From 7119bf5d860657dab7afb60fab8b7ad5dc0ef222 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 22 Jun 2020 21:58:16 +0200 Subject: Added rand, hash unittests --- src/afl-performance.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'src/afl-performance.c') diff --git a/src/afl-performance.c b/src/afl-performance.c index 8efefcd8..757bbe1e 100644 --- a/src/afl-performance.c +++ b/src/afl-performance.c @@ -33,6 +33,16 @@ static inline uint64_t rotl(const uint64_t x, int k) { } +void rand_set_seed(afl_state_t *afl, s64 init_seed) { + + afl->init_seed = init_seed; + afl->rand_seed[0] = hash64((void *)&afl->init_seed, sizeof(afl->init_seed), HASH_CONST); + afl->rand_seed[1] = afl->rand_seed[0] ^ 0x1234567890abcdef; + afl->rand_seed[2] = afl->rand_seed[0] & 0x0123456789abcdef; + afl->rand_seed[3] = afl->rand_seed[0] | 0x01abcde43f567908; + +} + uint64_t rand_next(afl_state_t *afl) { const uint64_t result = -- cgit 1.4.1 From 49a769ac06c78b90882a646f1bcf60248e584b5f Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 23 Jun 2020 21:23:10 +0200 Subject: lto whitelist in test.sh --- libdislocator/libdislocator.so.c | 4 ++-- libtokencap/libtokencap.so.c | 13 ++++++------ llvm_mode/LLVMInsTrim.so.cc | 1 + llvm_mode/afl-llvm-lto-instrim.so.cc | 2 ++ llvm_mode/afl-llvm-lto-instrumentation.so.cc | 3 ++- llvm_mode/afl-llvm-lto-whitelist.so.cc | 1 + llvm_mode/afl-llvm-pass.so.cc | 1 + src/afl-performance.c | 3 ++- test/test.sh | 31 ++++++++++++++-------------- 9 files changed, 33 insertions(+), 26 deletions(-) (limited to 'src/afl-performance.c') diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index 063e3590..7a70fd15 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -40,8 +40,8 @@ #if (defined(__linux__) && !defined(__ANDROID__)) || defined(__HAIKU__) #include #ifdef __linux__ - #include - #include + #include + #include #endif #ifdef __NR_getrandom #define arc4random_buf(p, l) \ diff --git a/libtokencap/libtokencap.so.c b/libtokencap/libtokencap.so.c index 88b5c041..600d2a5d 100644 --- a/libtokencap/libtokencap.so.c +++ b/libtokencap/libtokencap.so.c @@ -33,7 +33,7 @@ #include "../types.h" #include "../config.h" -#if !defined __linux__ && !defined __APPLE__ && !defined __FreeBSD__ && \ +#if !defined __linux__ && !defined __APPLE__ && !defined __FreeBSD__ && \ !defined __OpenBSD__ && !defined __NetBSD__ && !defined __DragonFly__ && \ !defined(__HAIKU__) #error "Sorry, this library is unsupported in this platform for now!" @@ -233,18 +233,19 @@ static void __tokencap_load_mappings(void) { } munmap(buf, len); - #elif defined __HAIKU__ +#elif defined __HAIKU__ image_info ii; - int32_t group = 0; + int32_t group = 0; while (get_next_image_info(0, &group, &ii) == B_OK) { - __tokencap_ro[__tokencap_ro_cnt].st = ii.text; - __tokencap_ro[__tokencap_ro_cnt].en = ((char *)ii.text) + ii.text_size; + __tokencap_ro[__tokencap_ro_cnt].st = ii.text; + __tokencap_ro[__tokencap_ro_cnt].en = ((char *)ii.text) + ii.text_size; - if (++__tokencap_ro_cnt == MAX_MAPPINGS) break; + if (++__tokencap_ro_cnt == MAX_MAPPINGS) break; } + #endif } diff --git a/llvm_mode/LLVMInsTrim.so.cc b/llvm_mode/LLVMInsTrim.so.cc index ced1f383..991127a7 100644 --- a/llvm_mode/LLVMInsTrim.so.cc +++ b/llvm_mode/LLVMInsTrim.so.cc @@ -103,6 +103,7 @@ struct InsTrim : public ModulePass { bool runOnModule(Module &M) override { char