From e405e721fad46e594b633147a6940cfdd602e4c2 Mon Sep 17 00:00:00 2001 From: Davide Quarta Date: Tue, 6 Feb 2024 18:19:52 +0100 Subject: reuse first_pass aux var in persistent loop for record replay mode, keep area ptr and loc logic intact in record replay mode, move replay record example to own dir in utils, update docs, move record compat layer to separate header file --- include/afl-persistent-replay.h | 131 +++++++++++++++++++++++++ include/afl-record-compat.h | 67 +++++++++++++ include/config.h | 6 +- include/persistent_replay.h | 207 ---------------------------------------- 4 files changed, 200 insertions(+), 211 deletions(-) create mode 100644 include/afl-persistent-replay.h create mode 100644 include/afl-record-compat.h delete mode 100644 include/persistent_replay.h (limited to 'include') diff --git a/include/afl-persistent-replay.h b/include/afl-persistent-replay.h new file mode 100644 index 00000000..9e60ff9c --- /dev/null +++ b/include/afl-persistent-replay.h @@ -0,0 +1,131 @@ +#ifndef _HAVE_PERSISTENT_REPLAY_H +#define _HAVE_PERSISTENT_REPLAY_H + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifndef PATH_MAX + #define PATH_MAX 4096 +#endif + +static unsigned short int is_replay_record; +static unsigned int replay_record; +static unsigned int replay_record_cnt; +static char replay_record_path[PATH_MAX]; +static char *replay_record_dir; +static struct dirent **record_list; + +#ifdef AFL_PERSISTENT_REPLAY_ARGPARSE +static char **record_arg = NULL; +#endif // AFL_PERSISTENT_REPLAY_ARGPARSE + +static int select_files(const struct dirent *dirbuf) { + + char fn[PATH_MAX]; + + if (dirbuf->d_name[0] == '.') { + + return 0; + + } else { + + snprintf(fn, sizeof(fn), "RECORD:%06u", replay_record); + return !!strstr(dirbuf->d_name, fn); + + } + +} + +static int compare_files(const struct dirent **da, const struct dirent **db) { + + unsigned int c1 = 0, c2 = 0; + + sscanf((*da)->d_name, "RECORD:%*u,cnt:%06u", &c1); + sscanf((*db)->d_name, "RECORD:%*u,cnt:%06u", &c2); + + return c1 - c2; + +} + +__attribute__((destructor)) static void __afl_record_replay_destroy(void) { + + for (int i = 0; i < replay_record_cnt; i++) { + + free(record_list[i]); + + } + + free(record_list); + +} + +__attribute__((constructor)) static void __afl_record_replay_init( +#ifdef AFL_PERSISTENT_REPLAY_ARGPARSE + int argc, char **argv +#endif // AFL_PERSISTENT_REPLAY_ARGPARSE +) { + +#ifdef AFL_PERSISTENT_REPLAY_ARGPARSE + char **argp; +#endif // AFL_PERSISTENT_REPLAY_ARGPARSE + + struct stat sb; + + /* caveat: if harness uses @@ and we don't pass it, it will regardless loop + * the number of iterations defined for AFL_LOOP (on the same file)*/ + if (!(is_replay_record = !!getenv("AFL_PERSISTENT_REPLAY"))) { + + // printf("[warning] AFL_PERSISTENT_REPLAY not set.\n"); + return; + + } + + replay_record = atoi(getenv("AFL_PERSISTENT_REPLAY")); + replay_record_dir = getenv("AFL_PERSISTENT_DIR"); + + if (!(stat(replay_record_dir, &sb) == 0 && S_ISDIR(sb.st_mode))) { + + fprintf(stderr, "[error] Can't find the requested record directory!\n"); + is_replay_record = 0; + return; + + } + + replay_record_cnt = scandir(replay_record_dir ? replay_record_dir : "./", + &record_list, select_files, compare_files); + + if (!replay_record_cnt) { + + fprintf(stderr, "[error] Can't find the requested record!