From 09c4d9ed7574c78bc89edda230e9396d1e79f795 Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Thu, 30 Dec 2021 02:54:40 +0100 Subject: Fix LeakSanitizer Usage. Previously, __lsan_do_leak_check() was run when using __AFL_LEAK_CHECK, however this was the incorrect function to use. According to the documentation: "Subsequent calls to this function will have no effect and end-of-process leak check will not run". This meant that if the memory did not leak on the first usage of __AFL_LEAK_CHECK, subsquent calls to this macro would never do anything. Likewise, it is not possible to use an LSAN suppression list with symbolize=0, so instead __lsan_disable and __lsan_enable are used to 'ignore' certain memory allocations where needed. --- docs/env_variables.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'docs/env_variables.md') diff --git a/docs/env_variables.md b/docs/env_variables.md index dc79bf9e..7ab5351c 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -105,7 +105,8 @@ fairly broad use of environment variables instead: within your program at a certain point (such as at the end of an `__AFL_LOOP()`), you can run the macro `__AFL_LEAK_CHECK();` which will cause an abort if any memory is leaked (you can combine this with the - `LSAN_OPTIONS=...` suppression option to suppress some known leaks). + `__AFL_LSAN_OFF();` and `__AFL_LSAN_ON();` macros to avoid checking for + memory leaks from memory allocated between these two calls. - `AFL_USE_MSAN=1` - activates the memory sanitizer (uninitialized memory) - `AFL_USE_TSAN=1` - activates the thread sanitizer to find thread race conditions -- cgit 1.4.1 From ee57053be1dfada42377d8a4c2f7583b557e52b4 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Mon, 3 Jan 2022 11:18:10 +0100 Subject: add missing gcc env vars --- docs/env_variables.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'docs/env_variables.md') diff --git a/docs/env_variables.md b/docs/env_variables.md index 7ab5351c..76a64bd2 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -284,12 +284,24 @@ mode. TMPDIR=$PWD/assembly_here AFL_KEEP_ASSEMBLY=1 make clean all ``` - - GCC_PLUGIN mode only: Setting `AFL_GCC_INSTRUMENT_FILE` with a filename will - only instrument those files that match the names listed in this file (one - filename per line). See + - GCC_PLUGIN mode only: Setting `AFL_GCC_INSTRUMENT_FILE` or + `AFL_GCC_ALLOWLIST` with a filename will only instrument those files + that match the names listed in this file (one filename per line). + + Setting `AFL_GCC_DENYLIST` or `AFL_GCC_BLOCKLIST` + with a file name and/or function will only skip those files that match + the names listed in the specified file. See [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md) for more information. + Setting `AFL_GCC_OUT_OF_LINE=1` will instruct afl-gcc-fast to instrument the + code with calls to an injected subroutine instead of the much more efficient + inline instrumentation. + + Setting `AFL_GCC_SKIP_NEVERZERO=1` will not implement the skip zero test. + If the target performs only a few loops, then this will give a small + performance boost. + ## 4) Settings for afl-fuzz The main fuzzer binary accepts several options that disable a couple of sanity -- cgit 1.4.1