be_quiet = 0; + setvbuf(stdout, NULL, _IONBF, 0); if ((isatty(2) && !getenv("AFL_QUIET")) || getenv("AFL_DEBUG") != NULL) { diff --git a/llvm_mode/afl-llvm-lto-instrim.so.cc b/llvm_mode/afl-llvm-lto-instrim.so.cc index 27504e8d..5f9731c2 100644 --- a/llvm_mode/afl-llvm-lto-instrim.so.cc +++ b/llvm_mode/afl-llvm-lto-instrim.so.cc @@ -113,6 +113,8 @@ struct InsTrimLTO : public ModulePass { char be_quiet = 0; char *ptr; + setvbuf(stdout, NULL, _IONBF, 0); + if ((isatty(2) && !getenv("AFL_QUIET")) || getenv("AFL_DEBUG") != NULL) { SAYF(cCYA "InsTrimLTO" VERSION cRST diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index cbe68171..0d3015d7 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -109,6 +109,7 @@ bool AFLLTOPass::runOnModule(Module &M) { IntegerType *Int64Ty = IntegerType::getInt64Ty(C); /* Show a banner */ + setvbuf(stdout, NULL, _IONBF, 0); if ((isatty(2) && !getenv("AFL_QUIET")) || debug) { @@ -162,7 +163,7 @@ bool AFLLTOPass::runOnModule(Module &M) { } - if (debug) { fprintf(stderr, "map address is %lu\n", map_addr); } + if (debug) { fprintf(stderr, "map address is 0x%lx\n", map_addr); } /* Get/set the globals for the SHM region. */ diff --git a/llvm_mode/afl-llvm-lto-whitelist.so.cc b/llvm_mode/afl-llvm-lto-whitelist.so.cc index 33d40da8..b1f791f4 100644 --- a/llvm_mode/afl-llvm-lto-whitelist.so.cc +++ b/llvm_mode/afl-llvm-lto-whitelist.so.cc @@ -111,6 +111,7 @@ bool AFLwhitelist::runOnModule(Module &M) { /* Show a banner */ char be_quiet = 0; + setvbuf(stdout, NULL, _IONBF, 0); if ((isatty(2) && !getenv("AFL_QUIET")) || getenv("AFL_DEBUG") != NULL) { diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc index 82dece75..7997df51 100644 --- a/llvm_mode/afl-llvm-pass.so.cc +++ b/llvm_mode/afl-llvm-pass.so.cc @@ -140,6 +140,7 @@ bool AFLCoverage::runOnModule(Module &M) { /* Show a banner */ char be_quiet = 0; + setvbuf(stdout, NULL, _IONBF, 0); if (getenv("AFL_DEBUG")) debug = 1; diff --git a/src/afl-performance.c b/src/afl-performance.c index 757bbe1e..a3febdbf 100644 --- a/src/afl-performance.c +++ b/src/afl-performance.c @@ -36,7 +36,8 @@ static inline uint64_t rotl(const uint64_t x, int k) { void rand_set_seed(afl_state_t *afl, s64 init_seed) { afl->init_seed = init_seed; - afl->rand_seed[0] = hash64((void *)&afl->init_seed, sizeof(afl->init_seed), HASH_CONST); + afl->rand_seed[0] = + hash64((void *)&afl->init_seed, sizeof(afl->init_seed), HASH_CONST); afl->rand_seed[1] = afl->rand_seed[0] ^ 0x1234567890abcdef; afl->rand_seed[2] = afl->rand_seed[0] & 0x0123456789abcdef; afl->rand_seed[3] = afl->rand_seed[0] | 0x01abcde43f567908; diff --git a/test/test.sh b/test/test.sh index 109f21cc..0cf796be 100755 --- a/test/test.sh +++ b/test/test.sh @@ -459,24 +459,23 @@ test -e ../afl-clang-lto -a -e ../afl-llvm-lto-instrumentation.so && { } rm -f test-instr.plain -# Disabled whitelist until I have a different solution -mh -# echo foobar.c > whitelist.txt -# AFL_LLVM_WHITELIST=whitelist.txt ../afl-clang-lto -o test-compcov test-compcov.c > test.out 2>&1 -# test -e test-compcov && { -# grep -q "No instrumentation targets found" test.out && { -# $ECHO "$GREEN[+] llvm_mode LTO whitelist feature works correctly" -# } || { -# $ECHO "$RED[!] llvm_mode LTO whitelist feature failed" -# CODE=1 -# } -# } || { -# $ECHO "$RED[!] llvm_mode LTO whitelist feature compilation failed" -# CODE=1 -# } -# rm -f test-compcov test.out whitelist.txt + echo foobar.c > whitelist.txt + AFL_DEBUG=1 AFL_LLVM_WHITELIST=whitelist.txt ../afl-clang-lto -o test-compcov test-compcov.c > test.out 2>&1 + test -e test-compcov && { + grep -q "No instrumentation targets found" test.out && { + $ECHO "$GREEN[+] llvm_mode LTO whitelist feature works correctly" + } || { + $ECHO "$RED[!] llvm_mode LTO whitelist feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode LTO whitelist feature compilation failed" + CODE=1 + } + rm -f test-compcov test.out whitelist.txt ../afl-clang-lto -o test-persistent ../examples/persistent_demo/persistent_demo.c > /dev/null 2>&1 test -e test-persistent && { - echo foo | ../afl-showmap -o /dev/null -q -r ./test-persistent && { + echo foo | ../afl-showmap -m none -o /dev/null -q -r ./test-persistent && { $ECHO "$GREEN[+] llvm_mode LTO persistent mode feature works correctly" } || { $ECHO "$RED[!] llvm_mode LTO persistent mode feature failed to work" -- cgit 1.4.1 From c25a602a0370f484e32adbf186290d2504cf3f12 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 28 Jun 2020 23:47:57 +0200 Subject: less problematic definitions --- examples/aflpp_driver/GNUmakefile | 10 +++++++--- examples/aflpp_driver/aflpp_driver.cpp | 2 +- examples/aflpp_driver/aflpp_driver_test.cpp | 2 +- include/afl-prealloc.h | 2 +- include/alloc-inl.h | 6 +++--- include/hash.h | 4 ++-- src/afl-performance.c | 10 +++++++--- 7 files changed, 22 insertions(+), 14 deletions(-) (limited to 'src/afl-performance.c') diff --git a/examples/aflpp_driver/GNUmakefile b/examples/aflpp_driver/GNUmakefile index bd568224..a993c8a9 100644 --- a/examples/aflpp_driver/GNUmakefile +++ b/examples/aflpp_driver/GNUmakefile @@ -18,8 +18,11 @@ libAFLDriver.a: aflpp_driver.o ar ru libAFLDriver.a aflpp_driver.o debug: + $(LLVM_BINDIR)clang++ -Wno-deprecated -I../../include $(FLAGS) -D_DEBUG=\"1\" -c -o afl-performance.o ../../src/afl-performance.c $(LLVM_BINDIR)clang++ -I../../include -D_DEBUG=\"1\" -g -stdlib=libc++ -funroll-loops -std=c++11 -c aflpp_driver.cpp - ar ru libAFLDriver.a aflpp_driver.o + #$(LLVM_BINDIR)clang++ -S -emit-llvm -Wno-deprecated -I../../include $(FLAGS) -D_DEBUG=\"1\" -c -o afl-performance.ll ../../src/afl-performance.c + #$(LLVM_BINDIR)clang++ -S -emit-llvm -I../../include -D_DEBUG=\"1\" -g -stdlib=libc++ -funroll-loops -std=c++11 -c aflpp_driver.cpp + ar ru libAFLDriver.a afl-performance.o aflpp_driver.o aflpp_qemu_driver.o: aflpp_qemu_driver.c $(LLVM_BINDIR)clang $(FLAGS) -O0 -funroll-loops -c aflpp_qemu_driver.c @@ -33,8 +36,9 @@ aflpp_qemu_driver_hook.so: aflpp_qemu_driver_hook.o aflpp_qemu_driver_hook.o: aflpp_qemu_driver_hook.c $(LLVM_BINDIR)clang -fPIC $(FLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c -test: libAFLDriver.a aflpp_driver_test.cpp - afl-clang-fast++ -I../../include -Wl,--allow-multiple-definition -stdlib=libc++ -funroll-loops -std=c++11 -o aflpp_driver_test aflpp_driver_test.cpp libAFLDriver.a +test: debug + #clang++ -S -emit-llvm -D_DEBUG=\"1\" -I../../include -Wl,--allow-multiple-definition -stdlib=libc++ -funroll-loops -std=c++11 -o aflpp_driver_test.ll aflpp_driver_test.cpp + afl-clang-fast++ -D_DEBUG=\"1\" -I../../include -Wl,--allow-multiple-definition -stdlib=libc++ -funroll-loops -std=c++11 -o aflpp_driver_test aflpp_driver_test.cpp libAFLDriver.a clean: rm -f *.o libAFLDriver*.a libAFLQemuDriver.a aflpp_qemu_driver_hook.so *~ core aflpp_driver_test diff --git a/examples/aflpp_driver/aflpp_driver.cpp b/examples/aflpp_driver/aflpp_driver.cpp index a1eab178..d6163bdf 100644 --- a/examples/aflpp_driver/aflpp_driver.cpp +++ b/examples/aflpp_driver/aflpp_driver.cpp @@ -277,7 +277,7 @@ int main(int argc, char **argv) { int num_runs = 0; while (__afl_persistent_loop(N)) { #ifdef _DEBUG - fprintf(stderr, "CLIENT crc: %08x len: %u\n", hash64(__afl_fuzz_ptr, *__afl_fuzz_len, 0xa5b35705), *__afl_fuzz_len); + fprintf(stderr, "CLIENT crc: %016llx len: %u\n", hash64(__afl_fuzz_ptr, *__afl_fuzz_len, 0xa5b35705), *__afl_fuzz_len); fprintf(stderr, "RECV:"); for (int i = 0; i < *__afl_fuzz_len; i++) fprintf(stderr, "%02x", __afl_fuzz_ptr[i]); diff --git a/examples/aflpp_driver/aflpp_driver_test.cpp b/examples/aflpp_driver/aflpp_driver_test.cpp index 799c743d..13dc09b9 100644 --- a/examples/aflpp_driver/aflpp_driver_test.cpp +++ b/examples/aflpp_driver/aflpp_driver_test.cpp @@ -5,7 +5,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { - fprintf(stderr, "FUNC crc: %08x len: %lu\n", hash32(Data, Size, 0xa5b35705), Size); + fprintf(stderr, "FUNC crc: %016llx len: %lu\n", hash64((u8*)Data, (unsigned int) Size, (unsigned long long int) 0xa5b35705), Size); if (Size < 5) return 0; diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h index 5e5d7b85..a9de3ba2 100644 --- a/include/afl-prealloc.h +++ b/include/afl-prealloc.h @@ -60,7 +60,7 @@ typedef enum prealloc_status { \ if ((prealloc_counter) >= (prealloc_size)) { \ \ - el_ptr = malloc(sizeof(*el_ptr)); \ + el_ptr = (element_t *) malloc(sizeof(*el_ptr)); \ if (!el_ptr) { FATAL("error in list.h -> out of memory for element!"); } \ el_ptr->pre_status = PRE_STATUS_MALLOC; \ \ diff --git a/include/alloc-inl.h b/include/alloc-inl.h index ca593549..decc2d43 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -170,10 +170,10 @@ static inline u8 *DFL_ck_strdup(u8 *str) { size = strlen((char *)str) + 1; ALLOC_CHECK_SIZE(size); - ret = malloc(size); + ret = (u8*) malloc(size); ALLOC_CHECK_RESULT(ret, size); - return memcpy(ret, str, size); + return (u8*)memcpy(ret, str, size); } @@ -204,7 +204,7 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) { if (!mem || !size) { return NULL; } ALLOC_CHECK_SIZE(size); - ret = malloc(size + 1); + ret = (u8*) malloc(size + 1); ALLOC_CHECK_RESULT(ret, size); memcpy(ret, mem, size); diff --git a/include/hash.h b/include/hash.h index 6910e0e2..9d42e44b 100644 --- a/include/hash.h +++ b/include/hash.h @@ -30,8 +30,8 @@ #include "types.h" -u32 hash32(const void *key, u32 len, u32 seed); -u64 hash64(const void *key, u32 len, u64 seed); +u32 hash32(u8 *key, u32 len, u32 seed); +u64 hash64(u8 *key, u32 len, u64 seed); #if 0 diff --git a/src/afl-performance.c b/src/afl-performance.c index a3febdbf..b3d30cbd 100644 --- a/src/afl-performance.c +++ b/src/afl-performance.c @@ -37,7 +37,7 @@ void rand_set_seed(afl_state_t *afl, s64 init_seed) { afl->init_seed = init_seed; afl->rand_seed[0] = - hash64((void *)&afl->init_seed, sizeof(afl->init_seed), HASH_CONST); + hash64((u8 *)&afl->init_seed, sizeof(afl->init_seed), HASH_CONST); afl->rand_seed[1] = afl->rand_seed[0] ^ 0x1234567890abcdef; afl->rand_seed[2] = afl->rand_seed[0] & 0x0123456789abcdef; afl->rand_seed[3] = afl->rand_seed[0] | 