From 4b99ebbf22fa7a9d4fe43056c641e71af04133be Mon Sep 17 00:00:00 2001 From: root Date: Mon, 29 Jun 2020 18:48:17 +0200 Subject: Revert "Merge branch 'text_inputs' into dev" This reverts commit 6d9b29daca46c8912aa9ddf6c053bc8554e9e9f7, reversing changes made to 07648f75ea5ef8f03a92db0c7566da8c229dc27b. --- include/afl-fuzz.h | 7 +++---- include/config.h | 26 +------------------------- 2 files changed, 4 insertions(+), 29 deletions(-) (limited to 'include') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index ca785e47..c9f84c61 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -139,8 +139,7 @@ struct queue_entry { var_behavior, /* Variable behavior? */ favored, /* Currently favored? */ fs_redundant, /* Marked as redundant in the fs? */ - fully_colorized, /* Do not run redqueen stage again */ - is_ascii; /* Is the input just ascii text? */ + fully_colorized; /* Do not run redqueen stage again */ u32 bitmap_size, /* Number of bits set in bitmap */ fuzz_level; /* Number of fuzzing iterations */ @@ -948,7 +947,7 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len, u64 exec_cksum); /* xoshiro256** */ -uint32_t rand_next(afl_state_t *afl); +uint64_t rand_next(afl_state_t *afl); /**** Inline routines ****/ @@ -968,7 +967,7 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) { } - return (rand_next(afl) % limit); + return rand_next(afl) % limit; } diff --git a/include/config.h b/include/config.h index 09405a22..087e0a76 100644 --- a/include/config.h +++ b/include/config.h @@ -293,7 +293,7 @@ /* Call count interval between reseeding the libc PRNG from /dev/urandom: */ -#define RESEED_RNG 256000 +#define RESEED_RNG 100000 /* Maximum line length passed from GCC to 'as' and used for parsing configuration files: */ @@ -397,29 +397,5 @@ // #define IGNORE_FINDS -/* Text mutations */ - -/* What is the minimum length of a queue input to be evaluated for "is_ascii"? - */ - -#define AFL_TXT_MIN_LEN 12 - -/* What is the minimum percentage of ascii characters present to be classifed - as "is_ascii"? */ - -#define AFL_TXT_MIN_PERCENT 95 - -/* How often to perform ASCII mutations 0 = disable, 1-8 are good values */ - -#define AFL_TXT_BIAS 8 - -/* Maximum length of a string to tamper with */ - -#define AFL_TXT_STRING_MAX_LEN 1024 - -/* Maximum mutations on a string */ - -#define AFL_TXT_STRING_MAX_MUTATIONS 6 - #endif /* ! _HAVE_CONFIG_H */ -- cgit v1.2.3 From 7527c76c7446f8197b9f7acb8ca0ccd44fe7bd39 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 30 Jun 2020 17:33:47 +0200 Subject: reduce the time interval in which the secondaries sync --- include/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/config.h b/include/config.h index 087e0a76..5ee93389 100644 --- a/include/config.h +++ b/include/config.h @@ -234,7 +234,7 @@ /* Sync interval (every n havoc cycles): */ -#define SYNC_INTERVAL 5 +#define SYNC_INTERVAL 8 /* Output directory reuse grace period (minutes): */ -- cgit v1.2.3 From 6b98157c1a235c10ed5f9fc3220aa1869ea8f3e4 