From 4566bcf122c251c023abce0683666921bd4df755 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 31 Aug 2020 10:57:01 +0200 Subject: code-format --- src/afl-fuzz-init.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 7b7ba006..852fc3fb 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1843,7 +1843,8 @@ void setup_stdio_file(afl_state_t *afl) { if (afl->file_extension) { - afl->fsrv.out_file = alloc_printf("%s/.cur_input.%s", afl->tmp_dir, afl->file_extension); + afl->fsrv.out_file = + alloc_printf("%s/.cur_input.%s", afl->tmp_dir, afl->file_extension); } else { @@ -1851,11 +1852,15 @@ void setup_stdio_file(afl_state_t *afl) { } - unlink(afl->fsrv.out_file); /* Ignore errors */ + unlink(afl->fsrv.out_file); /* Ignore errors */ afl->fsrv.out_fd = open(afl->fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, 0600); - if (afl->fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", afl->fsrv.out_file); } + if (afl->fsrv.out_fd < 0) { + + PFATAL("Unable to create '%s'", afl->fsrv.out_file); + + } } -- cgit 1.4.1 From 81767287c31f454271f62c24a8331f382e14bc85 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 31 Aug 2020 13:02:40 +0200 Subject: improve documentation --- src/afl-fuzz.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5ad2ace9..0df6c15c 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -178,8 +178,9 @@ static void usage(u8 *argv0, int more_help) { "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n" "AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n" " the target was compiled for\n" - "AFL_MAX_DET_EXTRAS: if the dict/extras file contains more tokens than this threshold,\n" - " the tokens will sometimes be skipped during fuzzing.\n" + "AFL_MAX_DET_EXTRAS: if more entries are in the dictionary list than this value\n" + " then they are randomly selected instead all of them being\n" + " used. Defaults to 200.\n" "AFL_NO_AFFINITY: do not check for an unused cpu core to use for fuzzing\n" "AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n" "AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n" -- cgit 1.4.1 From d2c9e4baa74210cf49243390fb3dabb29024ade4 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 31 Aug 2020 13:12:59 +0200 Subject: fix warnings and weird code insert --- llvm_mode/afl-llvm-lto-instrumentation.so.cc | 24 +++++++++++++++++++----- src/afl-performance.c | 12 ++++++------ 2 files changed, 25 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/llvm_mode/afl-llvm-lto-instrumentation.so.cc b/llvm_mode/afl-llvm-lto-instrumentation.so.cc index b8d9fce9..125db229 100644 --- a/llvm_mode/afl-llvm-lto-instrumentation.so.cc +++ b/llvm_mode/afl-llvm-lto-instrumentation.so.cc @@ -374,14 +374,28 @@ bool AFLLTOPass::runOnModule(Module &M) { std::string Str1, Str2; StringRef TmpStr; bool HasStr1 = getConstantStringInfo(Str1P, TmpStr); - if (TmpStr.empty()) + if (TmpStr.empty()) { + HasStr1 = false; - else + + } else { + + HasStr1 = true; Str1 = TmpStr.str(); + + } + bool HasStr2 = getConstantStringInfo(Str2P, TmpStr); - if (TmpStr.empty()) HasStr2 = false; - (void)HasStr2 /* never read */ - else Str2 = TmpStr.str(); + if (TmpStr.empty()) { + + HasStr2 = false; + + } else { + + HasStr2 = true; + Str2 = TmpStr.str(); + + } if (debug) fprintf(stderr, "F:%s %p(%s)->\"%s\"(%s) %p(%s)->\"%s\"(%s)\n", diff --git a/src/afl-performance.c b/src/afl-performance.c index 0c1697a8..a9d7cefa 100644 --- a/src/afl-performance.c +++ b/src/afl-performance.c @@ -72,12 +72,12 @@ void jump(afl_state_t *afl) { static const uint64_t JUMP[] = {0x180ec6d33cfd0aba, 0xd5a61266f0c9392c, 0xa9582618e03fc9aa, 0x39abdc4529b1661c}; - int i, b; + size_t i, b; uint64_t s0 = 0; uint64_t s1 = 0; uint64_t s2 = 0; uint64_t s3 = 0; - for (i = 0; i < sizeof