From 6f5746d42878207b5d17af71317220932a42ebd7 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Fri, 29 Jan 2021 15:38:49 +0100 Subject: AFL_USE_QASAN --- src/afl-fuzz.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index e856730e..54850173 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -326,8 +326,32 @@ int main(int argc, char **argv_orig, char **envp) { "compile time)"); } - #endif + + if (getenv("AFL_USE_QASAN")) { + + u8* preload = getenv("AFL_PRELOAD"); + u8* libqasan = get_libqasan_path(argv_orig[0]); + + if (!preload) { + + setenv("AFL_PRELOAD", libqasan, 0); + + } else { + + u8 *result = ck_alloc(strlen(libqasan) + strlen(preload) + 2); + strcpy(result, libqasan); + strcat(result, " "); + strcat(result, preload); + + setenv("AFL_PRELOAD", result, 1); + ck_free(result); + + } + + ck_free(libqasan); + + } char **argv = argv_cpy_dup(argc, argv_orig); @@ -1245,7 +1269,7 @@ int main(int argc, char **argv_orig, char **envp) { "instead of using AFL_PRELOAD?"); } - + if (afl->afl_env.afl_preload) { if (afl->fsrv.qemu_mode) { @@ -1297,7 +1321,7 @@ int main(int argc, char **argv_orig, char **envp) { FATAL("Use AFL_PRELOAD instead of AFL_LD_PRELOAD"); } - + save_cmdline(afl, argc, argv); fix_up_banner(afl, argv[optind]); -- cgit 1.4.1 From 29c1131fe0851d518d06c9ec8c808098dacb12fb Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Fri, 29 Jan 2021 18:32:28 +0100 Subject: working AFL_USE_QASAN --- qemu_mode/libqasan/README.md | 5 ++++- src/afl-fuzz.c | 51 ++++++++++++++++++++++---------------------- 2 files changed, 30 insertions(+), 26 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/qemu_mode/libqasan/README.md b/qemu_mode/libqasan/README.md index 1333ed77..399ebeee 100644 --- a/qemu_mode/libqasan/README.md +++ b/qemu_mode/libqasan/README.md @@ -1 +1,4 @@ -TODO +# QEMU AddressSanitizer Runtime + +This library is the injected runtime used by QEMU AddressSanitizer (QASan). + diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 54850173..312d9424 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -328,31 +328,6 @@ int main(int argc, char **argv_orig, char **envp) { } #endif - if (getenv("AFL_USE_QASAN")) { - - u8* preload = getenv("AFL_PRELOAD"); - u8* libqasan = get_libqasan_path(argv_orig[0]); - - if (!preload) { - - setenv("AFL_PRELOAD", libqasan, 0); - - } else { - - u8 *result = ck_alloc(strlen(libqasan) + strlen(preload) + 2); - strcpy(result, libqasan); - strcat(result, " "); - strcat(result, preload); - - setenv("AFL_PRELOAD", result, 1); - ck_free(result); - - } - - ck_free(libqasan); - - } - char **argv = argv_cpy_dup(argc, argv_orig); afl_state_t *afl = calloc(1, sizeof(afl_state_t)); @@ -1009,6 +984,32 @@ int main(int argc, char **argv_orig, char **envp) { usage(argv[0], show_help); } + + if (afl->fsrv.qemu_mode && getenv("AFL_USE_QASAN")) { + + u8* preload = getenv("AFL_PRELOAD"); + u8* libqasan = get_libqasan_path(argv_orig[0]); + + if (!preload) { + + setenv("AFL_PRELOAD", libqasan, 0); + + } else { + + u8 *result = ck_alloc(strlen(libqasan) + strlen(preload) + 2); + strcpy(result, libqasan); + strcat(result, " "); + strcat(result, preload); + + setenv("AFL_PRELOAD", result, 1); + ck_free(result); + + } + + afl->afl_env.afl_preload = (u8 *)getenv("AFL_PRELOAD"); + ck_free(libqasan); + + } if (afl->fsrv.mem_limit && afl->shm.cmplog_mode) afl->fsrv.mem_limit += 260; -- cgit 1.4.1