From b33a6addcc9e52a3050a0e25b93dce10fd4cc644 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Fri, 11 Oct 2019 21:09:24 +0100 Subject: NetBSD binding to cpu, ignore sleeping processes. --- src/afl-fuzz-init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 127f5217..91d4c727 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -166,7 +166,7 @@ void bind_to_free_cpu(void) { for (i = 0; i < proccount; i++) { - if (procs[i].p_cpuid < sizeof(cpu_used)) cpu_used[procs[i].p_cpuid] = 1; + if (procs[i].p_cpuid < sizeof(cpu_used) && procs[i].p_pctcpu > 0) cpu_used[procs[i].p_cpuid] = 1; } -- cgit v1.2.3 From 33281b04e7d043d30a1a9d60c3e7ec75f9709366 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Fri, 11 Oct 2019 22:21:25 +0100 Subject: FreeBSD making more tolerant the cpu binding at init time --- src/afl-fuzz-init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 91d4c727..18ce0a2f 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -138,7 +138,7 @@ void bind_to_free_cpu(void) { for (i = 0; i < proccount; i++) { - if (procs[i].ki_oncpu < sizeof(cpu_used)) cpu_used[procs[i].ki_oncpu] = 1; + if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 0) cpu_used[procs[i].ki_oncpu] = 1; } -- cgit v1.2.3 From 99f2abfd711f0cdfe56f08b63b8ee2effe58cbed Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 12 Oct 2019 01:58:45 +0200 Subject: fine tuning cpu percentage limit to be detected as bound cpu on FreeBSD --- src/afl-fuzz-init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 18ce0a2f..a54c53d8 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -138,7 +138,7 @@ void bind_to_free_cpu(void) { for (i = 0; i < proccount; i++) { - if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 0) cpu_used[procs[i].ki_oncpu] = 1; + if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 2) cpu_used[procs[i].ki_oncpu] = 1; } -- cgit v1.2.3 From 73da639654aa4e91220eb0adcbe380800b06a768 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 18 Oct 2019 08:25:43 +0200 Subject: revert patch --- src/afl-fuzz-run.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 46d12423..fc235b27 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -288,10 +288,10 @@ void write_to_testcase(void* mem, u32 len) { if (out_file) { - // unlink(out_file); /* Ignore errors. + unlink(out_file); /* Ignore errors. // */ - fd = open(out_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); + fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); if (fd < 0) PFATAL("Unable to create '%s'", out_file); @@ -331,10 +331,10 @@ void write_with_gap(void* mem, u32 len, u32 skip_at, u32 skip_len) { if (out_file) { - // unlink(out_file); /* Ignore errors. + unlink(out_file); /* Ignore errors. // */ - fd = open(out_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); + fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); if (fd < 0) PFATAL("Unable to create '%s'", out_file); -- cgit v1.2.3 From e7ab8be0cd97f9a18e6ca2f855afa69768322dfb Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 18 Oct 2019 19:53:10 +0200 Subject: sync afl-fast-gcc with afl-clang-fast, add tests for gcc_plugin --- src/afl-gcc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-gcc.c b/src/afl-gcc.c index 8982ca97..dd7ba4d6 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -131,7 +131,7 @@ static void edit_params(u32 argc, char** argv) { if (!name) name = argv[0]; else - name++; + ++name; if (!strncmp(name, "afl-clang", 9)) { -- cgit v1.2.3 From 1fdb75068d6b815baf9736e63e3545b66de688c5 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 19 Oct 2019 11:44:09 +0100 Subject: afl-gotcpu: porting to Darwin using mach API. --- src/afl-gotcpu.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index bdb727de..dc938b65 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -52,7 +52,7 @@ #include "types.h" #include "debug.h" -#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) +#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__) #define HAVE_AFFINITY 1 #if defined(__FreeBSD__) #include @@ -62,8 +62,12 @@ #elif defined(__NetBSD__) #include #include +#elif defined(__APPLE__) +#include +#include +#include #endif -#endif /* __linux__ || __FreeBSD__ || __NetBSD__ */ +#endif /* __linux__ || __FreeBSD__ || __NetBSD__ || __APPLE__ */ /* Get unix time in microseconds. */ @@ -176,6 +180,12 @@ int main(int argc, char** argv) { if (c == NULL) PFATAL("cpuset_create failed"); cpuset_set(i, c); +#elif defined(__APPLE__) + thread_affinity_policy_data_t c = { i }; + thread_port_t native_thread = pthread_mach_thread_np(pthread_self()); + if (thread_policy_set(native_thread, THREAD_AFFINITY_POLICY, + (thread_policy_t)&c, 1) != KERN_SUCCESS) + PFATAL("thread_policy_set failed"); #endif #if defined(__FreeBSD__) -- cgit v1.2.3 From 8a786377196fbaafeecbca17fad66ea1e76c7de2 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 19 Oct 2019 16:19:46 +0200 Subject: add gcc_plugin to code formatter and run it --- src/afl-fuzz-bitmap.c | 8 +++++--- src/afl-fuzz-globals.c | 4 ++-- src/afl-fuzz-init.c | 6 ++++-- src/afl-fuzz-run.c | 6 ++---- src/afl-fuzz-stats.c | 18 +++++++++--------- src/afl-fuzz.c | 8 +++----- 6 files changed, 25 insertions(+), 25 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 746fc982..d001dbee 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -683,10 +683,12 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) { #endif /* ^!SIMPLE_FILES */ ++unique_crashes; - - if (infoexec) // if the user wants to be informed on new crashes - do that + + if (infoexec) // if the user wants to be informed on new crashes - do + // that if (system(infoexec) == -1) - hnb += 0; // we dont care if system errors, but we dont want a compiler warning either + hnb += 0; // we dont care if system errors, but we dont want a + // compiler warning either last_crash_time = get_cur_time(); last_crash_execs = total_execs; diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index a5ccfdf9..8340394a 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -74,8 +74,8 @@ u8 *in_dir, /* Input directory with test cases */ *file_extension, /* File extension */ *orig_cmdline; /* Original command line */ u8 *doc_path, /* Path to documentation dir */ - *infoexec, /* Command to execute on a new crash */ - *out_file; /* File to fuzz, if any */ + *infoexec, /* Command to execute on a new crash */ + *out_file; /* File to fuzz, if any */ u32 exec_tmout = EXEC_TIMEOUT; /* Configurable exec timeout (ms) */ u32 hang_tmout = EXEC_TIMEOUT; /* Timeout used for hang det (ms) */ diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index a54c53d8..a37ce8ba 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -138,7 +138,8 @@ void bind_to_free_cpu(void) { for (i = 0; i < proccount; i++) { - if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 2) cpu_used[procs[i].ki_oncpu] = 1; + if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 2) + cpu_used[procs[i].ki_oncpu] = 1; } @@ -166,7 +167,8 @@ void bind_to_free_cpu(void) { for (i = 0; i < proccount; i++) { - if (procs[i].p_cpuid < sizeof(cpu_used) && procs[i].p_pctcpu > 0) cpu_used[procs[i].p_cpuid] = 1; + if (procs[i].p_cpuid < sizeof(cpu_used) && procs[i].p_pctcpu > 0) + cpu_used[procs[i].p_cpuid] = 1; } diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index fc235b27..5211921f 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -288,8 +288,7 @@ void write_to_testcase(void* mem, u32 len) { if (out_file) { - unlink(out_file); /* Ignore errors. - // */ + unlink(out_file); /* Ignore errors. */ fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); @@ -331,8 +330,7 @@ void write_with_gap(void* mem, u32 len, u32 skip_at, u32 skip_len) { if (out_file) { - unlink(out_file); /* Ignore errors. - // */ + unlink(out_file); /* Ignore errors. */ fd = open(out_file, O_WRONLY | O_CREAT | O_EXCL, 0600); diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index f1bc1c8a..7e8639f2 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -334,9 +334,9 @@ void show_stats(void) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (dumb_mode) { @@ -413,9 +413,9 @@ void show_stats(void) { " uniq hangs : " cRST "%-6s" bSTG bV "\n", DTD(cur_ms, last_hang_time), tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA - " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); + " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -443,9 +443,9 @@ void show_stats(void) { SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", DI(queued_favored), ((double)queued_favored) * 100 / queued_paths); @@ -514,7 +514,7 @@ void show_stats(void) { /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP + SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); @@ -633,13 +633,13 @@ void