++++++++++++++--- 2 files changed, 28 insertions(+), 4 deletions(-) diff --git a/examples/afl_untracer/afl-untracer.c b/examples/afl_untracer/afl-untracer.c index f6dbbcd6..cb6f948c 100644 --- a/examples/afl_untracer/afl-untracer.c +++ b/examples/afl_untracer/afl-untracer.c @@ -437,7 +437,7 @@ inline static u32 __afl_next_testcase(u8 *buf, u32 max_len) { if (write(FORKSRV_FD + 1, &pid, 4) != 4) do_exit = 1; // fprintf(stderr, "write1 %d\n", do_exit); - __afl_area_ptr[0] = 1; // put something in the map + __afl_area_ptr[0] = 1; // put something in the map return status; diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index 5686eb56..4023c1d6 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -105,6 +105,11 @@ bool AFLLTOPass::runOnModule(Module &M) { char * ptr; FILE * documentFile = NULL; + srand((unsigned int)time(NULL)); + + unsigned long long int moduleID = + (((unsigned long long int)(rand() & 0xffffffff)) << 32) | getpid(); + IntegerType *Int8Ty = IntegerType::getInt8Ty(C); IntegerType *Int32Ty = IntegerType::getInt32Ty(C); IntegerType *Int64Ty = IntegerType::getInt64Ty(C); @@ -189,13 +194,32 @@ bool AFLLTOPass::runOnModule(Module &M) { ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); ConstantInt *One = ConstantInt::get(Int8Ty, 1); + /* This dumps all inialized global strings - might be useful in the future + for (auto G=M.getGlobalList().begin(); G!=M.getGlobalList().end(); G++) { + + GlobalVariable &GV=*G; + if (!GV.getName().str().empty()) { + + fprintf(stderr, "Global Variable: %s", GV.getName().str().c_str()); + if (GV.hasInitializer()) + if (auto *Val = dyn_cast(GV.getInitializer())) + fprintf(stderr, " Value: \"%s\"", Val->getAsString().str().c_str()); + fprintf(stderr, "\n"); + + } + + } + + */ + /* Instrument all the things! */ int inst_blocks = 0; for (auto &F : M) { - // fprintf(stderr, "DEBUG: Function %s\n", F.getName().str().c_str()); + // fprintf(stderr, "DEBUG: Module %s Function %s\n", + // M.getName().str().c_str(), F.getName().str().c_str()); if (F.size() < function_minimum_size) continue; if (isIgnoreFunction(&F)) continue; @@ -603,8 +627,8 @@ bool AFLLTOPass::runOnModule(Module &M) { if (documentFile) { - fprintf(documentFile, "%s %u\n", F.getName().str().c_str(), - afl_global_id); + fprintf(documentFile, "ModuleID=%llu Function=%s edgeID=%u\n", + moduleID, F.getName().str().c_str(), afl_global_id); } -- cgit 1.4.1 From 76888fdf59ba018aee29d433017c8f01fbedb102 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 3 Aug 2020 23:11:58 +0200 Subject: bugfix libtokencap Makefile --- libtokencap/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libtokencap/Makefile b/libtokencap/Makefile index 8edda394..244ee58f 100644 --- a/libtokencap/Makefile +++ b/libtokencap/Makefile @@ -43,7 +43,7 @@ ______OS_TARGET = $(_____OS_TARGET:$(_UNIQ)$(UNAME_S)=) TARGETS = $(______OS_TARGET:$(_UNIQ)=libtokencap.so) -LDFLAGS += $(______OS_DL) +LDFLAGS += $(_____OS_DL) #ifeq "$(shell uname)" "Linux" # TARGETS = libtokencap.so -- cgit 1.4.1 From e1d20706ca97faf871abc03a9db3b551277d6b3f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 4 Aug 2020 13:17:53 +0200 Subject: fix cmplog with lto --- llvm_mode/afl-clang-fast.c | 6 ++++++ llvm_mode/afl-llvm-lto-instrumentation.so.cc | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 484943d2..ef99e3f3 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -305,6 +305,11 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (lto_mode) { + if (cmplog_mode) + unsetenv("AFL_LLVM_LTO_AUTODICTIONARY"); + else + setenv("AFL_LLVM_LTO_AUTODICTIONARY", "1", 1); + cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", AFL_REAL_LD); cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition"; /* @@ -392,6 +397,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { continue; if (lto_mode && !strncmp(cur, "-fuse-ld=", 9)) continue; + if (lto_mode && !strncmp(cur, "--ld-path=", 10)) continue; cc_params[cc_par_cnt++] = cur; diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index 4023c1d6..38c3f202 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -86,7 +86,7 @@ class AFLLTOPass : public ModulePass { bool runOnModule(Module &M) override; protected: - int afl_global_id = 1, autodictionary = 1; + int afl_global_id = 1, autodictionary = 0; uint32_t function_minimum_size = 1; uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; uint64_t map_addr = 0x10000; @@ -133,6 +133,8 @@ bool AFLLTOPass::runOnModule(Module &M) { } + if (getenv("AFL_LLVM_LTO_AUTODICTIONARY")) autodictionary = 1; + if (getenv("AFL_LLVM_MAP_DYNAMIC")) map_addr = 0; if (getenv("AFL_LLVM_SKIPSINGLEBLOCK")) function_minimum_size = 2; -- cgit 1.4.1