From 84f0b4f1874a9c3a5f2da4056f974df8273093d9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 7 Feb 2021 08:27:35 +0100 Subject: persistent replay env setup --- include/afl-fuzz.h | 2 +- include/envs.h | 1 + include/forkserver.h | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index c3a8c2ee..3b6f2285 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -390,7 +390,7 @@ typedef struct afl_env_vars { *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, - *afl_testcache_entries, *afl_kill_signal; + *afl_testcache_entries, *afl_kill_signal, *afl_persistent_replay; } afl_env_vars_t; diff --git a/include/envs.h b/include/envs.h index 210b34a6..f82bb803 100644 --- a/include/envs.h +++ b/include/envs.h @@ -123,6 +123,7 @@ static char *afl_environment_variables[] = { "AFL_MAX_DET_EXTRAS", "AFL_PATH", "AFL_PERFORMANCE_FILE", + "AFL_PERSISTEN_REPLAY", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV", diff --git a/include/forkserver.h b/include/forkserver.h index ac027f81..a0a60e0f 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -55,6 +55,9 @@ typedef struct afl_forkserver { u32 init_tmout; /* Configurable init timeout (ms) */ u32 map_size; /* map size used by the target */ u32 snapshot; /* is snapshot feature used */ + u32 persistent_replay; /* persistent replay setting */ + u32 persistent_replay_idx; /* persistent replay cache ptr */ + u32 persistent_replay_cnt; /* persistent replay counter */ u64 mem_limit; /* Memory cap for child (MB) */ u64 total_execs; /* How often run_target was called */ -- cgit v1.2.3 From 81442ba3f953c939e2cde9c16b9cd0d5fe7f12b5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 Mar 2021 15:48:49 +0100 Subject: implementation without testing --- include/forkserver.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/forkserver.h b/include/forkserver.h index a0a60e0f..ddbc36ef 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -55,9 +55,6 @@ typedef struct afl_forkserver { u32 init_tmout; /* Configurable init timeout (ms) */ u32 map_size; /* map size used by the target */ u32 snapshot; /* is snapshot feature used */ - u32 persistent_replay; /* persistent replay setting */ - u32 persistent_replay_idx; /* persistent replay cache ptr */ - u32 persistent_replay_cnt; /* persistent replay counter */ u64 mem_limit; /* Memory cap for child (MB) */ u64 total_execs; /* How often run_target was called */ @@ -97,6 +94,14 @@ typedef struct afl_forkserver { char *cmplog_binary; /* the name of the cmplog binary */ + /* persistent mode replay functionality */ + u32 persistent_replay; /* persistent replay setting */ + u32 persistent_replay_idx; /* persistent replay cache ptr */ + u32 persistent_replay_cnt; /* persistent replay counter */ + u8 * persistent_replay_dir; + u8 ** persistent_replay_data; + u32 **persistent_replay_len; + /* Function to kick off the forkserver child */ void (*init_child_func)(struct afl_forkserver *fsrv, char **argv); -- cgit v1.2.3 From 4a0d4c50fc8bec11a090156ab970414d4897ea6c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 Mar 2021 19:12:25 +0100 Subject: complete implemenation, still no test --- include/afl-fuzz.h | 2 +- include/forkserver.h | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 3b6f2285..b1fba884 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -390,7 +390,7 @@ typedef struct afl_env_vars { *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, - *afl_testcache_entries, *afl_kill_signal, *afl_persistent_replay; + *afl_testcache_entries, *afl_kill_signal, *afl_persistent_record; } afl_env_vars_t; diff --git a/include/forkserver.h b/include/forkserver.h index ddbc36ef..850c5b0d 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -95,12 +95,13 @@ typedef struct afl_forkserver { char *cmplog_binary; /* the name of the cmplog binary */ /* persistent mode replay functionality */ - u32 persistent_replay; /* persistent replay setting */ - u32 persistent_replay_idx; /* persistent replay cache ptr */ - u32 persistent_replay_cnt; /* persistent replay counter */ - u8 * persistent_replay_dir; - u8 ** persistent_replay_data; - u32 **persistent_replay_len; + u32 persistent_record; /* persistent replay setting */ + u32 persistent_record_idx; /* persistent replay cache ptr */ + u32 persistent_record_cnt; /* persistent replay counter */ + u8 * persistent_record_dir; + u8 ** persistent_record_data; + u32 **persistent_record_len; + s32 persistent_record_pid; /* Function to kick off the forkserver child */ void (*init_child_func)(struct afl_forkserver *fsrv, char **argv); -- cgit v1.2.3 From 7f062524c97ab18306d42e59ab0223e04ff78f24 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 Mar 2021 23:01:13 +0100 Subject: fixes --- include/envs.h | 2 +- include/forkserver.