JUMP / sizeof *JUMP; i++) + for (i = 0; i < (sizeof(JUMP) / sizeof(*JUMP)); i++) for (b = 0; b < 64; b++) { if (JUMP[i] & UINT64_C(1) << b) { @@ -110,12 +110,12 @@ void long_jump(afl_state_t *afl) { static const uint64_t LONG_JUMP[] = {0x76e15d3efefdcbbf, 0xc5004e441c522fb3, 0x77710069854ee241, 0x39109bb02acbe635}; - int i, b; + size_t i, b; uint64_t s0 = 0; uint64_t s1 = 0; uint64_t s2 = 0; uint64_t s3 = 0; - for (i = 0; i < sizeof LONG_JUMP / sizeof *LONG_JUMP; i++) + for (i = 0; i < (sizeof(LONG_JUMP) / sizeof(*LONG_JUMP)); i++) for (b = 0; b < 64; b++) { if (LONG_JUMP[i] & UINT64_C(1) << b) { @@ -145,7 +145,7 @@ void long_jump(afl_state_t *afl) { u32 hash32(u8 *key, u32 len, u32 seed) { #else -u32 inline hash32(u8 *key, u32 len, u32 seed) { +inline u32 hash32(u8 *key, u32 len, u32 seed) { #endif @@ -157,7 +157,7 @@ u32 inline hash32(u8 *key, u32 len, u32 seed) { u64 hash64(u8 *key, u32 len, u64 seed) { #else -u64 inline hash64(u8 *key, u32 len, u64 seed) { +inline u64 hash64(u8 *key, u32 len, u64 seed) { #endif -- cgit 1.4.1 From 9e8b3f13e198dda74d4673866ffc4a37c976c05e Mon Sep 17 00:00:00 2001 From: domenukk Date: Mon, 31 Aug 2020 15:17:37 +0200 Subject: fixed warning on mac --- src/afl-as.c | 2 +- unicorn_mode/unicornafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-as.c b/src/afl-as.c index 0ed47d8c..7d70bfcd 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -152,7 +152,7 @@ static void edit_params(int argc, char **argv) { /* The Apple case is a bit different... */ - if (!strcmp(argv[i], "-arch") && i + 1 < argc) { + if (!strcmp(argv[i], "-arch") && i + 1 < (u32)argc) { if (!strcmp(argv[i + 1], "x86_64")) use_64bit = 1; diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index c6d66471..c21a5ebb 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit c6d6647161a32bae88785a618fcd828d1711d9e6 +Subproject commit c21a5ebbbeb2dbaab84435642c49952060778243 -- cgit 1.4.1 From 155ef8875a2ca544316bade52d4fc36c545d9856 Mon Sep 17 00:00:00 2001 From: David CARLIER Date: Mon, 31 Aug 2020 15:37:46 +0100 Subject: Fix few warnings for FreeBSD case. (#536) --- src/afl-fuzz-init.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 852fc3fb..102f04b9 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -256,18 +256,18 @@ void bind_to_free_cpu(afl_state_t *afl) { } - for (i = 0; i < proccount; i++) { + for (i = 0; i < (s32)proccount; i++) { #if defined(__FreeBSD__) if (!strcmp(procs[i].ki_comm, "idle")) continue; // fix when ki_oncpu = -1 - int oncpu; + s32 oncpu; oncpu = procs[i].ki_oncpu; if (oncpu == -1) oncpu = procs[i].ki_lastcpu; - if (oncpu != -1 && oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 60) + if (oncpu != -1 && oncpu < (s32)sizeof(cpu_used) && procs[i].ki_pctcpu > 60) cpu_used[oncpu] = 1; #elif defined(__DragonFly__) -- cgit 1.4.1 From d7d8afa512bcc0c012fac3b624eeff7b5af65439 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 31 Aug 2020 17:54:21 +0200 Subject: fix afl-gcc help output --- src/afl-gcc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-gcc.c b/src/afl-gcc.c index 22e6be8e..97564aea 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -415,7 +415,7 @@ int main(int argc, char **argv) { "AFL_KEEP_ASSEMBLY: leave instrumented assembly files\n" "AFL_AS_FORCE_INSTRUMENT: force instrumentation for asm sources\n"; - if (argc == 2 && strcmp(argv[1], "-h") == 0) { + if (argc == 2 && strncmp(argv[1], "-h", 2) == 0) { printf("afl-cc" VERSION " by Michal Zalewski\n\n"); printf("%s \n\n", argv[0]); -- cgit 1.4.1 From 53e63e9ded202b63de19590bb3d265d2f01ee929 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 31 Aug 2020 18:28:36 +0200 Subject: added forkserver init timeout --- afl-cmin | 1 + src/afl-showmap.c | 1 + src/afl-tmin.c | 1 + 3 files changed, 3 insertions(+) (limited to 'src') diff --git a/afl-cmin b/afl-cmin index d38e7a97..619c6dae 100755 --- a/afl-cmin +++ b/afl-cmin @@ -120,6 +120,7 @@ function usage() { "AFL_PATH: path for the afl-showmap binary\n" \ "AFL_SKIP_BIN_CHECK: skip check for target binary\n" \ "AFL_ALLOW_TMP: allow unsafe use of input/output directories under {/var}/tmp\n" +"AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the target to come up, initially\n" exit 1 } diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 64b52479..e596c26e 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -637,6 +637,7 @@ static void usage(u8 *argv0) { " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_QUIET: do not print extra informational output\n", + "AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the target to come up, initially\n" argv0, MEM_LIMIT, doc_path); exit(1); diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 59269f45..f231cde9 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -846,6 +846,7 @@ static void usage(u8 *argv0) { " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TMIN_EXACT: require execution paths to match for crashing inputs\n" + "AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the target to come up, initially\n" , argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path); -- cgit 1.4.1 From bea76b346ce278896d0b4a6f3b1d42e5c1c786c3 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 31 Aug 2020 18:29:45 +0200 Subject: fixed build error --- src/afl-showmap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-showmap.c b/src/afl-showmap.c index e596c26e..ae33cc48 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -636,9 +636,10 @@ static void usage(u8 *argv0) { "size\n" " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" - "AFL_QUIET: do not print extra informational output\n", + "AFL_QUIET: do not print extra informational output\n" "AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the target to come up, initially\n" - argv0, MEM_LIMIT, doc_path); + + ,argv0, MEM_LIMIT, doc_path); exit(1); -- cgit 1.4.1 From e4de4e350009584f5cdb8cf4c47a79fff9358cad Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 31 Aug 2020 18:32:01 +0200 Subject: update gitignore --- .gitignore | 1 + docs/Changelog.md | 1 + llvm_mode/afl-clang-fast.c | 4 ++-- src/afl-showmap.c | 8 ++++---- src/afl-tmin.c | 2 +- 5 files changed, 9 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/.gitignore b/.gitignore index 4307fc4c..9c169c49 100644 --- a/.gitignore +++ b/.gitignore @@ -40,6 +40,7 @@ afl-cmin.8 afl-cmin.bash.8 afl-fuzz.8 afl-gcc.8 +afl-g++.8 afl-gcc-fast.8 afl-g++-fast.8 afl-gotcpu.8 diff --git a/docs/Changelog.md b/docs/Changelog.md index cb6e14b8..3966464e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,6 +10,7 @@ sending a mail to . ### Version ++2.67d (develop) + - a few QOL changes for Apple and its outdated gmake - afl-fuzz: - Fix for auto dictionary entries found during fuzzing to not throw out a -x dictionary diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 281d6b4b..ccdbca9d 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -670,11 +670,11 @@ static void edit_params(u32 argc, char **argv, char **envp) { } -#ifndef __APPLE__ + #ifndef __APPLE__ if (!shared_linking) cc_params[cc_par_cnt++] = alloc_printf("-Wl,--dynamic-list=%s/dynamic_list.txt", obj_path); -#endif + #endif #endif diff --git a/src/afl-showmap.c b/src/afl-showmap.c index ae33cc48..f4a7c336 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -636,10 +636,10 @@ static void usage(u8 *argv0) { "size\n" " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" - "AFL_QUIET: do not print extra informational output\n" - "AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the