From 31a8beb44967207a8eecc17440783304493f145a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 19 May 2024 13:47:53 +0200 Subject: support new llvm 19 changes --- src/afl-cc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-cc.c b/src/afl-cc.c index c872b2eb..07155676 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2844,7 +2844,7 @@ static void maybe_usage(aflcc_state_t *aflcc, int argc, char **argv) { " The best is LTO but it often needs RANLIB and AR settings outside " "of afl-cc.\n\n"); -#if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0) +#if LLVM_MAJOR >= 11 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0) #define NATIVE_MSG \ " LLVM-NATIVE: use llvm's native PCGUARD instrumentation (less " \ "performant)\n" -- cgit 1.4.1 From 4e3cd8ac3f26144f934d115a56bd4830c8155190 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 20 May 2024 14:02:22 +0200 Subject: nit --- src/afl-fuzz-stats.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index ffe56cde..eafeebba 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -322,7 +322,8 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; } #endif u64 runtime_ms = afl->prev_run_time + cur_time - afl->start_time; - u64 overhead_ms = (afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / 1000; + u64 overhead_ms = + (afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / 1000; if (!runtime_ms) { runtime_ms = 1; } fprintf( @@ -632,7 +633,8 @@ void show_stats_normal(afl_state_t *afl) { if (afl->most_time_key && afl->queue_cycle) { - if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) { + if (afl->most_time * 1000 + afl->sync_time_us / 1000 < + cur_ms - afl->start_time) { afl->most_time_key = 2; afl->stop_soon = 2; @@ -1329,7 +1331,9 @@ void show_stats_normal(afl_state_t *afl) { sprintf(tmp, "disabled, "); - } else if (unlikely(!afl->bytes_trim_out)) { + } else if (unlikely(!afl->bytes_trim_out || + + afl->bytes_trim_in <= afl->bytes_trim_out)) { sprintf(tmp, "n/a, "); @@ -1346,7 +1350,9 @@ void show_stats_normal(afl_state_t *afl) { strcat(tmp, "disabled"); - } else if (unlikely(!afl->blocks_eff_total)) { + } else if (unlikely(!afl->blocks_eff_total || + + afl->blocks_eff_select >= afl->blocks_eff_total)) { strcat(tmp, "n/a"); @@ -1462,7 +1468,8 @@ void show_stats_pizza(afl_state_t *afl) { if (afl->most_time_key && afl->queue_cycle) { - if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) { + if (afl->most_time * 1000 + afl->sync_time_us / 1000 < + cur_ms - afl->start_time) { afl->most_time_key = 2; afl->stop_soon = 2; @@ -2503,3 +2510,4 @@ void update_sync_time(afl_state_t *afl, u64 *time) { *time = cur; } + -- cgit 1.4.1 From 9721a772042402e1f32c4f053e9354751dda35c0 Mon Sep 17 00:00:00 2001 From: Clement Brisset Date: Thu, 23 May 2024 11:14:53 -0700 Subject: Fix dynamic_lookup linker flag for Apple clang --- src/afl-cc.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-cc.c b/src/afl-cc.c index fa3318de..469aad13 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2366,8 +2366,7 @@ static void add_aflpplib(aflcc_state_t *aflcc) { insert_param(aflcc, afllib); #ifdef __APPLE__ - insert_param(aflcc, "-Wl,-undefined"); - insert_param(aflcc, "dynamic_lookup"); + insert_param(aflcc, "-Wl,-undefined,dynamic_lookup"); #endif } -- cgit 1.4.1 From 03dc80afc437638cb49bf55f31bcd47c30bc3b28 Mon Sep 17 00:00:00 2001 From: Andrew Haberlandt Date: Sat, 25 May 2024 19:58:48 +0000 Subject: fix: testcache hangs for large test cases --- src/afl-fuzz-queue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 2318df60..784b377a 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -1301,7 +1301,8 @@ inline u8 *queue_testcase_get(afl_state_t *afl, struct queue_entry *q) { static u32 do_once = 0; // because even threaded we would want this. WIP while (unlikely( - afl->q_testcase_cache_size + len >= afl->q_testcase_max_cache_size || + (afl->q_testcase_cache_size + len >= afl->q_testcase_max_cache_size && + afl->q_testcase_cache_count > 1) || afl->q_testcase_cache_count >= afl->q_testcase_max_cache_entries - 1)) { /* We want a max number of entries to the cache that we learn. -- cgit 1.4.1 From a3125c38f496979be314c93f10adfad9dd4d363e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 29 May 2024 12:55:28 +0200 Subject: fix afl-showmap shmmemleak --- docs/Changelog.md | 1 + src/afl-showmap.c | 32 +++++++++++++++++++++++++------- 2 files changed, 26 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/docs/Changelog.md b/docs/Changelog.md index d6478ca0..058e42af 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -27,6 +27,7 @@ * afl-cmin - work with input files that have a space * afl-showmap + - fix memory leak on shmem testcase usage (thanks to @ndrewh) - minor fix to collect coverage -C (thanks to @bet4it) * enhanced the ASAN configuration diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 7e875040..68e5e0e0 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -225,8 +225,13 @@ static void at_exit_handler(void) { if (remove_shm) { + remove_shm = false; if (shm.map) afl_shm_deinit(&shm); - if (fsrv->use_shmem_fuzz) deinit_shmem(fsrv, shm_fuzz); + if ((shm_fuzz && shm_fuzz->shmemfuzz_mode) || fsrv->use_shmem_fuzz) { + + deinit_shmem(fsrv, shm_fuzz); + + } } @@ -1527,6 +1532,8 @@ int main(int argc, char **argv_orig, char **envp) { /* initialize cmplog_mode */ shm_fuzz->cmplog_mode = 0; + atexit(at_exit_handler); + u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1); shm_fuzz->shmemfuzz_mode = true; if (!map) { FATAL("BUG: Zero return from afl_shm_init."); } @@ -1676,8 +1683,6 @@ int main(int argc, char **argv_orig, char **envp) { } - atexit(at_exit_handler); - if (get_afl_env("AFL_DEBUG")) { int j = optind; @@ -1694,8 +1699,12 @@ int main(int argc, char **argv_orig, char **envp) { map_size = fsrv->map_size; - if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) + if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) { + shm_fuzz = deinit_shmem(fsrv, shm_fuzz); + shm_fuzz->shmemfuzz_mode = 0; + + } if (in_dir) { @@ -1728,8 +1737,12 @@ int main(int argc, char **argv_orig, char **envp) { } else { - if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) + if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) { + shm_fuzz = deinit_shmem(fsrv, shm_fuzz); + shm_fuzz->shmemfuzz_mode = 0; + + } #ifdef __linux__ if (!fsrv->nyx_mode) { @@ -1777,9 +1790,14 @@ int main(int argc, char **argv_orig, char **envp) { } - remove_shm = 0; + remove_shm = false; afl_shm_deinit(&shm); - if (fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz); + if (fsrv->use_shmem_fuzz) { + + shm_fuzz = deinit_shmem(fsrv, shm_fuzz); + shm_fuzz->shmemfuzz_mode = 0; + + } u32 ret; -- cgit 1.4.1 From 9419e39fdfcf225cee287683ef9d1549e954c4e9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 31 May 2024 18:32:31 +0200 Subject: nits --- include/afl-fuzz.h | 4 ++++ include/afl-mutations.h | 4 ++++ src/afl-common.c | 6 +++--- src/afl-forkserver.c | 3 ++- src/afl-fuzz-run.c | 1 + 5 files changed, 14 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 5efe5144..74b04fdb 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -139,6 +139,10 @@ #define AFL_RAND_RETURN u32 #endif +#ifndef INTERESTING_32_LEN + #error INTERESTING_32_LEN not defined - BUG! +#endif + extern s8 interesting_8[INTERESTING_8_LEN]; extern s16 interesting_16[INTERESTING_8_LEN + INTERESTING_16_LEN]; extern s32 diff --git a/include/afl-mutations.h b/include/afl-mutations.h index 79cf7c6a..1e5a6934 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -33,6 +33,10 @@ #define MUT_STRATEGY_ARRAY_SIZE 256 +#ifndef INTERESTING_32 + #error INTERESTING_32 is not defined - BUG! +#endif + s8 interesting_8[] = {INTERESTING_8}; s16 interesting_16[] = {INTERESTING_8, INTERESTING_16}; s32 interesting_32[] = {INTERESTING_8, INTERESTING_16, INTERESTING_32}; diff --git a/src/afl-common.c b/src/afl-common.c index 9a27824d..8af49e19 