From 9d3a2b693a8725983a809af3799b190781130c30 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 15 Apr 2021 14:10:04 +0200 Subject: qemuafl --- qemu_mode/QEMUAFL_VERSION | 2 +- qemu_mode/qemuafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 8d95c359..0fb33ae2 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -ddc4a9748d +d73b0336b4 diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index ddc4a974..d73b0336 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit ddc4a9748d59857753fb33c30a356f354595f36d +Subproject commit d73b0336b451fd034e5f469089fb7ee96c80adf2 -- cgit 1.4.1 From d0390f3b7651efefeecf80ebf2b1a740c077f21f Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 15 Apr 2021 14:42:54 +0200 Subject: fix compcovtest --- qemu_mode/libcompcov/compcovtest.cc | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index d70bba91..8346c5b9 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -20,22 +20,29 @@ // solution: echo -ne 'The quick brown fox jumps over the lazy // dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest +#include "../../include/config.h" + #include #include #include #include -int main() { - - char buffer[44] = {/* zero padding */}; - fread(buffer, 1, sizeof(buffer) - 1, stdin); +int main(int argc, char**argv) { + + static char buffer[MAX_FILE] = {/* zero padding */}; + + FILE* file = stdin; + if (argc > 1) + file = fopen(argv[1], "r"); + + fread(buffer, 1, sizeof(buffer) - 1, file); if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || strncmp(&buffer[20], "jumps over ", 11) != 0 || strcmp(&buffer[31], "the lazy dog") != 0) { - + return 1; - + } uint64_t x = 0; @@ -50,18 +57,18 @@ int main() { fread(&z, sizeof(z), 1, stdin); switch (z) { - + case 0xBEEF: break; default: return 4; - + } printf("Puzzle solved, congrats!\n"); abort(); return 0; - + } - + -- cgit 1.4.1 From 43e16cf13dfffa27f9cde49a3bba026cef96b1c4 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 15 Apr 2021 15:05:14 +0200 Subject: fix compcovtest --- qemu_mode/libcompcov/compcovtest.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'qemu_mode') diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 8346c5b9..6fe501c0 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -29,7 +29,7 @@ int main(int argc, char**argv) { - static char buffer[MAX_FILE] = {/* zero padding */}; + char buffer[44] = {/* zero padding */}; FILE* file = stdin; if (argc > 1) -- cgit 1.4.1 From 45b5e3622e4339b806a8f3d44bcde5c89f58677e Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 15 Apr 2021 15:12:32 +0200 Subject: fix compcovtest --- qemu_mode/libcompcov/compcovtest.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 6fe501c0..69c6aa09 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -46,15 +46,15 @@ int main(int argc, char**argv) { } uint64_t x = 0; - fread(&x, sizeof(x), 1, stdin); + fread(&x, sizeof(x), 1, file); if (x != 0xCAFEBABECAFEBABE) { return 2; } uint32_t y = 0; - fread(&y, sizeof(y), 1, stdin); + fread(&y, sizeof(y), 1, file); if (y != 0xDEADC0DE) { return 3; } uint16_t z = 0; - fread(&z, sizeof(z), 1, stdin); + fread(&z, sizeof(z), 1, file); switch (z) { -- cgit 1.4.1 From e41d1183cca02fb4d6398df4fc3e028dfd9c5f72 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 00:41:32 +0200 Subject: fix nits --- GNUmakefile | 2 +- docs/env_variables.md | 4 ++-- qemu_mode/build_qemu_support.sh | 2 ++ src/afl-fuzz-stats.c | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) (limited to 'qemu_mode') diff --git a/GNUmakefile b/GNUmakefile index a87b2f7b..804bfe08 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -550,7 +550,7 @@ all_done: test_build @test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode for 'afl-cc' successfully built!" || echo "[-] LLVM LTO mode for 'afl-cc' failed to build, this would need LLVM 11+, see instrumentation/README.lto.md how to build it" @test -e afl-gcc-pass.so && echo "[+] gcc_plugin for 'afl-cc' successfully built!" || echo "[-] gcc_plugin for 'afl-cc' failed to build, unless you really need it that is fine - or read instrumentation/README.gcc_plugin.md how to build it" @echo "[+] All done! Be sure to review the README.md - it's pretty short and useful." - @if [ "`uname`" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD for fuzzing software not\nspecific for MacOs.\n\n"; fi + @if [ "`uname`" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD for fuzzing software not\nspecifically for MacOS.\n\n"; fi @! tty <&1 >/dev/null || printf "\033[0;30mNOTE: If you can read this, your terminal probably uses white background.\nThis will make the UI hard to read. See docs/status_screen.md for advice.