From 8820bf4758ba11acc83318f1725a4703336940d0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 6 Sep 2024 12:35:59 +0200 Subject: update qemu persisten readme --- qemu_mode/README.persistent.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/qemu_mode/README.persistent.md b/qemu_mode/README.persistent.md index ef8fb71b..d732c826 100644 --- a/qemu_mode/README.persistent.md +++ b/qemu_mode/README.persistent.md @@ -99,10 +99,7 @@ be lost at the second execution of the loop. ### 2.5) Resetting the memory state -This option restores the memory state using the AFL++ Snapshot LKM if loaded. -Otherwise, all the writeable pages are restored. - -To enable this option, set `AFL_QEMU_PERSISTENT_MEM=1`. +(obsolete chapter) ### 2.6) Reset on exit() -- cgit 1.4.1 From d0f39849c2c5d2dc4be74b7abe3f59d1722e2102 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 6 Sep 2024 12:36:53 +0200 Subject: update qemu persisten readme --- qemu_mode/README.persistent.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/qemu_mode/README.persistent.md b/qemu_mode/README.persistent.md index d732c826..e89823b5 100644 --- a/qemu_mode/README.persistent.md +++ b/qemu_mode/README.persistent.md @@ -110,15 +110,7 @@ The environment variable is `AFL_QEMU_PERSISTENT_EXITS`. ### 2.7) Snapshot -`AFL_QEMU_SNAPSHOT=address` is just a "syntactical sugar" environment variable -that is equivalent to the following set of variables: - -``` -AFL_QEMU_PERSISTENT_ADDR=address -AFL_QEMU_PERSISTENT_GPR=1 -AFL_QEMU_PERSISTENT_MEM=1 -AFL_QEMU_PERSISTENT_EXITS=1 -``` +obsolete ## 3) Optional parameters -- cgit 1.4.1 From 60d3ecab637ce492bb9cb39d479f1ae094f2795d Mon Sep 17 00:00:00 2001 From: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com> Date: Fri, 6 Sep 2024 23:26:03 +0200 Subject: Fix broken link in CONTRIBUTING.md (#2196) * Fix broken link in CONTRIBUTING.md * Also change link text --- CONTRIBUTING.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 8b4dcb6d..40f11ce8 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -48,7 +48,7 @@ When working on the docs, please keep the following guidelines in mind: * Don't: fuzzing-network-service.md * Use a maximum of 80 characters per line to make reading in a console easier. * Make all pull requests against `dev`, see - [#how-to-submit-a-pull-request-to-afl](#how-to-submit-a-pull-request-to-afl). + [#how-to-submit-a-pull-request](#how-to-submit-a-pull-request). And finally, here are some best practices for writing docs content: @@ -57,4 +57,4 @@ And finally, here are some best practices for writing docs content: * Use bulleted lists to present similar content in a way that makes it easy to scan. * Use numbered lists for procedures or prioritizing. -* Link to related content, for example, prerequisites or in-depth discussions. \ No newline at end of file +* Link to related content, for example, prerequisites or in-depth discussions. -- cgit 1.4.1 From 837a9693ab8162ab32e8b33d23f262c313e5067d Mon Sep 17 00:00:00 2001 From: Chi-Feng Tsai Date: Mon, 9 Sep 2024 11:32:32 +0800 Subject: Update env_variables.md --- docs/env_variables.