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -999,7 +999,7 @@ inline u64 get_cur_time(void) { struct timespec ts; int rc = clock_gettime(CLOCK_MONOTONIC_COARSE, &ts); - if (rc == -1) { + if (unlikely(rc == -1)) { PFATAL("Failed to obtain timestamp (errno = %i: %s)\n", errno, strerror(errno)); @@ -1012,11 +1012,11 @@ inline u64 get_cur_time(void) { /* Get unix time in microseconds */ -u64 get_cur_time_us(void) { +inline u64 get_cur_time_us(void) { struct timespec ts; int rc = clock_gettime(CLOCK_MONOTONIC_COARSE, &ts); - if (rc == -1) { + if (unlikely(rc == -1)) { PFATAL("Failed to obtain timestamp (errno = %i: %s)\n", errno, strerror(errno)); diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index beb6bdeb..a082982c 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -578,7 +578,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, void *nyx_config = fsrv->nyx_handlers->nyx_config_load(fsrv->target_path); fsrv->nyx_handlers->nyx_config_set_workdir_path(nyx_config, workdir_path); - fsrv->nyx_handlers->nyx_config_set_input_buffer_size(nyx_config, fsrv->max_length); + fsrv->nyx_handlers->nyx_config_set_input_buffer_size(nyx_config, + fsrv->max_length); fsrv->nyx_handlers->nyx_config_set_input_buffer_write_protection(nyx_config, true); diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index b62db1ea..4e2cceff 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -1195,3 +1195,4 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { return 0; } + -- cgit 1.4.1 From 894339c5d7dc615a98423390d30f6b4e032f01f3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 1 Jun 2024 12:26:26 +0200 Subject: try regression fix --- src/afl-common.c | 45 ++++++++------------------------------------- 1 file changed, 8 insertions(+), 37 deletions(-) (limited to 'src') diff --git a/src/afl-common.c b/src/afl-common.c index 8af49e19..efdb5d60 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -59,27 +59,6 @@ u8 last_intr = 0; #define AFL_PATH "/usr/local/lib/afl/" #endif -/* - Some BSD (i.e.: FreeBSD) offer the FAST clock source as - * equivalent to Linux COARSE clock source. Aliasing COARSE to - * FAST on such systems when COARSE is not already defined. - * - macOS has no support of CLOCK_MONOTONIC_COARSE clock type. - */ -#if defined(OS_DARWIN) || defined(OS_SUNOS) || defined(__APPLE__) || \ - defined(__sun) || defined(__NetBSD__) - #define CLOCK_MONOTONIC_COARSE CLOCK_MONOTONIC -#elif defined(OS_FREEBSD) - #define CLOCK_MONOTONIC_COARSE CLOCK_MONOTONIC_FAST -#endif - -/* Convert seconds to milliseconds. */ -#define SEC_TO_MS(sec) ((sec) * 1000) -/* Convert seconds to microseconds. */ -#define SEC_TO_US(sec) ((sec) * 1000000) -/* Convert nanoseconds to milliseconds. */ -#define NS_TO_MS(ns) ((ns) / 1000000) -/* Convert nanoseconds to microseconds. */ -#define NS_TO_US(ns) ((ns) / 1000) - void *afl_memmem(const void *haystack, size_t haystacklen, const void *needle, size_t needlelen) { @@ -997,16 +976,12 @@ void read_bitmap(u8 *fname, u8 *map, size_t len) { inline u64 get_cur_time(void) { - struct timespec ts; - int rc = clock_gettime(CLOCK_MONOTONIC_COARSE, &ts); - if (unlikely(rc == -1)) { + struct timeval tv; + struct timezone tz; - PFATAL("Failed to obtain timestamp (errno = %i: %s)\n", errno, - strerror(errno)); + gettimeofday(&tv, &tz); - } - - return SEC_TO_MS((uint64_t)ts.tv_sec) + NS_TO_MS((uint64_t)ts.tv_nsec); + return (tv.tv_sec * 1000ULL) + (tv.tv_usec / 1000); } @@ -1014,16 +989,12 @@ inline u64 get_cur_time(void) { inline u64 get_cur_time_us(void) { - struct timespec ts; - int rc = clock_gettime(CLOCK_MONOTONIC_COARSE, &ts); - if (unlikely(rc == -1)) { + struct timeval tv; + struct timezone tz; - PFATAL("Failed to obtain timestamp (errno = %i: %s)\n", errno, - strerror(errno)); - - } + gettimeofday(&tv, &tz); - return SEC_TO_US((uint64_t)ts.tv_sec) + NS_TO_US((uint64_t)ts.tv_nsec); + return (tv.tv_sec * 1000000ULL) + tv.tv_usec; } -- cgit 1.4.1