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/envs.h b/include/envs.h index f82bb803..6ba69f26 100644 --- a/include/envs.h +++ b/include/envs.h @@ -123,7 +123,7 @@ static char *afl_environment_variables[] = { "AFL_MAX_DET_EXTRAS", "AFL_PATH", "AFL_PERFORMANCE_FILE", - "AFL_PERSISTEN_REPLAY", + "AFL_PERSISTENT_RECORD", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV", diff --git a/include/forkserver.h b/include/forkserver.h index 850c5b0d..c894ad80 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -100,7 +100,7 @@ typedef struct afl_forkserver { u32 persistent_record_cnt; /* persistent replay counter */ u8 * persistent_record_dir; u8 ** persistent_record_data; - u32 **persistent_record_len; + u32 * persistent_record_len; s32 persistent_record_pid; /* Function to kick off the forkserver child */ -- cgit v1.2.3 From 958436be4ba057e8409787e7ff4ddcfa095c46da Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 24 Mar 2021 18:18:05 +0100 Subject: ifdef for record --- include/config.h | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'include') diff --git a/include/config.h b/include/config.h index 60872785..f6dbfae0 100644 --- a/include/config.h +++ b/include/config.h @@ -60,6 +60,15 @@ /* Now non-cmplog configuration options */ + +/* If a persistent target keeps state and found crashes are not reproducable + then enable this option and set the AFL_PERSISTENT_RECORD env variable + to a number. These number of testcases prior the crash will be kept and + also written to the crash/ directory */ + +#define AFL_PERSISTENT_RECORD + + /* console output colors: There are three ways to configure its behavior * 1. default: colored outputs fixed on: defined USE_COLOR && defined * ALWAYS_COLORED The env var. AFL_NO_COLOR will have no effect -- cgit v1.2.3 From 55224e5150b3acfc4c1db3975ef6a2b5e173f626 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 24 Mar 2021 18:24:52 +0100 Subject: AFL_PERSISTENT_RECORD not a default --- include/config.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/config.h b/include/config.h index ab4c49f2..4691624a 100644 --- a/include/config.h +++ b/include/config.h @@ -71,16 +71,16 @@ /* Maximum allowed fails per CMP value. Default: 128 */ #define CMPLOG_FAIL_MAX 96 +/* -------------------------------------*/ /* Now non-cmplog configuration options */ - +/* -------------------------------------*/ /* If a persistent target keeps state and found crashes are not reproducable then enable this option and set the AFL_PERSISTENT_RECORD env variable to a number. These number of testcases prior the crash will be kept and also written to the crash/ directory */ -#define AFL_PERSISTENT_RECORD - +//#define AFL_PERSISTENT_RECORD /* console output colors: There are three ways to configure its behavior * 1. default: colored outputs fixed on: defined USE_COLOR && defined -- cgit v1.2.3 From ab394836a9fe3faadb9d1af3a7d377bbcf5b5eee Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Mar 2021 08:40:33 +0100 Subject: remove warnings --- include/afl-fuzz.h | 3 ++- include/config.h | 5 +++-- include/forkserver.h | 16 +++++++++------- 3 files changed, 14 insertions(+), 10 deletions(-) (limited to 'include') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 691ba148..046b0177 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -390,7 +390,8 @@ typedef struct afl_env_vars { *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, - *afl_testcache_entries, *afl_kill_signal, *afl_target_env, *afl_persistent_record; + *afl_testcache_entries, *afl_kill_signal, *afl_target_env, + *afl_persistent_record; } afl_env_vars_t; diff --git a/include/config.h b/include/config.h index 4691624a..75f363f7 100644 --- a/include/config.h +++ b/include/config.h @@ -77,8 +77,9 @@ /* If a persistent target keeps state and found crashes are not reproducable then enable this option and set the AFL_PERSISTENT_RECORD env variable - to a number. These number of testcases prior the crash will be kept and - also written to the crash/ directory */ + to a number. These number of testcases prior and including the crash case + will be kept and written to the crash/ directory as RECORD:... files. + Note that every crash will be written, not only unique ones! */ //#define AFL_PERSISTENT_RECORD diff --git a/include/forkserver.h b/include/forkserver.h index c894ad80..808f6bd2 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -95,13 +95,15 @@ typedef struct afl_forkserver { char *cmplog_binary; /* the name of the cmplog binary */ /* persistent mode replay functionality */ - u32 persistent_record; /* persistent replay setting */ - u32 persistent_record_idx; /* persistent replay cache ptr */ - u32 persistent_record_cnt; /* persistent replay counter */ - u8 * persistent_record_dir; - u8 ** persistent_record_data; - u32 * persistent_record_len; - s32 persistent_record_pid; + u32 persistent_record; /* persistent replay setting */ +#ifdef AFL_PERSISTENT_RECORD + u32 persistent_record_idx; /* persistent replay cache ptr */ + u32 persistent_record_cnt; /* persistent replay counter */ + u8 * persistent_record_dir; + u8 **persistent_record_data; + u32 *persistent_record_len; + s32 persistent_record_pid; +#endif /* Function to kick off the forkserver child */ void (*init_child_func)(struct afl_forkserver *fsrv, char **argv); -- cgit v1.2.3