From bded51e4eaaa4148516a407b68264e424d0fbbd5 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Thu, 15 Oct 2020 18:49:26 +0200 Subject: fix issue #583: afl-cmin -C incompatibility --- afl-cmin | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'afl-cmin') diff --git a/afl-cmin b/afl-cmin index 619c6dae..f8d3518d 100755 --- a/afl-cmin +++ b/afl-cmin @@ -133,6 +133,8 @@ BEGIN { # defaults extra_par = "" + AFL_CMIN_CRASHES_ONLY = "" + # process options Opterr = 1 # default is to diagnose Optind = 1 # skip ARGV[0] @@ -169,7 +171,7 @@ BEGIN { continue } else if (_go_c == "C") { - ENVIRON["AFL_CMIN_CRASHES_ONLY"] = 1 + AFL_CMIN_CRASHES_ONLY = "AFL_CMIN_CRASHES_ONLY=1 " continue } else if (_go_c == "e") { @@ -365,10 +367,10 @@ BEGIN { print "[*] Testing the target binary..." if (!stdin_file) { - system( "AFL_CMIN_ALLOW_ANY=1 \""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"first_file"\"") + system( "AFL_CMIN_ALLOW_ANY=1 "AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -- \""target_bin"\" "prog_args_string" <\""in_dir"/"first_file"\"") } else { system("cp "in_dir"/"first_file" "stdin_file) - system( "AFL_CMIN_ALLOW_ANY=1 \""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"/.run_test\" -Z "extra_par" -A \""stdin_file"\" -- \""target_bin"\" "prog_args_string" Date: Sat, 17 Oct 2020 14:34:14 +0200 Subject: fix AFL_CMIN_CRASHES_ONLY=1 afl-showmap --- afl-cmin | 4 ++-- src/afl-showmap.c | 52 ++++++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 50 insertions(+), 6 deletions(-) (limited to 'afl-cmin') diff --git a/afl-cmin b/afl-cmin index f8d3518d..0dbf1390 100755 --- a/afl-cmin +++ b/afl-cmin @@ -409,8 +409,8 @@ BEGIN { retval = system( AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string" /dev/null") diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 6213c447..bd0d1a29 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -209,6 +209,13 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { if (!outfile) { FATAL("Output filename not set (Bug in AFL++?)"); } + if (cmin_mode && (fsrv->last_run_timed_out + || (!caa && child_crashed != cco))) { + + return ret; + + } + if (!strncmp(outfile, "/dev/", 5)) { fd = open(outfile, O_WRONLY); @@ -255,9 +262,6 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { if (cmin_mode) { - if (fsrv->last_run_timed_out) { break; } - if (!caa && child_crashed != cco) { break; } - fprintf(f, "%u%u\n", fsrv->trace_bits[i], i); } else { @@ -292,6 +296,37 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, classify_counts(fsrv); + if (!quiet_mode) { SAYF(cRST "-- Program output ends --\n"); } + + if (!fsrv->last_run_timed_out && !stop_soon && WIFSIGNALED(fsrv->child_status)) { + + child_crashed = 1; + + } else { + + child_crashed = 0; + + } + + if (!quiet_mode) { + + if (fsrv->last_run_timed_out) { + + SAYF(cLRD "\n+++ Program timed off +++\n" cRST); + + } else if (stop_soon) { + + SAYF(cLRD "\n+++ Program aborted by user +++\n" cRST); + + } else if (child_crashed) { + + SAYF(cLRD "\n+++ Program killed by signal %u +++\n" cRST, + WTERMSIG(fsrv->child_status)); + + } + + } + if (stop_soon) { SAYF(cRST cLRD "\n+++ afl-showmap folder mode aborted by user +++\n" cRST); @@ -1156,8 +1191,17 @@ int main(int argc, char **argv_orig, char **envp) { afl_shm_deinit(&shm); if (fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz); - u32 ret = child_crashed * 2 + fsrv->last_run_timed_out; + u32 ret; + + if (cmin_mode && !!getenv("AFL_CMIN_CRASHES_ONLY")) { + + ret = fsrv->last_run_timed_out; + } else { + + ret = child_crashed * 2 + fsrv->last_run_timed_out; + + } if (fsrv->target_path) { ck_free(fsrv->target_path); } afl_fsrv_deinit(fsrv); -- cgit 1.4.1