From 452067ffca0de664fa4a11211c54f34c3842f20e Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 30 Mar 2020 00:50:04 +0200 Subject: added read_timed --- src/afl-forkserver.c | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) (limited to 'src/afl-forkserver.c') diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 2dd7a9f0..01a606c3 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -164,10 +164,9 @@ static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) { void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) { - struct timeval timeout; - int st_pipe[2], ctl_pipe[2]; - int status; - s32 rlen; + int st_pipe[2], ctl_pipe[2]; + int status; + s32 rlen; if (fsrv->use_fauxsrv) ACTF("Using Fauxserver:"); @@ -318,24 +317,15 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) { rlen = 0; if (fsrv->exec_tmout) { - fd_set readfds; + rlen = 4; + u32 time = read_timed(fsrv->fsrv_st_fd, &status, rlen, + fsrv->exec_tmout * FORK_WAIT_MULT); - FD_ZERO(&readfds); - FD_SET(fsrv->fsrv_st_fd, &readfds); - timeout.tv_sec = ((fsrv->exec_tmout * FORK_WAIT_MULT) / 1000); - timeout.tv_usec = ((fsrv->exec_tmout * FORK_WAIT_MULT) % 1000) * 1000; - - int sret = select(fsrv->fsrv_st_fd + 1, &readfds, NULL, NULL, &timeout); - - if (sret == 0) { + if (!time) { fsrv->child_timed_out = 1; kill(fsrv->child_pid, SIGKILL); - } else { - - rlen = read(fsrv->fsrv_st_fd, &status, 4); - } } else { -- cgit 1.4.1 From b83a2c1a00f6c9e45d6803e2b54dc3a82ffa49fc Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Tue, 31 Mar 2020 04:51:38 +0200 Subject: make travis happy --- include/afl-fuzz.h | 2 -- include/common.h | 3 +++ src/afl-analyze.c | 7 +++---- src/afl-common.c | 6 ++++-- src/afl-forkserver.c | 2 -- src/afl-fuzz-state.c | 2 -- src/afl-fuzz.c | 2 -- src/afl-showmap.c | 5 +---- src/afl-tmin.c | 6 ++---- 9 files changed, 13 insertions(+), 22 deletions(-) (limited to 'src/afl-forkserver.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 47aad5af..357cd854 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -239,8 +239,6 @@ enum { }; -extern u8 *doc_path; /* gath to documentation dir */ - /* Python stuff */ #ifdef USE_PYTHON diff --git a/include/common.h b/include/common.h index c26740ed..c9436e81 100644 --- a/include/common.h +++ b/include/common.h @@ -48,6 +48,9 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv); char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv); char * get_afl_env(char *env); +extern u8 be_quiet; +extern u8 *doc_path; /* path to documentation dir */ + /* Get unix time in milliseconds */ u64 get_cur_time(void); diff --git a/src/afl-analyze.c b/src/afl-analyze.c index d509c43e..473a257d 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -60,10 +60,9 @@ static s32 child_pid; /* PID of the tested program */ u8 *trace_bits; /* SHM with instrumentation bitmap */ static u8 *in_file, /* Analyzer input test case */ - *prog_in, /* Targeted program input file */ - *doc_path; /* Path to docs */ + *prog_in; /* Targeted program input file */ -static u8 *in_data; /* Input data for analysis */ + static u8 *in_data; /* Input data for analysis */ static u32 in_len, /* Input data length */ orig_cksum, /* Original checksum */ @@ -77,7 +76,7 @@ static s32 dev_null_fd = -1; /* FD to /dev/null */ u8 edges_only, /* Ignore hit counts? */ use_hex_offsets, /* Show hex offsets? */ - be_quiet, use_stdin = 1; /* Use stdin for program input? */ + use_stdin = 1; /* Use stdin for program input? */ static volatile u8 stop_soon, /* Ctrl-C pressed? */ child_timed_out; /* Child timed out? */ diff --git a/src/afl-common.c b/src/afl-common.c index c73d8725..920c7dfd 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -38,8 +38,10 @@ #endif #include -extern u8 be_quiet; -char * afl_environment_variables[] = { +u8 be_quiet = 0; +u8 *doc_path = ""; + +char *afl_environment_variables[] = { "AFL_ALIGNED_ALLOC", "AFL_ALLOW_TMP", "AFL_ANALYZE_HEX", "AFL_AS", "AFL_AUTORESUME", "AFL_AS_FORCE_INSTRUMENT", "AFL_BENCH_JUST_ONE", diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 01a606c3..962ca86d 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -49,8 +49,6 @@ /* Describe integer as memory size. */ -extern u8 *doc_path; - list_t fsrv_list = {.element_prealloc_count = 0}; /* Initializes the struct */ diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 1d99e1fa..80176a10 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -34,8 +34,6 @@ char *power_names[POWER_SCHEDULES_NUM] = { "explore", "fast", "coe", "lin", "quad", "exploit", "mmopt", "rare"}; -u8 *doc_path = NULL; /* gath to documentation dir */ - /* Initialize MOpt "globals" for this afl state */ static void init_mopt_globals(afl_state_t *afl) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index ba56ff67..617a42ec 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -25,8 +25,6 @@ #include "afl-fuzz.h" -u8 be_quiet = 0; - static u8 *get_libradamsa_path(u8 *own_loc) { u8 *tmp, *cp, *rsl, *own_copy; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index eaab5c31..f8a38c36 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -59,13 +59,10 @@ #include #include -u8 be_quiet; - char *stdin_file; /* stdin file */ u8 *in_dir, /* input folder */ - *doc_path, /* Path to docs */ - *at_file = NULL; /* Substitution string for @@ */ + *at_file = NULL; /* Substitution string for @@ */ static u8 *in_data; /* Input data */ diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 2275aef5..8a5e3eef 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -61,8 +61,7 @@ static u8 *mask_bitmap; /* Mask for trace bits (-B) */ u8 *in_file, /* Minimizer input test case */ - *output_file, /* Minimizer output file */ - *doc_path; /* Path to docs */ + *output_file; /* Minimizer output file */ static u8 *in_data; /* Input data for trimming */ @@ -77,8 +76,7 @@ u8 crash_mode, /* Crash-centric mode? */ hang_mode, /* Minimize as long as it hangs */ exit_crash, /* Treat non-zero exit as crash? */ edges_only, /* Ignore hit counts? */ - exact_mode, /* Require path match for crashes? */ - be_quiet; + exact_mode; /* Require path match for crashes? */ static volatile u8 stop_soon; /* Ctrl-C pressed? */ -- cgit 1.4.1 From a0693d466cdb298e2990e6f343745afc95ea4149 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Wed, 1 Apr 2020 01:24:44 +0200 Subject: try to fix forkserver --- Makefile | 4 ++-- src/afl-forkserver.c | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'src/afl-forkserver.c') diff --git a/Makefile b/Makefile index aaeb136c..f615c7dd 100644 --- a/Makefile +++ b/Makefile @@ -153,8 +153,8 @@ endif ifdef ASAN_BUILD $(info Compiling ASAN version of binaries) - CFLAGS+=-fsanitize=address - LDFLAGS+=-fsanitize=address + CFLAGS+=-fsanitize=address -fstack-protector-strong + LDFLAGS+=-fsanitize=address -fstack-protector-strong endif ifdef PROFILING diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 962ca86d..a863efcc 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -319,10 +319,15 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) { u32 time = read_timed(fsrv->fsrv_st_fd, &status, rlen, fsrv->exec_tmout * FORK_WAIT_MULT); - if (!time) { + if (time > fsrv->exec_tmout * FORK_WAIT_MULT) { fsrv->child_timed_out = 1; - kill(fsrv->child_pid, SIGKILL); + kill(fsrv->fsrv_pid, SIGKILL); + + } + if (!time) { + + kill(fsrv->fsrv_pid, SIGKILL); } -- cgit 1.4.1 From 25d6d216176ab83e43f3c924327b5f366e1ebe9c Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Wed, 1 Apr 2020 02:00:03 +0200 Subject: code format --- src/afl-analyze.c | 2 +- src/afl-forkserver.c | 5 +---- src/afl-fuzz-run.c | 2 +- 3 files changed, 3 insertions(+), 6 deletions(-) (limited to 'src/afl-forkserver.c') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 473a257d..427fbe6d 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -62,7 +62,7 @@ u8 *trace_bits; /* SHM with instrumentation bitmap */ static u8 *in_file, /* Analyzer input test case */ *prog_in; /* Targeted program input file */ - static u8 *in_data; /* Input data for analysis */ +static u8 *in_data; /* Input data for analysis */ static u32 in_len, /* Input data length */ orig_cksum, /* Original checksum */ diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index a863efcc..11b359da 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -325,11 +325,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv) { kill(fsrv->fsrv_pid, SIGKILL); } - if (!time) { - kill(fsrv->fsrv_pid, SIGKILL); - - } + if (!time) { kill(fsrv->fsrv_pid, SIGKILL); } } else { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 08d8b615..2caea123 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -167,7 +167,7 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) { s32 fd = afl->fsrv.out_fd; #ifdef _AFL_DOCUMENT_MUTATIONS - s32 doc_fd; + s32 doc_fd; char fn[PATH_MAX]; snprintf(fn, PATH_MAX, ("%s/mutations/%09u:%s", afl->out_dir, afl->document_counter++, describe_op(afl, 0)); -- cgit 1.4.1