\n"); + is_replay_record = 0; + + } + +#ifdef AFL_PERSISTENT_REPLAY_ARGPARSE + argp = argv; + while (*argp) { + + if (!strcmp(*argp, "@@")) { + + record_arg = argp; + *record_arg = replay_record_path; + break; + + } + + ++argp; + + } + +#endif // AFL_PERSISTENT_REPLAY_ARGPARSE + +} + +#endif // _HAVE_PERSISTENT_REPLAY_H + diff --git a/include/afl-record-compat.h b/include/afl-record-compat.h new file mode 100644 index 00000000..2c79595d --- /dev/null +++ b/include/afl-record-compat.h @@ -0,0 +1,67 @@ +#ifndef _HAVE_AFL_COMPAT_H +#define _HAVE_AFL_COMPAT_H + +#include + +#define FUZZ_BUF_SIZE 1024000 + +// extern ssize_t read(int fildes, void *buf, size_t nbyte); + +// extern int __afl_persistent_loop(unsigned int max_cnt); +// extern unsigned char fuzz_buf[]; + +#ifndef __AFL_HAVE_MANUAL_CONTROL + #define __AFL_HAVE_MANUAL_CONTROL +#endif + +#define __AFL_FUZZ_TESTCASE_LEN (read(0, fuzz_buf, FUZZ_BUF_SIZE)) +#define __AFL_FUZZ_TESTCASE_BUF fuzz_buf +#define __AFL_FUZZ_INIT() void sync(void); +#define __AFL_INIT() sync() +#define __AFL_LOOP(x) __afl_persistent_loop(x) + +unsigned char fuzz_buf[FUZZ_BUF_SIZE]; + +int __afl_persistent_loop(unsigned int max_cnt) { + + static unsigned int cycle_cnt = 1; + static unsigned short int inited = 0; + char tcase[PATH_MAX]; + + if (is_replay_record) { + + if (!inited) { + + cycle_cnt = replay_record_cnt; + inited = 1; + + } + + snprintf(tcase, PATH_MAX, "%s/%s", + replay_record_dir ? replay_record_dir : "./", + record_list[replay_record_cnt - cycle_cnt]->d_name); + +#ifdef AFL_PERSISTENT_REPLAY_ARGPARSE + if (record_arg) { + + *record_arg = tcase; + + } else + +#endif // AFL_PERSISTENT_REPLAY_ARGPARSE + { + + int fd = open(tcase, O_RDONLY); + dup2(fd, 0); + close(fd); + + } + + } + + return --cycle_cnt; + +} + +#endif // _HAVE_AFL_COMPAT_H + diff --git a/include/config.h b/include/config.h index d44cda9c..a5b6eba1 100644 --- a/include/config.h +++ b/include/config.h @@ -83,13 +83,11 @@ will be kept and written to the crash/ directory as RECORD:... files. Note that every crash will be written, not only unique ones! */ -#define AFL_PERSISTENT_RECORD - -/* Adds support in compiler-rt to replay persistent records */ -#define AFL_PERSISTENT_REPLAY +// #define AFL_PERSISTENT_RECORD /* Adds support in compiler-rt to replay persistent records in @@-style * harnesses */ + // #define AFL_PERSISTENT_REPLAY_ARGPARSE /* console output colors: There are three ways to configure its behavior diff --git a/include/persistent_replay.h b/include/persistent_replay.h deleted file mode 100644 index 58b22fb4..00000000 --- a/include/persistent_replay.h +++ /dev/null @@ -1,207 +0,0 @@ -#ifndef _HAVE_PERSISTENT_REPLAY_H -#define _HAVE_PERSISTENT_REPLAY_H - -#include -#include -#include -#include -#include -#include -#include -#include - -static unsigned short int is_replay_record; -static unsigned int replay_record; -static unsigned int replay_record_cnt; -static char replay_record_path[PATH_MAX]; -static char *replay_record_dir; -static struct dirent **record_list; - -#ifdef AFL_PERSISTENT_REPLAY_ARGPARSE -static char **record_arg = NULL; -#endif // AFL_PERSISTENT_REPLAY_ARGPARSE - -static int select_files(const struct dirent *dirbuf) { - - char fn[4096]; - - if (dirbuf->d_name[0] == '.') { - - return 0; - - } else { - - snprintf(fn, sizeof(fn), "RECORD:%06u", replay_record); - return !!strstr(dirbuf->d_name, fn); - - } - -} - -static