\033[0m\n" 2>/dev/null .NOTPARALLEL: clean all diff --git a/docs/env_variables.md b/docs/env_variables.md index 1f4dfef9..0100ffac 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -382,8 +382,8 @@ checks or alter some of the more exotic semantics of the tool: may complain of high load prematurely, especially on systems with low core counts. To avoid the alarming red color, you can set `AFL_NO_CPU_RED`. - - In QEMU mode (-Q), Unicorn mode (-U) and Frida mode (-O), `AFL_PATH` will - be searched for afl-qemu-trace. + - In QEMU mode (-Q) and Frida mode (-O), `AFL_PATH` will + be searched for afl-qemu-trace and afl-frida-trace.so. - In QEMU mode (-Q), setting `AFL_QEMU_CUSTOM_BIN` cause afl-fuzz to skip prepending `afl-qemu-trace` to your command line. Use this if you wish to use a diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 38085389..6436d43a 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -360,6 +360,8 @@ if ! command -v "$CROSS" > /dev/null ; then make -C unsigaction && echo "[+] unsigaction ready" echo "[+] Building libqasan ..." make -C libqasan && echo "[+] unsigaction ready" + echo "[+] Building qemu libfuzzer helpers ..." + make -C ../utils/aflpp_driver else echo "[!] Cross compiler $CROSS could not be found, cannot compile libcompcov libqasan and unsigaction" fi diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index a1559eac..52d9de87 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -866,7 +866,7 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->custom_only)) { - strcpy(tmp, "disabled (custom mutator only mode)"); + strcpy(tmp, "disabled (custom-mutator-only mode)"); } else if (likely(afl->skip_deterministic)) { -- cgit 1.4.1 From 624c1dce465ffd8d3971282cf136c3df259f62ec Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 11:38:37 +0200 Subject: fix nits --- qemu_mode/libcompcov/compcovtest.cc | 157 +++++++++++++++++++----------------- 1 file changed, 83 insertions(+), 74 deletions(-) (limited to 'qemu_mode') diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 69c6aa09..b446ebfa 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -1,74 +1,83 @@ -///////////////////////////////////////////////////////////////////////// -// -// Author: Mateusz Jurczyk (mjurczyk@google.com) -// -// Copyright 2019-2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// https://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -// solution: echo -ne 'The quick brown fox jumps over the lazy -// dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest - -#include "../../include/config.h" - -#include -#include -#include -#include - -int main(int argc, char**argv) { - - char buffer[44] = {/* zero padding */}; - - FILE* file = stdin; - if (argc > 1) - file = fopen(argv[1], "r"); - - fread(buffer, 1, sizeof(buffer) - 1, file); - - if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || - strncmp(&buffer[20], "jumps over ", 11) != 0 || - strcmp(&buffer[31], "the lazy dog") != 0) { - - return 1; - - } - - uint64_t x = 0; - fread(&x, sizeof(x), 1, file); - if (x != 0xCAFEBABECAFEBABE) { return 2; } - - uint32_t y = 0; - fread(&y, sizeof(y), 1, file); - if (y != 0xDEADC0DE) { return 3; } - - uint16_t z = 0; - fread(&z, sizeof(z), 1, file); - - switch (z) { - - case 0xBEEF: - break; - - default: - return 4; - - } - - printf("Puzzle solved, congrats!\n"); - abort(); - return 0; - -} - +///////////////////////////////////////////////////////////////////////// +// +// Author: Mateusz Jurczyk (mjurczyk@google.com) +// +// Copyright 2019-2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// solution: echo -ne 'The quick brown fox jumps over the lazy +// dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest + +#include "../../include/config.h" + +#include +#include +#include +#include + +int main(int argc, char **argv) { + + char buffer[44] = {/* zero padding */}; + + FILE *file = stdin; + + if (argc > 1) { + + if ((file = fopen(argv[1], "r")) == NULL) { + + perror(argv[1]); + exit(-1); + + } + + } + + fread(buffer, 1, sizeof(buffer) - 1, file); + + if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || + strncmp(&buffer[20], "jumps over ", 11) != 0 || + strcmp(&buffer[31], "the lazy dog") != 0) { + + return 1; + + } + + uint64_t x = 0; + fread(&x, sizeof(x), 1, file); + if (x != 0xCAFEBABECAFEBABE) { return 2; } + + uint32_t y = 0; + fread(&y, sizeof(y), 1, file); + if (y != 0xDEADC0DE) { return 3; } + + uint16_t z = 0; + fread(&z, sizeof(z), 1, file); + + switch (z) { + + case 0xBEEF: + break; + + default: + return 4; + + } + + printf("Puzzle solved, congrats!\n"); + abort(); + return 0; + +} + -- cgit 1.4.1