From c1d9a4fab9b652a0ea810086ce064ec3836c7bd9 Mon Sep 17 00:00:00 2001 From: rapt0r Date: Sat, 19 Oct 2024 22:19:41 +0900 Subject: feat: introduce GCC disable environment variable This change is to disable the GCC plugin version check for GCC plugin and CMPLOG, to overcome the issues with incompatability with expected GCC version and actual GCC version used to compile using `AFL_GCC_DISABLE_VERSION_CHECK` environment variable. --- instrumentation/README.gcc_plugin.md | 5 ++++- instrumentation/afl-gcc-cmplog-pass.so.cc | 3 ++- instrumentation/afl-gcc-cmptrs-pass.so.cc | 3 ++- instrumentation/afl-gcc-pass.so.cc | 3 ++- 4 files changed, 10 insertions(+), 4 deletions(-) (limited to 'instrumentation') diff --git a/instrumentation/README.gcc_plugin.md b/instrumentation/README.gcc_plugin.md index 011a574a..34004dc7 100644 --- a/instrumentation/README.gcc_plugin.md +++ b/instrumentation/README.gcc_plugin.md @@ -51,7 +51,10 @@ The idea and much of the implementation comes from Laszlo Szekeres. In order to leverage this mechanism, you need to have modern enough GCC (>= version 4.5.0) and the plugin development headers installed on your system. That should be all you need. On Debian machines, these headers can be acquired by -installing the `gcc-VERSION-plugin-dev` packages. +installing the `gcc-VERSION-plugin-dev` packages. If you're compiling a GCC +plugin that differs from the system-installed version and encounter issues +with version checks, you can use the `AFL_GCC_DISABLE_VERSION_CHECK` environment +variable. To build the instrumentation itself, type `make`. This will generate binaries called `afl-gcc-fast` and `afl-g++-fast` in the parent directory. diff --git a/instrumentation/afl-gcc-cmplog-pass.so.cc b/instrumentation/afl-gcc-cmplog-pass.so.cc index 774dd5fd..38fce961 100644 --- a/instrumentation/afl-gcc-cmplog-pass.so.cc +++ b/instrumentation/afl-gcc-cmplog-pass.so.cc @@ -370,7 +370,8 @@ Set AFL_QUIET in the environment to silence it.\n\ int plugin_init(struct plugin_name_args *info, struct plugin_gcc_version *version) { - if (!plugin_default_version_check(version, &gcc_version)) + if (!plugin_default_version_check(version, &gcc_version) && + !getenv("AFL_GCC_DISABLE_VERSION_CHECK")) FATAL(G_("GCC and plugin have incompatible versions, expected GCC %s, " "is %s"), gcc_version.basever, version->basever); diff --git a/instrumentation/afl-gcc-cmptrs-pass.so.cc b/instrumentation/afl-gcc-cmptrs-pass.so.cc index 96bd5ba8..360b035a 100644 --- a/instrumentation/afl-gcc-cmptrs-pass.so.cc +++ b/instrumentation/afl-gcc-cmptrs-pass.so.cc @@ -338,7 +338,8 @@ Set AFL_QUIET in the environment to silence it.\n\ int plugin_init(struct plugin_name_args *info, struct plugin_gcc_version *version) { - if (!plugin_default_version_check(version, &gcc_version)) + if (!plugin_default_version_check(version, &gcc_version) && + !getenv("AFL_GCC_DISABLE_VERSION_CHECK")) FATAL(G_("GCC and plugin have incompatible versions, expected GCC %s, " "is %s"), gcc_version.basever, version->basever); diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index 41b1e5af..26f7bd19 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -478,7 +478,8 @@ Specify -frandom-seed for reproducible instrumentation.\n\ int plugin_init(struct plugin_name_args *info, struct plugin_gcc_version *version) { - if (!plugin_default_version_check(version, &gcc_version)) + if (!plugin_default_version_check(version, &gcc_version) && + !getenv("AFL_GCC_DISABLE_VERSION_CHECK")) FATAL(G_("GCC and plugin have incompatible versions, expected GCC %s, " "is %s"), gcc_version.basever, version->basever); -- cgit 1.4.1 From 1efb7c8a8b54c3ff236701221e532481ea63b575 Mon Sep 17 00:00:00 2001 From: dergoegge Date: Wed, 21 Aug 2024 10:37:39 +0100 Subject: Make __AFL_COVERAGE_START_OFF work for targets with "small" maps --- instrumentation/afl-compiler-rt.o.