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/env_variables.md b/docs/env_variables.md index 8c2d5848..3db46b36 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -610,7 +610,7 @@ checks or alter some of the more exotic semantics of the tool: see [rpc_statsd.md](rpc_statsd.md). - `AFL_SYNC_TIME` allows you to specify a different minimal time (in minutes) - between fuzzing instances synchronization. Default sync time is 30 minutes, + between fuzzing instances synchronization. Default sync time is 20 minutes, note that time is halved for -M main nodes. - `AFL_NO_SYNC` disables any syncing whatsoever and takes priority on all -- cgit 1.4.1 From fc7c95e9f4d26ea3ab13543d166ed0dc4d0b81a3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 12 Sep 2024 10:24:05 +0200 Subject: nits --- src/afl-fuzz-init.c | 29 ++++++++++++++--------------- src/afl-fuzz.c | 2 +- 2 files changed, 15 insertions(+), 16 deletions(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index d3085d42..72a765ff 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2443,21 +2443,20 @@ void check_crash_handling(void) { if (read(fd, &fchar, 1) == 1 && fchar == '|') { - SAYF( - "\n" cLRD "[-] " cRST - "Your system is configured to send core dump notifications to an\n" - " external utility. This will cause issues: there will be an " - "extended delay\n" - " between stumbling upon a crash and having this information " - "relayed to the\n" - " fuzzer via the standard waitpid() API.\n" - " If you're just experimenting, set " - "'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'.\n\n" - - " To avoid having crashes misinterpreted as timeouts, please \n" - " temporarily modify /proc/sys/kernel/core_pattern, like so:\n\n" - - " echo core | sudo tee /proc/sys/kernel/core_pattern\n"); + SAYF("\n" cLRD "[-] " cRST + "Your system is configured to send core dump notifications to an\n" + " external utility. This will cause issues: there will be an " + "extended delay\n" + " between stumbling upon a crash and having this information " + "relayed to the\n" + " fuzzer via the standard waitpid() API.\n" + " If you're just experimenting, set " + "'AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1'.\n\n" + + " To avoid having crashes misinterpreted as timeouts, please \n" + " temporarily modify /proc/sys/kernel/core_pattern, like so:\n\n" + + " echo core | sudo tee /proc/sys/kernel/core_pattern\n"); if (!getenv("AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES")) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 726a2260..5ab8d7e9 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1505,7 +1505,7 @@ int main(int argc, char **argv_orig, char **envp) { #ifdef __linux__ if (afl->fsrv.nyx_mode) { - OKF("AFL++ Nyx mode is enabled (developed and mainted by Sergej Schumilo)"); + OKF("AFL++ Nyx mode is enabled (developed and maintained by Sergej Schumilo)"); OKF("Nyx is open source, get it at https://github.com/Nyx-Fuzz"); } -- cgit 1.4.1 From 6a285021917824696708647b2c55f11b55c5dc0b Mon Sep 17 00:00:00 2001 From: Samuel Moelius Date: Thu, 12 Sep 2024 10:05:23 -0400 Subject: Adjust cmplog test to use `AFL_SHA1_FILENAMES=1` --- test/test-llvm.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 4dd35e6e..8236d138 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -269,9 +269,9 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { { mkdir -p in echo 00000000000000000000000000000000 > in/in - AFL_BENCH_UNTIL_CRASH=1 ../afl-fuzz -Z -l 3 -m none -V30 -i in -o out -c 0 -- ./test-cmplog >>errors 2>&1 + AFL_BENCH_UNTIL_CRASH=1 AFL_NO_CRASH_README=1 AFL_SHA1_FILENAMES=1 ../afl-fuzz -Z -l 3 -m none -V30 -i in -o out -c 0 -- ./test-cmplog >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/default/crashes/id:000000* out/default/hangs/id:000000* 2>/dev/null )" && { + test -n "$( ls out/default/crashes/* out/default/hangs/* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode cmplog" } || { echo CUT------------------------------------------------------------------CUT @@ -280,6 +280,10 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode cmplog" CODE=1 } + test -n "$( ls out/default/crashes/id:000000* out/default/hangs/id:000000* 2>/dev/null )" && { + $ECHO "$RED[!] filenames are not SHA1" + CODE=1 + } || true } || { $ECHO "$YELLOW[-] we cannot test llvm_mode cmplog because it is not present" INCOMPLETE=1 -- cgit 1.4.1 From 1d6cd5dd199e0c745aaca05b465286bf63d5ebc2 Mon Sep 17 00:00:00 2001 From: Sergej Schumilo Date: Sat, 14 Sep 2024 03:51:20 +0200 Subject: fix AFL_AUTORESUME=1 for Nyx mode --- include/forkserver.h | 11 ++++++++++- nyx_mode/LIBNYX_VERSION | 2 +- nyx_mode/PACKER_VERSION | 2 +- nyx_mode/libnyx | 2 +- nyx_mode/packer | 2 +- src/afl-forkserver.c | 16 ++++++++++++++++ src/afl-fuzz-stats.c | 11 +++++++++++ src/afl-fuzz.c | 17 ++++++++++++++++- 8 files changed, 57 insertions(+), 6 deletions(-) diff --git a/include/forkserver.h b/include/forkserver.h index 6c649528..db1832c4 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -89,11 +89,14 @@ typedef struct { bool (*nyx_config_set_aux_buffer_size)(void *config, uint32_t aux_buffer_size); + uint64_t (*nyx_get_target_hash64)(void *config); + + void (*nyx_config_free)(void *config); + } nyx_plugin_handler_t; /* Imports helper functions to enable Nyx mode (Linux only )*/ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary); - #endif typedef struct afl_forkserver { @@ -204,6 +207,7 @@ typedef struct afl_forkserver { bool nyx_use_tmp_workdir; char *nyx_tmp_workdir_path; s32 nyx_log_fd; + u64 nyx_target_hash64; #endif #ifdef __AFL_CODE_COVERAGE @@ -241,6 +245,11 @@ void afl_fsrv_killall(void); void afl_fsrv_deinit(afl_forkserver_t *fsrv); void afl_fsrv_kill(afl_forkserver_t *fsrv); +#ifdef __linux__ +void nyx_load_target_hash(afl_forkserver_t *fsrv); +#endif + + #ifdef __APPLE__ #define MSG_FORK_ON_APPLE \ " - On MacOS X, the semantics of fork() syscalls are non-standard and " \ diff --git a/nyx_mode/LIBNYX_VERSION b/nyx_mode/LIBNYX_VERSION index 9aae19be..5f7c9a5b 100644 --- a/nyx_mode/LIBNYX_VERSION +++ b/nyx_mode/LIBNYX_VERSION @@ -1 +1 @@ -6833d23 +ea6ceb9 \ No newline at end of file diff --git a/nyx_mode/PACKER_VERSION b/nyx_mode/PACKER_VERSION index cc20a3b6..0b9e5d4e 100644 --- a/nyx_mode/PACKER_VERSION +++ b/nyx_mode/PACKER_VERSION @@ -1 +1 @@ -bcf3e24 +6067e5c diff --git a/nyx_mode/libnyx b/nyx_mode/libnyx index 6833d236..ea6ceb99 160000 --- a/nyx_mode/libnyx +++ b/nyx_mode/libnyx @@ -1 +1 @@ -Subproject commit 6833d236dfe785a8a23d8c8d79e74c99fa635004 +Subproject commit ea6ceb994ab975b81aea0daaf64b92a3066c1e8d diff --git a/nyx_mode/packer b/nyx_mode/packer index bcf3e248..6067e5c0 160000 --- a/nyx_mode/packer +++ b/nyx_mode/packer @@ -1 +1 @@ -Subproject commit bcf3e248b660764f48af54232a3388389a2dfc22 +Subproject commit 6067e5c0ffb3e9aec35aa3aef29b3e390dd313bd diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index c7c493cf..ae3c7ccc 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -136,6 +136,12 @@ nyx_plugin_handler_t *afl_load_libnyx_plugin(u8 *libnyx_binary) { dlsym(handle, "nyx_config_set_aux_buffer_size"); if (plugin->nyx_config_set_aux_buffer_size == NULL) { goto fail; } + plugin->nyx_get_target_hash64 = dlsym(handle, "nyx_get_target_hash64"); + if (plugin->nyx_get_target_hash64 == NULL) { goto fail; } + + plugin->nyx_config_free = dlsym(handle, "nyx_config_free"); + if (plugin->nyx_get_target_hash64 == NULL) { goto fail; } + OKF("libnyx plugin is ready!"); return plugin; @@ -224,6 +230,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { fsrv->nyx_use_tmp_workdir = false; fsrv->nyx_tmp_workdir_path = NULL; fsrv->nyx_log_fd = -1; + fsrv->nyx_target_hash64 = 0; #endif // this structure needs default so we initialize it if this was not done @@ -527,6 +534,15 @@ static void report_error_and_exit(int error) { } +#ifdef __linux__ +void nyx_load_target_hash(afl_forkserver_t *fsrv) { + void *nyx_config = fsrv->nyx_handlers->nyx_config_load(fsrv->target_path); + fsrv->nyx_target_hash64 = fsrv->nyx_handlers->nyx_get_target_hash64(nyx_config); + fsrv->nyx_handlers->nyx_config_free(nyx_config); +} +#endif + + /* Spins up fork server. The idea is explained here: https://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 9f5f59c0..b1a84cb6 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -80,7 +80,18 @@ void write_setup_file(afl_state_t *afl, u32 argc, char **argv) { snprintf(fn2, PATH_MAX, "%s/target_hash", afl->out_dir); FILE *f2 = create_ffile(fn2); + +#ifdef __linux__ + if (afl->fsrv.nyx_mode) { + nyx_load_target_hash(&afl->fsrv); + fprintf(f2, "%llx\n", afl->fsrv.nyx_target_hash64); + } + else { + fprintf(f2, "%p\n", (void *)get_binary_hash(afl->fsrv.target_path)); + } +#else fprintf(f2, "%p\n", (void *)get_binary_hash(afl->fsrv.target_path)); +#endif fclose(f2); snprintf(fn, PATH_MAX, "%s/fuzzer_setup", afl->out_dir); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5ab8d7e9..a2fd4b76 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2225,9 +2225,24 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->in_place_resume && !afl->afl_env.afl_no_fastresume) { +#ifdef __linux__ + u64 target_hash = 0; + if (afl->fsrv.nyx_mode) { + nyx_load_target_hash(&afl->fsrv); + target_hash = afl->fsrv.nyx_target_hash64; + } + else { + target_hash = get_binary_hash(afl->fsrv.target_path); + } +#else u64 target_hash = get_binary_hash(afl->fsrv.target_path); +#endif - if (!target_hash || prev_target_hash != target_hash) { + if ((!target_hash || prev_target_hash != target_hash) +#ifdef __linux__ + || (afl->fsrv.nyx_mode && target_hash == 0) +#endif + ) { ACTF("Target binary is different, cannot perform FAST RESUME!"); -- cgit 1.4.1 From 1792ce28258dbc6bc0d66339ca944f5f98fcd85d Mon Sep 17 00:00:00 2001 From: 20urc3 <94982366+20urc3@users.noreply.github.com> Date: Sat, 14 Sep 2024 15:33:55 +0200 Subject: Update COMPARISON.md - Add Ampere Altra Q80-30 benchmark --- benchmark/COMPARISON.md | 1 + 1 file changed, 1 insertion(+) diff --git a/benchmark/COMPARISON.md b/benchmark/COMPARISON.md index e16ef213..92b6be28 100644 --- a/benchmark/COMPARISON.md +++ b/benchmark/COMPARISON.md @@ -11,3 +11,4 @@ |AMD Ryzen 9 6900HS with Radeon Graphics | 4745 | 16 | 135501 | 991133 | both | |AMD Ryzen 9 7950X3D 16-Core Processor | 5400 | 32 | 71566 | 1566279 | system | |AMD Ryzen 9 7950X3D 16-Core Processor | 5478 | 32 | 161960 | 2173959 | both | +|Ampere Altra Q80-30 | 0 | 80 | 54477 | 1604482 | system | -- cgit 1.4.1 From 5b44067e9ce72826f87e26e9e1ee0e0c3c1b5e1f Mon Sep 17 00:00:00 2001 From: Seyed Behnam Andarzian Date: Mon, 16 Sep 2024 12:23:10 +0200 Subject: Update fuzzing_in_depth.md for a typo (#2209) --- docs/fuzzing_in_depth.