target to come up, initially\n" - - ,argv0, MEM_LIMIT, doc_path); + "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during " + "startup (in milliseconds)\n" + "AFL_QUIET: do not print extra informational output\n", + argv0, MEM_LIMIT, doc_path); exit(1); diff --git a/src/afl-tmin.c b/src/afl-tmin.c index f231cde9..e1d08054 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -846,7 +846,7 @@ static void usage(u8 *argv0) { " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TMIN_EXACT: require execution paths to match for crashing inputs\n" - "AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the target to come up, initially\n" + "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in milliseconds)\n" , argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path); -- cgit 1.4.1 From 9bbbec3fa8e18a84939ffd864ecfd9017af98aba Mon Sep 17 00:00:00 2001 From: Ahmad Hazimeh Date: Mon, 31 Aug 2020 18:39:50 +0200 Subject: Fixed stack use-after-return bug in strntoll --- src/afl-fuzz-redqueen.c | 1 - 1 file changed, 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 1ae6ab54..392b1909 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -282,7 +282,6 @@ static long long strntoll(const char *str, size_t sz, char **end, int base) { memcpy(buf, beg, sz); buf[sz] = '\0'; ret = strtoll(buf, end, base); - if (ret == LLONG_MIN || ret == LLONG_MAX) return ret; if (end) *end = (char *)beg + (*end - buf); return ret; -- cgit 1.4.1 From 6090bb1bca81229a4c6ae178e1cef0e35bd31a96 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Mon, 31 Aug 2020 20:33:56 +0200 Subject: better fix for #539 --- src/afl-fuzz-redqueen.c | 49 ++++++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 23 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 1ae6ab54..73d00f9a 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -264,7 +264,8 @@ static u8 its_fuzz(afl_state_t *afl, u8 *buf, u32 len, u8 *status) { } -static long long strntoll(const char *str, size_t sz, char **end, int base) { +static int strntoll(const char *str, size_t sz, char **end, int base, + long long* out) { char buf[64]; long long ret; @@ -272,24 +273,25 @@ static long long strntoll(const char *str, size_t sz, char **end, int base) { for (; beg && sz && *beg == ' '; beg++, sz--) {}; - if (!sz || sz >= sizeof(buf)) { - - if (end) *end = (char *)str; - return 0; - - } + if (!sz) + return 1; + if (sz >= sizeof(buf)) + sz = sizeof(buf) -1; memcpy(buf, beg, sz); buf[sz] = '\0'; ret = strtoll(buf, end, base); - if (ret == LLONG_MIN || ret == LLONG_MAX) return ret; + if ((ret == LLONG_MIN || ret == LLONG_MAX) && errno == ERANGE) + return 1; if (end) *end = (char *)beg + (*end - buf); - return ret; + *out = ret; + + return 0; } -static unsigned long long strntoull(const char *str, size_t sz, char **end, - int base) { +static int strntoull(const char *str, size_t sz, char **end, int base, + unsigned long long* out) { char buf[64]; unsigned long long ret; @@ -298,18 +300,20 @@ static unsigned long long strntoull(const char *str, size_t sz, char **end, for (; beg && sz && *beg == ' '; beg++, sz--) ; - if (!sz || sz >= sizeof(buf)) { - - if (end) *end = (char *)str; - return 0; - - } + if (!sz) + return 1; + if (sz >= sizeof(buf)) + sz = sizeof(buf) -1; memcpy(buf, beg, sz); buf[sz] = '\0'; ret = strtoull(buf, end, base); + if (ret == ULLONG_MAX && errno == ERANGE) + return 1; if (end) *end = (char *)beg + (*end - buf); - return ret; + *out = ret; + + return 0; } @@ -336,17 +340,16 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, u8 use_num = 0, use_unum = 0; unsigned long long unum; long long num; + if (afl->queue_cur->is_ascii) { endptr = buf_8; - num = strntoll(buf_8, len - idx, (char **)&endptr, 0); - if (endptr == buf_8) { + if (strntoll(buf_8, len - idx, (char **)&endptr, 0, &num)) { - unum = strntoull(buf_8, len - idx, (char **)&endptr, 0); - if (endptr == buf_8) use_unum = 1; + if (!strntoull(buf_8, len - idx, (char **)&endptr, 0, &unum)) + use_unum = 1; } else - use_num = 1; } -- cgit 1.4.1 From bd57784664a7de62c726a0fb2aaabd41471faa0c Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 31 Aug 2020 23:59:10 +0200 Subject: code format --- src/afl-fuzz-redqueen.