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'instrumentation') diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 0da689b2..6084880f 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -630,21 +630,21 @@ static void __afl_map_shm(void) { __afl_area_ptr_dummy = (u8 *)malloc(__afl_map_size); - if (__afl_area_ptr_dummy) { + } - if (__afl_selective_coverage_start_off) { + if (__afl_area_ptr_dummy) { - __afl_area_ptr = __afl_area_ptr_dummy; + if (__afl_selective_coverage_start_off) { - } + __afl_area_ptr = __afl_area_ptr_dummy; - } else { + } - fprintf(stderr, "Error: __afl_selective_coverage failed!\n"); - __afl_selective_coverage = 0; - // continue; + } else { - } + fprintf(stderr, "Error: __afl_selective_coverage failed!\n"); + __afl_selective_coverage = 0; + // continue; } -- cgit 1.4.1 From 577b286508a72114d607e41ec37f6f201e9e5ce6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 28 Oct 2024 09:52:51 +0100 Subject: fix explanation how to obtain the map size --- docs/Changelog.md | 1 + instrumentation/afl-compiler-rt.o.c | 6 ++++++ src/afl-forkserver.c | 6 +++--- 3 files changed, 10 insertions(+), 3 deletions(-) (limited to 'instrumentation') diff --git a/docs/Changelog.md b/docs/Changelog.md index 8a445084..1d6d9060 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -39,6 +39,7 @@ AFL_LLVM_INSTRUMENT=CLASSIC - new compile time variable: `AFL_OPT_LEVEL` to set a specific optimization level, default is `3` + - correctly explain how to get the correct map size for large targets - code formatting updated to llvm 18 - improved custom_mutators/aflpp/standalone/aflpp-standalone - added custom_mutators/autotokens/standalone/autotokens-standalone diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 6084880f..075d4d29 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -367,6 +367,12 @@ static void __afl_map_shm(void) { } + if (__afl_debug) { + + fprintf(stderr, "DEBUG: AFL_MAP_SIZE=%u\n", __afl_map_size); + + } + if (__afl_final_loc > MAP_SIZE) { char *ptr; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 51299009..9f619c14 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -495,9 +495,9 @@ static void report_error_and_exit(int error) { FATAL( "AFL_MAP_SIZE is not set and fuzzing target reports that the " "required size is very large. Solution: Run the fuzzing target " - "stand-alone with the environment variable AFL_DEBUG=1 set and set " - "the value for __afl_final_loc in the AFL_MAP_SIZE environment " - "variable for afl-fuzz."); + "stand-alone with the environment variable AFL_DUMP_MAP_SIZE=1 set " + "the displayed value in the AFL_MAP_SIZE environment variable for " + "afl-fuzz."); break; case FS_ERROR_MAP_ADDR: FATAL( -- cgit 1.4.1 From d1fd072b793cba16c28249abefe73ecb7feae4f2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 30 Oct 2024 10:55:38 +0100 Subject: fix --- instrumentation/afl-compiler-rt.o.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'instrumentation') diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 075d4d29..77a9623c 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -419,7 +419,7 @@ static void __afl_map_shm(void) { if ((ptr = getenv("AFL_MAP_SIZE")) != NULL) { val = atoi(ptr); } - if (val > MAP_INITIAL_SIZE) { + if (val > MAP_INITIAL_SIZE && val > __afl_final_loc) { __afl_map_size = val; -- cgit 1.4.1