0x01abcde43f567908; @@ -141,13 +141,17 @@ void long_jump(afl_state_t *afl) { /* we switch from afl's murmur implementation to xxh3 as it is 30% faster - and get 64 bit hashes instead of just 32 bit. Less collisions! :-) */ -u32 inline hash32(const void *key, u32 len, u32 seed) { +u32 inline hash32(void *key, u32 len, u32 seed) { return (u32)XXH64(key, len, seed); } -u64 inline hash64(const void *key, u32 len, u64 seed) { +#ifdef _DEBUG +u64 hash64(u8 *key, u32 len, u64 seed) { +#else +u64 inline hash64(u8 *key, u32 len, u64 seed) { +#endif return XXH64(key, len, seed); -- cgit 1.4.1 From 6d0f086d9cb1b8eedbeb4c9654f9e44870460e8d Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 28 Jun 2020 23:50:25 +0200 Subject: less problematic definitions --- include/hash.h | 2 +- src/afl-performance.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'src/afl-performance.c') diff --git a/include/hash.h b/include/hash.h index 9d42e44b..9319ab95 100644 --- a/include/hash.h +++ b/include/hash.h @@ -41,7 +41,7 @@ The following code is disabled because xxh3 is 30% faster #define ROL64(_x, _r) ((((u64)(_x)) << (_r)) | (((u64)(_x)) >> (64 - (_r)))) -static inline u32 hash32(const void *key, u32 len, u32 seed) { +static inline u32 hash32(u8 *key, u32 len, u32 seed) { const u64 *data = (u64 *)key; u64 h1 = seed ^ len; diff --git a/src/afl-performance.c b/src/afl-performance.c index b3d30cbd..0832dc39 100644 --- a/src/afl-performance.c +++ b/src/afl-performance.c @@ -141,7 +141,11 @@ void long_jump(afl_state_t *afl) { /* we switch from afl's murmur implementation to xxh3 as it is 30% faster - and get 64 bit hashes instead of just 32 bit. Less collisions! :-) */ -u32 inline hash32(void *key, u32 len, u32 seed) { +#ifdef _DEBUG +u32 hash32(u8 *key, u32 len, u32 seed) { +#else +u32 inline hash32(u8 *key, u32 len, u32 seed) { +#endif return (u32)XXH64(key, len, seed); -- cgit 1.4.1 From e5e485fcdb039fc77842b0753a4adf42d6063388 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 29 Jun 2020 00:58:05 +0200 Subject: fix autodict --- GNUmakefile | 4 +-- examples/persistent_demo/persistent_demo_new.c | 4 +++ include/afl-prealloc.h | 2 +- include/alloc-inl.h | 6 ++--- llvm_mode/afl-llvm-rt.o.c | 6 +++++ src/afl-forkserver.c | 36 ++++++++++++++++---------- src/afl-fuzz-run.c | 26 ++++++++++++------- src/afl-performance.c | 4 +++ src/afl-showmap.c | 4 ++- 9 files changed, 62 insertions(+), 30 deletions(-) (limited to 'src/afl-performance.c') diff --git a/GNUmakefile b/GNUmakefile index d95eaab1..748cd73c 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -394,8 +394,8 @@ afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86 # document all mutations and only do one run (use with only one input file!) -document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o | test_x86 - $(CC) -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS) +document: $(COMM_HDR) include/afl-fuzz.h $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-performance.o | test_x86 + $(CC) -D_DEBUG=\"1\" -D_AFL_DOCUMENT_MUTATIONS $(CFLAGS) $(CFLAGS_FLTO) $(AFL_FUZZ_FILES) src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.c src/afl-performance.o -o afl-fuzz-document $(PYFLAGS) $(LDFLAGS) test/unittests/unit_maybe_alloc.o : $(COMM_HDR) include/alloc-inl.h test/unittests/unit_maybe_alloc.c $(AFL_FUZZ_FILES) @$(CC) $(CFLAGS) $(ASAN_CFLAGS) -c