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 73d00f9a..9a9ac33f 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -265,7 +265,7 @@ static u8 its_fuzz(afl_state_t *afl, u8 *buf, u32 len, u8 *status) { } static int strntoll(const char *str, size_t sz, char **end, int base, - long long* out) { + long long *out) { char buf[64]; long long ret; @@ -273,16 +273,13 @@ static int strntoll(const char *str, size_t sz, char **end, int base, for (; beg && sz && *beg == ' '; beg++, sz--) {}; - if (!sz) - return 1; - if (sz >= sizeof(buf)) - sz = sizeof(buf) -1; + if (!sz) return 1; + if (sz >= sizeof(buf)) sz = sizeof(buf) - 1; memcpy(buf, beg, sz); buf[sz] = '\0'; ret = strtoll(buf, end, base); - if ((ret == LLONG_MIN || ret == LLONG_MAX) && errno == ERANGE) - return 1; + if ((ret == LLONG_MIN || ret == LLONG_MAX) && errno == ERANGE) return 1; if (end) *end = (char *)beg + (*end - buf); *out = ret; @@ -291,7 +288,7 @@ static int strntoll(const char *str, size_t sz, char **end, int base, } static int strntoull(const char *str, size_t sz, char **end, int base, - unsigned long long* out) { + unsigned long long *out) { char buf[64]; unsigned long long ret; @@ -300,16 +297,13 @@ static int strntoull(const char *str, size_t sz, char **end, int base, for (; beg && sz && *beg == ' '; beg++, sz--) ; - if (!sz) - return 1; - if (sz >= sizeof(buf)) - sz = sizeof(buf) -1; + if (!sz) return 1; + if (sz >= sizeof(buf)) sz = sizeof(buf) - 1; memcpy(buf, beg, sz); buf[sz] = '\0'; ret = strtoull(buf, end, base); - if (ret == ULLONG_MAX && errno == ERANGE) - return 1; + if (ret == ULLONG_MAX && errno == ERANGE) return 1; if (end) *end = (char *)beg + (*end - buf); *out = ret; @@ -350,6 +344,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, use_unum = 1; } else + use_num = 1; } -- cgit 1.4.1 From e4a86b40a5504c608d6ba7f44133ab39b24ac6f8 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 1 Sep 2020 13:42:33 +0200 Subject: child cleanup --- src/afl-forkserver.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 93203cb2..cb4e00f9 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -240,6 +240,17 @@ static void afl_fauxsrv_execv(afl_forkserver_t *fsrv, char **argv) { if (!child_pid) { // New child + close(fsrv->out_dir_fd); + close(fsrv->dev_null_fd); + close(fsrv->dev_urandom_fd); + + if (fsrv->plot_file != NULL) { + + fclose(fsrv->plot_file); + fsrv->plot_file = NULL; + + } + signal(SIGCHLD, old_sigchld_handler); // FORKSRV_FD is for communication with AFL, we don't need it in the // child. @@ -360,12 +371,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!fsrv->fsrv_pid) { /* CHILD PROCESS */ - struct rlimit r; /* Umpf. On OpenBSD, the default fd limit for root users is set to soft 128. Let's try to fix that... */ - if (!getrlimit(RLIMIT_NOFILE, &r) && r.rlim_cur < FORKSRV_FD + 2) { r.rlim_cur = FORKSRV_FD + 2; @@ -432,7 +441,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, close(fsrv->dev_null_fd); close(fsrv->dev_urandom_fd); - if (fsrv->plot_file != NULL) { fclose(fsrv->plot_file); } + if (fsrv->plot_file != NULL) { + + fclose(fsrv->plot_file); + fsrv->plot_file = NULL; + + } /* This should improve performance a bit, since it stops the linker from doing extra work post-fork(). */ -- cgit 1.4.1