show_stats(void) { sprintf(tmp, "%s/%s", DI(stage_finds[STAGE_CUSTOM_MUTATOR]), DI(stage_cycles[STAGE_CUSTOM_MUTATOR])); SAYF(bV bSTOP " custom mut. : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB - "\n" bLB bH30 bH20 bH2 bH bRB bSTOP cRST RESET_G1, + "\n" bLB bH30 bH20 bH2 bH bRB bSTOP cRST RESET_G1, tmp); } else { SAYF(bV bSTOP " trim : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB - "\n" bLB bH30 bH20 bH2 bRB bSTOP cRST RESET_G1, + "\n" bLB bH30 bH20 bH2 bRB bSTOP cRST RESET_G1, tmp); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 3460f91d..44037ce8 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -76,7 +76,8 @@ static void usage(u8* argv0) { "Other stuff:\n" " -T text - text banner to show on the screen\n" " -M / -S id - distributed mode (see parallel_fuzzing.txt)\n" - " -I command - execute this command/script when a new crash is found\n" + " -I command - execute this command/script when a new crash is " + "found\n" " -B bitmap.txt - mutate a specific test case, use the out/fuzz_bitmap " "file\n" " -C - crash exploration mode (the peruvian rabbit thing)\n" @@ -138,10 +139,7 @@ int main(int argc, char** argv) { switch (opt) { - case 'I': - - infoexec = optarg; - break; + case 'I': infoexec = optarg; break; case 's': { -- cgit v1.2.3 From c83e8e1e6255374b085292ba8673efdca7388d76 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 19 Oct 2019 18:23:01 +0200 Subject: Remove lcamtuf's old email from Google (not valid anymore), also remove maintainance from him. --- src/afl-analyze.c | 4 ++-- src/afl-as.c | 4 ++-- src/afl-common.c | 2 +- src/afl-forkserver.c | 2 +- src/afl-fuzz-bitmap.c | 2 +- src/afl-fuzz-extras.c | 2 +- src/afl-fuzz-globals.c | 2 +- src/afl-fuzz-init.c | 2 +- src/afl-fuzz-misc.c | 2 +- src/afl-fuzz-one.c | 2 +- src/afl-fuzz-python.c | 2 +- src/afl-fuzz-queue.c | 2 +- src/afl-fuzz-run.c | 2 +- src/afl-fuzz-stats.c | 2 +- src/afl-fuzz.c | 4 ++-- src/afl-gcc.c | 6 +++--- src/afl-gotcpu.c | 8 ++++---- src/afl-sharedmem.c | 2 +- src/afl-showmap.c | 4 ++-- src/afl-tmin.c | 4 ++-- 20 files changed, 30 insertions(+), 30 deletions(-) (limited to 'src') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 2d13621b..5555a262 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -2,7 +2,7 @@ american fuzzy lop++ - file format analyzer ------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and @@ -841,7 +841,7 @@ int main(int argc, char** argv) { doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - SAYF(cCYA "afl-analyze" VERSION cRST " by \n"); + SAYF(cCYA "afl-analyze" VERSION cRST " by Michal Zalewski\n"); while ((opt = getopt(argc, argv, "+i:f:m:t:eQUWh")) > 0) diff --git a/src/afl-as.c b/src/afl-as.c index b5a5ed58..2b023432 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -2,7 +2,7 @@ american fuzzy lop++ - wrapper for GNU as ----------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and @@ -501,7 +501,7 @@ int main(int argc, char** argv) { if (isatty(2) && !getenv("AFL_QUIET")) { - SAYF(cCYA "afl-as" VERSION cRST " by \n"); + SAYF(cCYA "afl-as" VERSION cRST " by Michal Zalewski\n"); } else diff --git a/src/afl-common.c b/src/afl-common.c index e753e797..ec010c2d 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -2,7 +2,7 @@ american fuzzy lop++ - common routines -------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index d9f67da5..b11ee5ce 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -2,7 +2,7 @@ american fuzzy lop++ - forkserver code -------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Forkserver design by Jann Horn diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index d001dbee..22876626 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -2,7 +2,7 @@ american fuzzy lop++ - bitmap related routines ---------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 1a0e2eff..23b2c235 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -2,7 +2,7 @@ american fuzzy lop++ - extras relates routines ---------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index 8340394a..36ba6e14 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -2,7 +2,7 @@ american fuzzy lop++ - globals declarations ------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index a37ce8ba..a77904b5 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2,7 +2,7 @@ american fuzzy lop++ - initialization related routines ------------------------------------------------------ - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz-misc.c b/src/afl-fuzz-misc.c index a7372b7d..f45642f4 100644 --- a/src/afl-fuzz-misc.c +++ b/src/afl-fuzz-misc.c @@ -2,7 +2,7 @@ american fuzzy lop++ - misc stuffs from Mordor ---------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 31d58a10..bed8d254 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2,7 +2,7 @@ american fuzzy lop++ - fuzze_one routines in different flavours --------------------------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 1a28f603..1a8b7f9d 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -2,7 +2,7 @@ american fuzzy lop++ - python extension routines ------------------------------------------------ - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 905fd931..9f036186 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -2,7 +2,7 @@ american fuzzy lop++ - queue relates routines --------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 5211921f..e12b06eb 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -2,7 +2,7 @@ american fuzzy lop++ - target execution related routines -------------------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 7e8639f2..2ea03e94 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -2,7 +2,7 @@ american fuzzy lop++ - stats related routines --------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 44037ce8..bb342112 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2,7 +2,7 @@ american fuzzy lop - fuzzer code -------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and @@ -127,7 +127,7 @@ int main(int argc, char** argv) { SAYF(cCYA "afl-fuzz" VERSION cRST - " based on afl by and a big online community\n"); + " based on afl by Michal Zalewski and a big online community\n"); doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; diff --git a/src/afl-gcc.c b/src/afl-gcc.c index dd7ba4d6..740442dc 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -2,7 +2,7 @@ american fuzzy lop++ - wrapper for GCC and clang ------------------------------------------------ - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and @@ -335,7 +335,7 @@ int main(int argc, char** argv) { if (argc == 2 && strcmp(argv[1], "-h") == 0) { - printf("afl-cc" VERSION " by \n\n"); + printf("afl-cc" VERSION " by Michal Zalewski\n\n"); printf("%s \n\n", argv[0]); printf("afl-gcc has no command line options\n"); printf( @@ -347,7 +347,7 @@ int main(int argc, char** argv) { if (isatty(2) && !getenv("AFL_QUIET")) { - SAYF(cCYA "afl-cc" VERSION cRST " by \n"); + SAYF(cCYA "afl-cc" VERSION cRST " by Michal Zalewski\n"); SAYF(cYEL "[!] " cBRI "NOTE: " cRST "afl-gcc is deprecated, llvm_mode is much faster and has more " "options\n"); diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index dc938b65..850943dd 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -2,7 +2,7 @@ american fuzzy lop - free CPU gizmo ----------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Now maintained by by Marc Heuse , Heiko Eißfeldt and @@ -142,7 +142,7 @@ int main(int argc, char** argv) { if (argc > 1) { - printf("afl-gotcpu" VERSION " by \n"); + printf("afl-gotcpu" VERSION " by Michal Zalewski\n"); printf("\n%s \n\n", argv[0]); printf("afl-gotcpu does not have command line options\n"); printf("afl-gotcpu prints out which CPUs are available\n"); @@ -154,7 +154,7 @@ int main(int argc, char** argv) { u32 cpu_cnt = sysconf(_SC_NPROCESSORS_ONLN), idle_cpus = 0, maybe_cpus = 0, i; - SAYF(cCYA "afl-gotcpu" VERSION cRST " by \n"); + SAYF(cCYA "afl-gotcpu" VERSION cRST " by Michal Zalewski\n"); ACTF("Measuring per-core preemption rate (this will take %0.02f sec)...", ((double)CTEST_CORE_TRG_MS) / 1000); @@ -275,7 +275,7 @@ int main(int argc, char** argv) { u32 util_perc; - SAYF(cCYA "afl-gotcpu" VERSION cRST " by \n"); + SAYF(cCYA "afl-gotcpu" VERSION cRST " by Michal Zalewski\n"); /* Run a busy loop for CTEST_TARGET_MS. */ diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index 0bd1ff2f..d94100a3 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -2,7 +2,7 @@ american fuzzy lop++ - shared memory related code ------------------------------------------------- - Originally written by Michal Zalewski + Originally written by Michal Zalewski Forkserver design by Jann Horn diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 31f12856..b54ac2b0 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -2,7 +2,7 @@ american fuzzy lop++ - map display utility ------------------------------------------ - Originally written by Michal Zalewski + Originally written by Michal Zalewski Forkserver design by Jann Horn @@ -395,7 +395,7 @@ static void setup_signal_handlers(void) { static void show_banner(void) { - SAYF(cCYA "afl-showmap" VERSION cRST " by \n"); + SAYF(cCYA "afl-showmap" VERSION cRST " by Michal Zalewski\n"); } diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 7f354727..a72e1dda 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -2,7 +2,7 @@ american fuzzy lop++ - test case minimizer ------------------------------------------ - Originally written by Michal Zalewski + Originally written by Michal Zalewski Forkserver design by Jann Horn @@ -1032,7 +1032,7 @@ int main(int argc, char** argv) { doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - SAYF(cCYA "afl-tmin" VERSION cRST " by \n"); + SAYF(cCYA "afl-tmin" VERSION cRST " by Michal Zalewski\n"); while ((opt = getopt(argc, argv, "+i:o:f:m:t:B:xeQUWh")) > 0) -- cgit v1.2.3 From bc3ce26e0ecbf97751c6eb444df8e5bf31dcafd7 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 21 Oct 2019 17:18:41 +0200 Subject: -V/-E not precise --- src/afl-fuzz.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index bb342112..25f606fa 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -71,7 +71,9 @@ static void usage(u8* argv0) { " -V seconds - fuzz for a maximum total time of seconds then " "terminate\n" " -E execs - fuzz for a maximum number of total executions then " - "terminate\n\n" + "terminate\n" + "Note: -V/-E are not precise, they are checked after a queue entry is " + "done which\n can be many minutes/execs later\n\n" "Other stuff:\n" " -T text - text banner to show on the screen\n" -- cgit v1.2.3 From 374f6610270a0434afe4931077e49efd9284e013 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 22 Oct 2019 13:23:00 +0200 Subject: help output adjustment --- src/afl-fuzz.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 25f606fa..877df0d3 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -72,8 +72,8 @@ static void usage(u8* argv0) { "terminate\n" " -E execs - fuzz for a maximum number of total executions then " "terminate\n" - "Note: -V/-E are not precise, they are checked after a queue entry is " - "done which\n can be many minutes/execs later\n\n" + " Note: -V/-E are not precise, they are checked after a queue entry " + "is done\n which can be many minutes/execs later\n\n" "Other stuff:\n" " -T text - text banner to show on the screen\n" -- cgit v1.2.3 From 644efa290582e76a9fb1dc42a7cfc782d628d3fe Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Fri, 25 Oct 2019 14:02:30 +0200 Subject: remove redundand setenv of SHM_ENV_VAR --- src/afl-sharedmem.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'src') diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index d94100a3..e11221a4 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -153,8 +153,6 @@ void setup_shm(unsigned char dumb_mode) { shm_str = alloc_printf("%d", shm_id); - setenv(SHM_ENV_VAR, shm_str, 1); - /* If somebody is asking us to fuzz instrumented binaries in dumb mode, we don't want them to detect instrumentation, since we won't be sending fork server commands. This should be replaced with better auto-detection -- cgit v1.2.3 From c66633ccc54f98829e7035b981ad4916f14d1e70 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 20 Oct 2019 04:45:50 +0200 Subject: no longer warns on python as path for unicorn --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 877df0d3..14d7802d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -554,7 +554,7 @@ int main(int argc, char** argv) { if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI")) FATAL("AFL_NO_UI and AFL_FORCE_UI are mutually exclusive"); - if (strchr(argv[optind], '/') == NULL) + if (strchr(argv[optind], '/') == NULL && !unicorn_mode) WARNF(cLRD "Target binary called without a prefixed path, make sure you are " "fuzzing the right binary: " cRST "%s", -- cgit v1.2.3 From f2b3f01759b7b5b4d74967ee39a6752c668e698e Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Sat, 26 Oct 2019 09:24:09 +0200 Subject: make initial inputs names consistent with others using time:0 --- src/afl-fuzz-init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index a77904b5..e3c2e259 