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 1 Jul 2020 09:15:47 +0200 Subject: v2.66c release preparation --- include/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/config.h b/include/config.h index 5ee93389..e8f52f45 100644 --- a/include/config.h +++ b/include/config.h @@ -28,7 +28,7 @@ /* Version string: */ // c = release, d = volatile github dev, e = experimental branch -#define VERSION "++2.65d" +#define VERSION "++2.66c" /****************************************************** * * -- cgit v1.2.3 From 97cef46b62800cd505ef1a34e3ff61eafd5bce54 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 1 Jul 2020 10:03:34 +0200 Subject: warn on deprecated env vars --- include/envs.h | 136 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) (limited to 'include') diff --git a/include/envs.h b/include/envs.h index 0651f9da..86222418 100644 --- a/include/envs.h +++ b/include/envs.h @@ -1,3 +1,139 @@ +#ifndef _ENVS_H + +#define _ENVS_H + +static char *afl_environment_deprecated[] = { + + "AFL_LLVM_WHITELIST", + "AFL_GCC_WHITELIST", + "AFL_DEFER_FORKSRV", + "AFL_POST_LIBRARY", + "AFL_PERSISTENT", + NULL + +}; + +static char *afl_environment_variables[] = { + + "AFL_ALIGNED_ALLOC", + "AFL_ALLOW_TMP", + "AFL_ANALYZE_HEX", + "AFL_AS", + "AFL_AUTORESUME", + "AFL_AS_FORCE_INSTRUMENT", + "AFL_BENCH_JUST_ONE", + "AFL_BENCH_UNTIL_CRASH", + "AFL_CAL_FAST", + "AFL_CC", + "AFL_CMIN_ALLOW_ANY", + "AFL_CMIN_CRASHES_ONLY", + "AFL_CODE_END", + "AFL_CODE_START", + "AFL_COMPCOV_BINNAME", + "AFL_COMPCOV_LEVEL", + "AFL_CUSTOM_MUTATOR_LIBRARY", + "AFL_CUSTOM_MUTATOR_ONLY", + "AFL_CXX", + "AFL_DEBUG", + "AFL_DEBUG_CHILD_OUTPUT", + "AFL_DEBUG_GDB", + "AFL_DISABLE_TRIM", + "AFL_DONT_OPTIMIZE", + "AFL_DUMB_FORKSRV", + "AFL_ENTRYPOINT", + "AFL_EXIT_WHEN_DONE", + "AFL_FAST_CAL", + "AFL_FORCE_UI", + "AFL_GCC_INSTRUMENT_FILE", + "AFL_GCJ", + "AFL_HANG_TMOUT", + "AFL_HARDEN", + "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", + "AFL_IMPORT_FIRST", + "AFL_INST_LIBS", + "AFL_INST_RATIO", + "AFL_KEEP_TRACES", + "AFL_KEEP_ASSEMBLY", + "AFL_LD_HARD_FAIL", + "AFL_LD_LIMIT_MB", + "AFL_LD_NO_CALLOC_OVER", + "AFL_LD_PASSTHROUGH", + "AFL_REAL_LD", + "AFL_LD_PRELOAD", + "AFL_LD_VERBOSE", + "AFL_LLVM_CMPLOG", + "AFL_LLVM_INSTRIM", + "AFL_LLVM_CTX", + "AFL_LLVM_INSTRUMENT", + "AFL_LLVM_INSTRIM_LOOPHEAD", + "AFL_LLVM_LTO_AUTODICTIONARY", + "AFL_LLVM_AUTODICTIONARY", + "AFL_LLVM_SKIPSINGLEBLOCK", + "AFL_LLVM_INSTRIM_SKIPSINGLEBLOCK", + "AFL_LLVM_LAF_SPLIT_COMPARES", + "AFL_LLVM_LAF_SPLIT_COMPARES_BITW", + "AFL_LLVM_LAF_SPLIT_FLOATS", + "AFL_LLVM_LAF_SPLIT_SWITCHES", + "AFL_LLVM_LAF_ALL", + "AFL_LLVM_LAF_TRANSFORM_COMPARES", + "AFL_LLVM_MAP_ADDR", + "AFL_LLVM_MAP_DYNAMIC", + "AFL_LLVM_NGRAM_SIZE", + "AFL_NGRAM_SIZE", + "AFL_LLVM_NOT_ZERO", + "AFL_LLVM_INSTRUMENT_FILE", + "AFL_LLVM_SKIP_NEVERZERO", + "AFL_NO_AFFINITY", + "AFL_LLVM_LTO_STARTID", + "AFL_LLVM_LTO_DONTWRITEID", + "AFL_NO_ARITH", + "AFL_NO_BUILTIN", + "AFL_NO_CPU_RED", + "AFL_NO_FORKSRV", + "AFL_NO_UI", + "AFL_NO_PYTHON", + "AFL_UNTRACER_FILE", + "AFL_LLVM_USE_TRACE_PC", + "AFL_NO_X86", // not