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index 82437807..79d0500d 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -632,7 +632,7 @@ crash or timeout during startup. Also, it is recommended to set `export AFL_IMPORT_FIRST=1` to load test cases from other fuzzers in the campaign first. But note that can slow down the start -of the first fuzz by quite a lot of you have many fuzzers and/or many seeds. +of the first fuzz by quite a lot if you have many fuzzers and/or many seeds. If you have a large corpus, a corpus from a previous run or are fuzzing in a CI, then also set `export AFL_CMPLOG_ONLY_NEW=1` and `export AFL_FAST_CAL=1`. -- cgit 1.4.1 From db172473b55584c901c615413a5f1204eb603782 Mon Sep 17 00:00:00 2001 From: nj00001 <42004790+nj00001@users.noreply.github.com> Date: Mon, 23 Sep 2024 15:50:20 +0800 Subject: Save crash log returned by nyx when AFL_CRASHING_SEEDS_AS_NEW_CRASH environment variable is enabled nyx also returns a crash log when reporting a crash, both files are saved in the afl++ fuzzing run, whereas with the AFL_CRASHING_SEEDS_AS_NEW_CRASH setting, only the crash file is saved in the dry run phase if crashes are included in the supplied seeds. This commit adds crash log saving to keep the behavior consistent --- src/afl-fuzz-init.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 72a765ff..e9036985 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1231,6 +1231,23 @@ void perform_dry_run(afl_state_t *afl) { ck_write(fd, use_mem, read_len, crash_fn); close(fd); + if (afl->fsrv.nyx_mode) { + + u8 crash_log_fn[PATH_MAX]; + + snprintf(crash_log_fn, PATH_MAX, "%s.log", crash_fn); + fd = open(crash_log_fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", crash_log_fn); } + + u32 nyx_aux_string_len = afl->fsrv.nyx_handlers->nyx_get_aux_string( + afl->fsrv.nyx_runner, afl->fsrv.nyx_aux_string, + afl->fsrv.nyx_aux_string_len); + + ck_write(fd, afl->fsrv.nyx_aux_string, nyx_aux_string_len, crash_log_fn); + close(fd); + + } + afl->last_crash_time = get_cur_time(); afl->last_crash_execs = afl->fsrv.total_execs; -- cgit 1.4.1 From 8b35dd49be5f846e945f6d6a9414623d195a99cb Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 23 Sep 2024 21:22:17 +0200 Subject: Fix macOS build --- src/afl-fuzz-init.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index e9036985..9eaa661d 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1231,6 +1231,7 @@ void perform_dry_run(afl_state_t *afl) { ck_write(fd, use_mem, read_len, crash_fn); close(fd); +#ifdef __linux__ if (afl->fsrv.nyx_mode) { u8 crash_log_fn[PATH_MAX]; @@ -1247,6 +1248,7 @@ void perform_dry_run(afl_state_t *afl) { close(fd); } +#endif afl->last_crash_time = get_cur_time(); afl->last_crash_execs = afl->fsrv.total_execs; @@ -2882,6 +2884,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { if (strchr(fname, '/') || !(env_path = getenv("PATH"))) { afl->fsrv.target_path = ck_strdup(fname); + #ifdef __linux__ if (afl->fsrv.nyx_mode) { @@ -2902,8 +2905,8 @@ void check_binary(afl_state_t *afl, u8 *fname) { afl->fsrv.target_path); } - #endif + if (stat(afl->fsrv.target_path, &st) || !S_ISREG(st.st_mode) || !(st.st_mode & 0111) || (f_len = st.st_size) < 4) { -- cgit 1.4.1 From 9cd702e75dc2d3ba9a6eb142d8705a28ff18ff7c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 24 Sep 2024 09:41:27 +0200 Subject: try macos ci --- .github/workflows/ci.yml | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ed382fbb..f1f2e8e8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -34,23 +34,23 @@ jobs: run: export NO_NYX=1; export ASAN_BUILD=1; export LLVM_CONFIG=llvm-config-12; make ASAN_BUILD=1 NO_NYX=1 LLVM_CONFIG=llvm-config-12 distrib - name: run tests run: sudo -E ./afl-system-config; make tests - # macos: - # runs-on: macOS-latest - # env: - # AFL_MAP_SIZE: 65536 - # AFL_SKIP_CPUFREQ: 1 - # AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1 - # steps: - # - uses: actions/checkout@v3 - # - name: install - # run: brew install make gcc llvm - # - name: fix install - # run: cd /usr/local/bin; ln -s gcc-11 gcc; ln -s g++-11 g++; which gcc; gcc -v - # - name: build - # run: export PATH=/usr/local/Cellar/llvm/*/":$PATH"; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; sudo -E ./afl-system-config; gmake ASAN_BUILD=1 - # - name: frida - # run: export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; cd frida_mode; gmake - # - name: run tests - # run: sudo -E ./afl-system-config; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export PATH=/usr/local/Cellar/llvm/*/":/usr/local/bin:$PATH"; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; gmake tests - # - name: force frida test for MacOS - # run: export AFL_PATH=`pwd`; /usr/local/bin/gcc -o test-instr test-instr.c; mkdir in; echo > in/in; AFL_NO_UI=1 ./afl-fuzz -O -i in -o out -V 5 -- ./test-instr + macos: + runs-on: macOS-latest + env: + AFL_MAP_SIZE: 65536 + AFL_SKIP_CPUFREQ: 1 + AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: 1 + steps: + - uses: actions/checkout@v3 + - name: install + run: brew install make gcc llvm +# - name: fix install +# run: cd /usr/local/bin; ln -s gcc-11 gcc; ln -s g++-11 g++; which gcc; gcc -v + - name: build + run: export PATH=/usr/local/Cellar/llvm/*/":$PATH"; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; sudo -E ./afl-system-config; gmake ASAN_BUILD=1 afl-fuzz +# - name: frida +# run: export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; cd frida_mode; gmake +# - name: run tests +# run: sudo -E ./afl-system-config; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export PATH=/usr/local/Cellar/llvm/*/":/usr/local/bin:$PATH"; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; gmake tests +# - name: force frida test for MacOS +# run: export AFL_PATH=`pwd`; /usr/local/bin/gcc -o test-instr test-instr.c; mkdir in; echo > in/in; AFL_NO_UI=1 ./afl-fuzz -O -i in -o out -V 5 -- ./test-instr -- cgit 1.4.1 From 2a4281ce8d18160822da9751326b5847e62a34f0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 24 Sep 2024 09:50:14 +0200 Subject: update qemuafl --- qemu_mode/QEMUAFL_VERSION | 2 +- qemu_mode/qemuafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 9a62db20..ecff1e72 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -847b43acb1 +d40bcd8965 diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index 847b43ac..d40bcd89 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit 847b43acb11530e775013dc24b54c6e27406179c +Subproject commit d40bcd896521e5a1f0c9939d020fe6291dbdd370 -- cgit 1.4.1 From 2e6c74f9b9d3bc70ef9474eb08592b9cd151d3c7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 24 Sep 2024 09:55:35 +0200 Subject: 2nd macos ci attempt --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f1f2e8e8..187ed011 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,8 +46,10 @@ jobs: run: brew install make gcc llvm # - name: fix install # run: cd /usr/local/bin; ln -s gcc-11 gcc; ln -s g++-11 g++; which gcc; gcc -v +# - name: build +# run: export PATH=/usr/local/Cellar/llvm/*/":$PATH"; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; sudo -E ./afl-system-config; gmake ASAN_BUILD=1 afl-fuzz - name: build - run: export PATH=/usr/local/Cellar/llvm/*/":$PATH"; export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; export LLVM_CONFIG=/usr/local/Cellar/llvm/*/bin/llvm-config; sudo -E ./afl-system-config; gmake ASAN_BUILD=1 afl-fuzz + run: sudo -E ./afl-system-config; gmake ASAN_BUILD=1 afl-fuzz # - name: frida # run: export CC=/usr/local/Cellar/llvm/*/bin/clang; export CXX="$CC"++; cd frida_mode; gmake # - name: run tests -- cgit 1.4.1