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -729,7 +729,7 @@ void pivot_inputs(void) { use_name += 6; else use_name = rsl; - nfn = alloc_printf("%s/queue/id:%06u,orig:%s", out_dir, id, use_name); + nfn = alloc_printf("%s/queue/id:%06u,time:0,orig:%s", out_dir, id, use_name); #else -- cgit v1.2.3 From cfd7b906cbc961892646aee9f307f6ffd4eb2253 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Sat, 26 Oct 2019 08:39:13 +0100 Subject: Porting cpu affinity to DragonFly. Thanks their API is very similar in this area. --- src/afl-fuzz-init.c | 19 ++++++++++++------- src/afl-gotcpu.c | 10 ++++++---- 2 files changed, 18 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index a77904b5..f9525c82 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -32,7 +32,7 @@ void bind_to_free_cpu(void) { -#if defined(__linux__) || defined(__FreeBSD__) +#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) cpu_set_t c; #elif defined(__NetBSD__) cpuset_t* c; @@ -117,7 +117,7 @@ void bind_to_free_cpu(void) { } closedir(d); -#elif defined(__FreeBSD__) +#elif defined(__FreeBSD__) || defined(__DragonFly__) struct kinfo_proc* procs; size_t nprocs; size_t proccount; @@ -138,8 +138,13 @@ void bind_to_free_cpu(void) { for (i = 0; i < proccount; i++) { +#if defined(__FreeBSD__) if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 2) cpu_used[procs[i].ki_oncpu] = 1; +#elif defined(__DragonFly__) + if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) && procs[i].kp_lwp.kl_pctcpu > 2) + cpu_used[procs[i].kp_lwp.kl_cpuid] = 1; +#endif } @@ -200,7 +205,7 @@ void bind_to_free_cpu(void) { cpu_aff = i; -#if defined(__linux__) || defined(__FreeBSD__) +#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) CPU_ZERO(&c); CPU_SET(i, &c); #elif defined(__NetBSD__) @@ -212,7 +217,7 @@ void bind_to_free_cpu(void) { #if defined(__linux__) if (sched_setaffinity(0, sizeof(c), &c)) PFATAL("sched_setaffinity failed"); -#elif defined(__FreeBSD__) +#elif defined(__FreeBSD__) || defined(__DragonFly__) if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) PFATAL("pthread_setaffinity failed"); #elif defined(__NetBSD__) @@ -871,7 +876,7 @@ double get_runnable_processes(void) { static double res; #if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || \ - defined(__NetBSD__) + defined(__NetBSD__) || defined(__DragonFly__) /* I don't see any portable sysctl or so that would quickly give us the number of runnable processes; the 1-minute load average can be a @@ -1605,7 +1610,7 @@ void check_cpu_governor(void) { void get_core_count(void) { -#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) +#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) size_t s = sizeof(cpu_core_count); @@ -1651,7 +1656,7 @@ void get_core_count(void) { cur_runnable = (u32)get_runnable_processes(); -#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) +#if defined(__APPLE__) || defined(__FreeBSD__) || defined(__OpenBSD__) || defined(__DragonFly__) /* Add ourselves, since the 1-minute average doesn't include that yet. */ diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c index 850943dd..fe5d035f 100644 --- a/src/afl-gotcpu.c +++ b/src/afl-gotcpu.c @@ -52,12 +52,14 @@ #include "types.h" #include "debug.h" -#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__) +#if defined(__linux__) || defined(__FreeBSD__) || defined(__NetBSD__) || defined(__APPLE__) || defined(__DragonFly__) #define HAVE_AFFINITY 1 -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) || defined(__DragonFly__) #include #include +#if defined(__FreeBSD__) #include +#endif #define cpu_set_t cpuset_t #elif defined(__NetBSD__) #include @@ -168,7 +170,7 @@ int main(int argc, char** argv) { if (!fr) { u32 util_perc; -#if defined(__linux__) || defined(__FreeBSD__) +#if defined(__linux__) || defined(__FreeBSD__) || defined(__DragonFly__) cpu_set_t c; CPU_ZERO(&c); @@ -188,7 +190,7 @@ int main(int argc, char** argv) { PFATAL("thread_policy_set failed"); #endif -#if defined(__FreeBSD__) +#if defined(__FreeBSD__) || defined(__DragonFly__) if (pthread_setaffinity_np(pthread_self(), sizeof(c), &c)) PFATAL("pthread_setaffinity_np failed"); #endif -- cgit v1.2.3 From 64fa11d204c13ad32f9fe0dbb9abbfedc00ebb3d Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 28 Oct 2019 11:52:31 +0100 Subject: updated changelog, afl-analyze AFL_SKIP_BIN_CHECK support --- src/afl-analyze.