really an env but we dont want to warn on it + "AFL_MAP_SIZE", + "AFL_MAPSIZE", + "AFL_PATH", + "AFL_PERFORMANCE_FILE", + "AFL_PRELOAD", + "AFL_PYTHON_MODULE", + "AFL_QEMU_COMPCOV", + "AFL_QEMU_COMPCOV_DEBUG", + "AFL_QEMU_DEBUG_MAPS", + "AFL_QEMU_DISABLE_CACHE", + "AFL_QEMU_PERSISTENT_ADDR", + "AFL_QEMU_PERSISTENT_CNT", + "AFL_QEMU_PERSISTENT_GPR", + "AFL_QEMU_PERSISTENT_HOOK", + "AFL_QEMU_PERSISTENT_RET", + "AFL_QEMU_PERSISTENT_RETADDR_OFFSET", + "AFL_QUIET", + "AFL_RANDOM_ALLOC_CANARY", + "AFL_REAL_PATH", + "AFL_SHUFFLE_QUEUE", + "AFL_SKIP_BIN_CHECK", + "AFL_SKIP_CPUFREQ", + "AFL_SKIP_CRASHES", + "AFL_TMIN_EXACT", + "AFL_TMPDIR", + "AFL_TOKEN_FILE", + "AFL_TRACE_PC", + "AFL_USE_ASAN", + "AFL_USE_MSAN", + "AFL_USE_TRACE_PC", + "AFL_USE_UBSAN", + "AFL_USE_CFISAN", + "AFL_WINE_PATH", + "AFL_NO_SNAPSHOT", + NULL + +}; extern char *afl_environment_variables[]; +#endif + -- cgit v1.2.3 From 00abb999e3c051c5c7c6349c385d77d25dea8e7f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 1 Jul 2020 18:24:00 +0200 Subject: v2.66d init --- include/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/config.h b/include/config.h index e8f52f45..7de74009 100644 --- a/include/config.h +++ b/include/config.h @@ -28,7 +28,7 @@ /* Version string: */ // c = release, d = volatile github dev, e = experimental branch -#define VERSION "++2.66c" +#define VERSION "++2.66d" /****************************************************** * * -- cgit v1.2.3 From 83790d65afb52a055d093451a50ce55690a25002 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 8 Jul 2020 11:16:39 +0200 Subject: eliminate race condition for cpu affinity on -M/-S --- include/config.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include') diff --git a/include/config.h b/include/config.h index 7de74009..4503c3e9 100644 --- a/include/config.h +++ b/include/config.h @@ -380,6 +380,10 @@ #define CMPLOG_SHM_ENV_VAR "__AFL_CMPLOG_SHM_ID" +/* CPU Affinity lockfile env var */ + +#define CPU_AFFINITY_ENV_VAR "__AFL_LOCKFILE" + /* Uncomment this to use inferior block-coverage-based instrumentation. Note that you need to recompile the target binary for this to have any effect: */ -- cgit v1.2.3 From c2b04bdf6c596f5d220f27caead20d09452ed42d Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 16 Jul 2020 14:32:41 +0200 Subject: queue buffer and new splice havoc mutation --- include/afl-fuzz.h | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index c9f84c61..adab8155 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -546,6 +546,10 @@ typedef struct afl_state { *queue_top, /* Top of the list */ *q_prev100; /* Previous 100 marker */ + // growing buf + struct queue_entry **queue_buf; + size_t queue_size; + struct queue_entry **top_rated; /* Top entries for bitmap bytes */ struct extra_data *extras; /* Extra tokens to fuzz with */ -- cgit v1.2.3