test/unittests/unit_maybe_alloc.c -o test/unittests/unit_maybe_alloc.o diff --git a/examples/persistent_demo/persistent_demo_new.c b/examples/persistent_demo/persistent_demo_new.c index 98909442..e4e328b0 100644 --- a/examples/persistent_demo/persistent_demo_new.c +++ b/examples/persistent_demo/persistent_demo_new.c @@ -49,9 +49,13 @@ int main(int argc, char **argv) { len = __AFL_FUZZ_TESTCASE_LEN; + fprintf(stderr, "input: %zd \"%s\"\n", len, buf); + /* do we have enough data? */ if (len < 8) continue; + if (strcmp((char *)buf, "thisisateststring") == 0) printf("teststring\n"); + if (buf[0] == 'f') { printf("one\n"); diff --git a/include/afl-prealloc.h b/include/afl-prealloc.h index a9de3ba2..fa6c9b70 100644 --- a/include/afl-prealloc.h +++ b/include/afl-prealloc.h @@ -60,7 +60,7 @@ typedef enum prealloc_status { \ if ((prealloc_counter) >= (prealloc_size)) { \ \ - el_ptr = (element_t *) malloc(sizeof(*el_ptr)); \ + el_ptr = (element_t *)malloc(sizeof(*el_ptr)); \ if (!el_ptr) { FATAL("error in list.h -> out of memory for element!"); } \ el_ptr->pre_status = PRE_STATUS_MALLOC; \ \ diff --git a/include/alloc-inl.h b/include/alloc-inl.h index decc2d43..832b2de4 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -170,10 +170,10 @@ static inline u8 *DFL_ck_strdup(u8 *str) { size = strlen((char *)str) + 1; ALLOC_CHECK_SIZE(size); - ret = (u8*) malloc(size); + ret = (u8 *)malloc(size); ALLOC_CHECK_RESULT(ret, size); - return (u8*)memcpy(ret, str, size); + return (u8 *)memcpy(ret, str, size); } @@ -204,7 +204,7 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) { if (!mem || !size) { return NULL; } ALLOC_CHECK_SIZE(size); - ret = (u8*) malloc(size + 1); + ret = (u8 *)malloc(size + 1); ALLOC_CHECK_RESULT(ret, size); memcpy(ret, mem, size); diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 184dcd0f..f81d13ee 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -395,6 +395,9 @@ static void __afl_start_snapshots(void) { if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); + if (getenv("AFL_DEBUG")) + fprintf(stderr, "target forkserver recv: %08x\n", was_killed); + if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) == (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) { @@ -594,6 +597,9 @@ static void __afl_start_forkserver(void) { if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); + if (getenv("AFL_DEBUG")) + fprintf(stderr, "target forkserver recv: %08x\n", was_killed); + if ((was_killed & (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) == (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ)) { diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index bb7a6797..c5709b33 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -596,9 +596,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, // this is not afl-fuzz - we deny and return if (fsrv->use_shmem_fuzz) - status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ); + status = (FS_OPT_ENABLED | FS_OPT_SHDMEM_FUZZ); else - status = (FS_OPT_ENABLED | FS_OPT_AUTODICT); + status = (FS_OPT_ENABLED); if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) { FATAL("Writing to forkserver failed."); @@ -610,7 +610,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } if (!be_quiet) { ACTF("Using AUTODICT feature."); } - status = (FS_OPT_ENABLED | FS_OPT_AUTODICT); + + if (fsrv->use_shmem_fuzz) + status = (FS_OPT_ENABLED | FS_OPT_AUTODICT | FS_OPT_SHDMEM_FUZZ); + else + status = (FS_OPT_ENABLED | FS_OPT_AUTODICT); + if (write(fsrv->fsrv_ctl_fd, &status, 4) != 4) { FATAL("Writing to forkserver failed."); @@ -862,16 +867,21 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { *fsrv->shmem_fuzz_len = len; memcpy(fsrv->shmem_fuzz, buf, len); #ifdef _DEBUG - fprintf(stderr, "FS crc: %08x len: %u\n", - hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705), - *fsrv->shmem_fuzz_len); - fprintf(stderr, "SHM :"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]); - fprintf(stderr, "\nORIG:"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", buf[i]); - fprintf(stderr, "\n"); + if (getenv("AFL_DEBUG")) { + + fprintf(stderr, "FS crc: %016llx len: %u\n", + hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705), + *fsrv->shmem_fuzz_len); + fprintf(stderr, "SHM :"); + for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) + fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]); + fprintf(stderr, "\nORIG:"); + for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) + fprintf(stderr, "%02x", buf[i]); + fprintf(stderr, "\n"); + + } + #endif } else { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 52931a39..2a1664e2 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -156,16 +156,22 @@ static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at, *afl->fsrv.shmem_fuzz_len = len - skip_len; #ifdef _DEBUG - fprintf(stderr, "FS crc: %08x len: %u\n", - hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705), - *fsrv->shmem_fuzz_len); - fprintf(stderr, "SHM :"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]); - fprintf(stderr, "\nORIG:"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", buf[i]); - fprintf(stderr, "\n"); + if (afl->debug) { + + fprintf( + stderr, "FS crc: %16llx len: %u\n", + hash64(afl->fsrv.shmem_fuzz, *afl->fsrv.shmem_fuzz_len, 0xa5b35705), + *afl->fsrv.shmem_fuzz_len); + fprintf(stderr, "SHM :"); + for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++) + fprintf(stderr, "%02x", afl->fsrv.shmem_fuzz[i]); + fprintf(stderr, "\nORIG:"); + for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++) + fprintf(stderr, "%02x", (u8)((u8 *)mem)[i]); + fprintf(stderr, "\n"); + + } + #endif return; diff --git a/src/afl-performance.c b/src/afl-performance.c index 0832dc39..0c1697a8 100644 --- a/src/afl-performance.c +++ b/src/afl-performance.c @@ -143,8 +143,10 @@ void long_jump(afl_state_t *afl) { #ifdef _DEBUG u32 hash32(u8 *key, u32 len, u32 seed) { + #else u32 inline hash32(u8 *key, u32 len, u32 seed) { + #endif return (u32)XXH64(key, len, seed); @@ -153,8 +155,10 @@ u32 inline hash32(u8 *key, u32 len, u32 seed) { #ifdef _DEBUG u64 hash64(u8 *key, u32 len, u64 seed) { + #else u64 inline hash64(u8 *key, u32 len, u64 seed) { + #endif return XXH64(key, len, seed); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 994d80eb..883398ff 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -985,10 +985,12 @@ int main(int argc, char **argv_orig, char **envp) { if (read_file(infile)) { - if (wait_for_gdb) { + if (wait_for_gdb) { + fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid); fprintf(stderr, "exec: kill -CONT %d\n", getpid()); kill(0, SIGSTOP); + } showmap_run_target_forkserver(fsrv, use_argv, in_data, in_len); -- cgit 1.4.1