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 5555a262..ee281af8 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -987,7 +987,7 @@ int main(int argc, char** argv) { if (child_timed_out) FATAL("Target binary times out (adjusting -t may help)."); - if (!anything_set()) FATAL("No instrumentation detected."); + if (getenv("AFL_SKIP_BIN_CHECK") == NULL && !anything_set()) FATAL("No instrumentation detected."); analyze(use_argv); -- cgit v1.2.3 From c87210820c1566c74bf08ab4345679598cabd71b Mon Sep 17 00:00:00 2001 From: David Carlier Date: Tue, 29 Oct 2019 15:06:20 +0000 Subject: libtokencap update proposal - bcmp interception. - FreeBSD using default argument to get current pid for the mapping data gathering, getpid seems to cause some issues under certain conditions (getenv call). --- src/afl-gcc.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/afl-gcc.c b/src/afl-gcc.c index 740442dc..e0706a5f 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -320,6 +320,7 @@ static void edit_params(u32 argc, char** argv) { cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp"; cc_params[cc_par_cnt++] = "-fno-builtin-memcmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-bcmp"; cc_params[cc_par_cnt++] = "-fno-builtin-strstr"; cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr"; -- cgit v1.2.3 From 73cb58726649b860cbea9eef727e90ad14be4b31 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 5 Nov 2019 18:39:16 +0100 Subject: test unicorn && AFL_DISABLE_TRIM env var --- src/afl-fuzz-globals.c | 3 ++- src/afl-fuzz-one.c | 2 +- src/afl-fuzz.c | 3 +++ 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index 36ba6e14..06eb06d8 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -122,7 +122,8 @@ u8 skip_deterministic, /* Skip deterministic stages? */ deferred_mode, /* Deferred forkserver mode? */ fixed_seed, /* do not reseed */ fast_cal, /* Try to calibrate faster? */ - uses_asan; /* Target uses ASAN? */ + uses_asan, /* Target uses ASAN? */ + disable_trim; /* Never trim in fuzz_one */ s32 out_fd, /* Persistent fd for out_file */ #ifndef HAVE_ARC4RANDOM diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index bed8d254..8ca219b5 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -449,7 +449,7 @@ u8 fuzz_one_original(char** argv) { * TRIMMING * ************/ - if (!dumb_mode && !queue_cur->trim_done && !custom_mutator) { + if (!dumb_mode && !queue_cur->trim_done && !custom_mutator && !disable_trim) { u8 res = trim_case(argv, queue_cur, in_buf); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 14d7802d..26ed7b61 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -551,6 +551,9 @@ int main(int argc, char** argv) { } + if (getenv("AFL_DISABLE_TRIM")) + disable_trim = 1; + if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI")) FATAL("AFL_NO_UI and AFL_FORCE_UI are mutually exclusive"); -- cgit v1.2.3 From a3932d7f002b840887475482934d93ae3efdad5b Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 8 Nov 2019 04:39:22 +0100 Subject: raise limit for free core detection on FreeBSD and dragonFlyBSD --- src/afl-fuzz-init.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 64b24087..82ba6f8a 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -139,10 +139,10 @@ void bind_to_free_cpu(void) { for (i = 0; i < proccount; i++) { #if defined(__FreeBSD__) - if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 2) + if (procs[i].ki_oncpu < sizeof(cpu_used) && procs[i].ki_pctcpu > 10) cpu_used[procs[i].ki_oncpu] = 1; #elif defined(__DragonFly__) - if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) && procs[i].kp_lwp.kl_pctcpu > 2) + if (procs[i].kp_lwp.kl_cpuid < sizeof(cpu_used) && procs[i].kp_lwp.kl_pctcpu > 10) cpu_used[procs[i].kp_lwp.kl_cpuid] = 1; #endif -- cgit v1.2.3 From 7a20cc2f58d2709a6b26c98bb6a931dfe5e186b6 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 8 Nov 2019 19:27:25 +0100 Subject: additional test, if afl-as is called by afl-gcc/afl-clang (seen in OpenIndiana) --- src/afl-as.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-as.c b/src/afl-as.c index 2b023432..312ae0a7 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -499,7 +499,7 @@ int main(int argc, char** argv) { clang_mode = !!getenv(CLANG_ENV_VAR); - if (isatty(2) && !getenv("AFL_QUIET")) { + if (!getenv("AFL_QUIET")) { SAYF(cCYA "afl-as" VERSION cRST " by Michal Zalewski\n"); -- cgit v1.2.3