int compare_files(const struct dirent **da, const struct dirent **db) { - - unsigned int c1 = 0, c2 = 0; - - sscanf((*da)->d_name, "RECORD:%*u,cnt:%06u", &c1); - sscanf((*db)->d_name, "RECORD:%*u,cnt:%06u", &c2); - - return c1 - c2; - -} - -__attribute__((destructor)) static void __afl_record_replay_destroy(void) { - - for (int i = 0; i < replay_record_cnt; i++) { - - free(record_list[i]); - - } - - free(record_list); - -} - -__attribute__((constructor)) static void __afl_record_replay_init( -#ifdef AFL_PERSISTENT_REPLAY_ARGPARSE - int argc, char **argv -#endif // AFL_PERSISTENT_REPLAY_ARGPARSE -) { - -#ifdef AFL_PERSISTENT_REPLAY_ARGPARSE - char **argp; -#endif // AFL_PERSISTENT_REPLAY_ARGPARSE - - struct stat sb; - - /* caveat: if harness uses @@ and we don't pass it, it will regardless loop - * the number of iterations defined for AFL_LOOP (on the same file)*/ - if (!(is_replay_record = !!getenv("AFL_PERSISTENT_REPLAY"))) { - - // printf("[warning] AFL_PERSISTENT_REPLAY not set.\n"); - return; - - } - - replay_record = atoi(getenv("AFL_PERSISTENT_REPLAY")); - replay_record_dir = getenv("AFL_PERSISTENT_DIR"); - - if (!(stat(replay_record_dir, &sb) == 0 && S_ISDIR(sb.st_mode))) { - - fprintf(stderr, "[error] Can't find the requested record directory!\n"); - is_replay_record = 0; - return; - - } - - replay_record_cnt = scandir(replay_record_dir ? replay_record_dir : "./", - &record_list, select_files, compare_files); - - if (!replay_record_cnt) { - - fprintf(stderr, "[error] Can't find the requested record!\n"); - is_replay_record = 0; - - } - -#ifdef AFL_PERSISTENT_REPLAY_ARGPARSE - argp = argv; - while (*argp) { - - if (!strcmp(*argp, "@@")) { - - record_arg = argp; - *record_arg = replay_record_path; - break; - - } - - ++argp; - - } - -#endif // AFL_PERSISTENT_REPLAY_ARGPARSE - -} - -/* only used if explictly included for compatibility - compiling without afl-cc */ - -#ifdef AFL_COMPAT - - #ifndef PATH_MAX - #define PATH_MAX 4096 - #endif - - #define FUZZ_BUF_SIZE 1024000 - - // extern ssize_t read(int fildes, void *buf, size_t nbyte); - - // extern int __afl_persistent_loop(unsigned int max_cnt); - // extern unsigned char fuzz_buf[]; - - #ifndef __AFL_HAVE_MANUAL_CONTROL - #define __AFL_HAVE_MANUAL_CONTROL - #endif - - #define __AFL_FUZZ_TESTCASE_LEN (read(0, fuzz_buf, FUZZ_BUF_SIZE)) - #define __AFL_FUZZ_TESTCASE_BUF fuzz_buf - #define __AFL_FUZZ_INIT() void sync(void); - #define __AFL_INIT() sync() - #define __AFL_LOOP(x) __afl_persistent_loop(x) - -unsigned char fuzz_buf[FUZZ_BUF_SIZE]; - -int __afl_persistent_loop(unsigned int max_cnt) { - - static unsigned int cycle_cnt = 1; - static unsigned short int inited = 0; - char tcase[PATH_MAX]; - - if (is_replay_record) { - - if (!inited) { - - cycle_cnt = replay_record_cnt; - inited = 1; - - } - - snprintf(tcase, PATH_MAX, "%s/%s", - replay_record_dir ? replay_record_dir : "./", - record_list[replay_record_cnt - cycle_cnt]->d_name); - - #ifdef AFL_PERSISTENT_REPLAY_ARGPARSE - if (record_arg) { - - *record_arg = tcase; - - } else - - #endif // AFL_PERSISTENT_REPLAY_ARGPARSE - { - - int fd = open(tcase, O_RDONLY); - dup2(fd, 0); - close(fd); - - } - - } else { - - if (!inited) { - - cycle_cnt = max_cnt; - inited = 1; - - } - - } - - return cycle_cnt--; - -} - -#endif // AFL_COMPAT - -#endif // _HAVE_PERSISTENT_REPLAY_H - -- cgit 1.4.1