From b83a2c1a00f6c9e45d6803e2b54dc3a82ffa49fc Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Tue, 31 Mar 2020 04:51:38 +0200 Subject: make travis happy --- src/afl-fuzz.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index ba56ff67..617a42ec 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -25,8 +25,6 @@ #include "afl-fuzz.h" -u8 be_quiet = 0; - static u8 *get_libradamsa_path(u8 *own_loc) { u8 *tmp, *cp, *rsl, *own_copy; -- cgit 1.4.1 From 24b9eddc7edd7beb81cfa2bc445b8e8d6a05b184 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 1 Apr 2020 12:19:54 +0200 Subject: disable memory limits for ASAN build --- Makefile | 2 +- src/afl-fuzz.c | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'src/afl-fuzz.c') diff --git a/Makefile b/Makefile index f615c7dd..5023a72f 100644 --- a/Makefile +++ b/Makefile @@ -153,7 +153,7 @@ endif ifdef ASAN_BUILD $(info Compiling ASAN version of binaries) - CFLAGS+=-fsanitize=address -fstack-protector-strong + CFLAGS+=-fsanitize=address -fstack-protector-strong -D_ASAN_BUILD=1 LDFLAGS+=-fsanitize=address -fstack-protector-strong endif diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 617a42ec..64644b64 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -721,6 +721,13 @@ int main(int argc, char **argv_orig, char **envp) { } +#ifdef _ASAN_BUILD + if (!afl->fsrv.mem_limit) { + WARNF("in the ASAN build we disable all memory limits"); + afl->fsrv.mem_limit = 0; + } +#endif + setup_signal_handlers(); check_asan_opts(); -- cgit 1.4.1 From 29b1e30126a40d86d1e349aa213cdca6728f7666 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Wed, 1 Apr 2020 12:43:26 +0200 Subject: fixed asan mem limit --- Makefile | 2 +- src/afl-fuzz.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/Makefile b/Makefile index 5023a72f..f615c7dd 100644 --- a/Makefile +++ b/Makefile @@ -153,7 +153,7 @@ endif ifdef ASAN_BUILD $(info Compiling ASAN version of binaries) - CFLAGS+=-fsanitize=address -fstack-protector-strong -D_ASAN_BUILD=1 + CFLAGS+=-fsanitize=address -fstack-protector-strong LDFLAGS+=-fsanitize=address -fstack-protector-strong endif diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 64644b64..68392b05 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -721,7 +721,7 @@ int main(int argc, char **argv_orig, char **envp) { } -#ifdef _ASAN_BUILD +#if defined(__SANITIZE_ADDRESS__) if (!afl->fsrv.mem_limit) { WARNF("in the ASAN build we disable all memory limits"); afl->fsrv.mem_limit = 0; -- cgit 1.4.1 From e95ac10ff766cd053ba545b1efafbc698fe4fc18 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 1 Apr 2020 12:52:54 +0200 Subject: fix ASAN check --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 68392b05..6e86285d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -722,7 +722,7 @@ int main(int argc, char **argv_orig, char **envp) { } #if defined(__SANITIZE_ADDRESS__) - if (!afl->fsrv.mem_limit) { + if (afl->fsrv.mem_limit) { WARNF("in the ASAN build we disable all memory limits"); afl->fsrv.mem_limit = 0; } -- cgit 1.4.1 From 7114663f52f095d549e438e7e1b091b172c6627f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 2 Apr 2020 16:41:33 +0200 Subject: small enhancements and code-format --- include/afl-fuzz.h | 6 +++--- include/list.h | 35 +++++++++++++++++------------------ src/afl-fuzz-stats.c | 26 +++++++++++++++----------- src/afl-fuzz.c | 6 +++++- 4 files changed, 40 insertions(+), 33 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index a9165064..56135d0e 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -935,13 +935,13 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len, static inline u32 rand_below(afl_state_t *afl, u32 limit) { #ifdef HAVE_ARC4RANDOM - if (afl->fixed_seed) { return random() % limit; } + if (unlikely(afl->fixed_seed)) { return random() % limit; } /* The boundary not being necessarily a power of 2, we need to ensure the result uniformity. */ return arc4random_uniform(limit); #else - if (!afl->fixed_seed && unlikely(!afl->rand_cnt--)) { + if (unlikely(!afl->rand_cnt--) && likely(!afl->fixed_seed)) { ck_read(afl->fsrv.dev_urandom_fd, &afl->rand_seed, sizeof(afl->rand_seed), "/dev/urandom"); @@ -957,7 +957,7 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) { static inline u32 get_rand_seed(afl_state_t *afl) { - if (afl->fixed_seed) return (u32)afl->init_seed; + if (unlikely(afl->fixed_seed)) return (u32)afl->init_seed; return afl->rand_seed[0]; } diff --git a/include/list.h b/include/list.h index d9cd9d34..e93b4e8f 100644 --- a/include/list.h +++ b/include/list.h @@ -98,24 +98,23 @@ static inline void list_append(list_t *list, void *el) { A return from this block will return from calling func. */ -#define LIST_FOREACH(list, type, block) \ - do { \ - \ - list_t * li = (list); \ - element_t *head = get_head((li)); \ - element_t *el_box = (head)->next; \ - if (!el_box) FATAL("foreach over uninitialized list"); \ - while (el_box != head) { \ - \ - __attribute__((unused)) \ - type *el = (type *)((el_box)->data); \ - /* get next so el_box can be unlinked */ \ - element_t *next = el_box->next; \ - {block}; \ - el_box = next; \ - \ - } \ - \ +#define LIST_FOREACH(list, type, block) \ + do { \ + \ + list_t * li = (list); \ + element_t *head = get_head((li)); \ + element_t *el_box = (head)->next; \ + if (!el_box) FATAL("foreach over uninitialized list"); \ + while (el_box != head) { \ + \ + __attribute__((unused)) type *el = (type *)((el_box)->data); \ + /* get next so el_box can be unlinked */ \ + element_t *next = el_box->next; \ + {block}; \ + el_box = next; \ + \ + } \ + \ } while (0); /* In foreach: remove the current el from the list */ diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 98a97a34..169dbf2a 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -36,6 +36,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability, u8 fn[PATH_MAX]; s32 fd; FILE * f; + uint32_t t_bytes = count_non_255_bytes(afl->virgin_bits); snprintf(fn, PATH_MAX, "%s/fuzzer_stats", afl->out_dir); @@ -97,6 +98,8 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability, "exec_timeout : %u\n" "slowest_exec_ms : %u\n" "peak_rss_mb : %lu\n" + "var_byte_count : %u\n" + "found_edges : %u\n" "afl_banner : %s\n" "afl_version : " VERSION "\n" @@ -119,9 +122,10 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability, #else (unsigned long int)(rus.ru_maxrss >> 10), #endif - afl->use_banner, afl->unicorn_mode ? "unicorn" : "", - afl->qemu_mode ? "qemu " : "", afl->dumb_mode ? " dumb " : "", - afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "", + afl->var_byte_count, t_bytes, afl->use_banner, + afl->unicorn_mode ? "unicorn" : "", afl->qemu_mode ? "qemu " : "", + afl->dumb_mode ? " dumb " : "", afl->no_forkserver ? "no_fsrv " : "", + afl->crash_mode ? "crash " : "", afl->persistent_mode ? "persistent " : "", afl->deferred_mode ? "deferred " : "", (afl->unicorn_mode || afl->qemu_mode || afl->dumb_mode || @@ -257,7 +261,7 @@ void show_stats(afl_state_t *afl) { t_byte_ratio = ((double)t_bytes * 100) / MAP_SIZE; if (t_bytes) - stab_ratio = 100 - ((double)afl->var_byte_count) * 100 / t_bytes; + stab_ratio = 100 - (((double)afl->var_byte_count) * 100) / t_bytes; else stab_ratio = 100; @@ -361,9 +365,9 @@ void show_stats(afl_state_t *afl) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (afl->dumb_mode) { @@ -445,9 +449,9 @@ void show_stats(afl_state_t *afl) { " uniq hangs : " cRST "%-6s" bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA - " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); + " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -476,9 +480,9 @@ void show_stats(afl_state_t *afl) { SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), ((double)afl->queued_favored) * 100 / afl->queued_paths); @@ -552,7 +556,7 @@ void show_stats(afl_state_t *afl) { /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP + SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 6e86285d..ad4f5b6b 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -691,6 +691,7 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->fixed_seed) OKF("Running with fixed seed: %u", (u32)afl->init_seed); srandom((u32)afl->init_seed); + srand((u32)afl->init_seed); // in case it is a different implementation if (afl->use_radamsa) { @@ -721,11 +722,14 @@ int main(int argc, char **argv_orig, char **envp) { } -#if defined(__SANITIZE_ADDRESS__) +#if defined(__SANITIZE_ADDRESS__) if (afl->fsrv.mem_limit) { + WARNF("in the ASAN build we disable all memory limits"); afl->fsrv.mem_limit = 0; + } + #endif setup_signal_handlers(); -- cgit 1.4.1