From d40a4fe366439bf4e98f49c16bb9032989ab5f1c Mon Sep 17 00:00:00 2001 From: Rick van Schijndel Date: Sat, 11 Dec 2021 15:48:58 +0100 Subject: afl-cc: fix incorrect CLANGPP_BIN This caused CMake to complain that the C compiler was set to C++ mode, causing the CMake configuration step to fail for all targets. aflplusplus was built with make source-only -j8 LLVM_BINDIR= AFL_REAL_LD= --- src/afl-cc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-cc.c b/src/afl-cc.c index 1448d8ae..cafb8e32 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -395,7 +395,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { snprintf(llvm_fullpath, sizeof(llvm_fullpath), "%s/clang", LLVM_BINDIR); else - snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANGPP_BIN); + snprintf(llvm_fullpath, sizeof(llvm_fullpath), CLANG_BIN); alt_cc = llvm_fullpath; } -- cgit 1.4.1 From 663889bc94c69e2be543ac2fce9fd9901592b0a6 Mon Sep 17 00:00:00 2001 From: yuawn Date: Sun, 12 Dec 2021 07:12:58 +0000 Subject: fix fuzzer_stats parameter order --- src/afl-fuzz-stats.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 50e6c2f4..3c0480e5 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -296,9 +296,9 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, ((double)(afl->prev_run_time + get_cur_time() - afl->start_time) / 1000), afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored, - afl->queued_discovered, afl->queued_imported, afl->max_depth, + afl->queued_discovered, afl->queued_imported, afl->queued_variable, afl->max_depth, afl->current_entry, afl->pending_favored, afl->pending_not_fuzzed, - afl->queued_variable, stability, bitmap_cvg, afl->saved_crashes, + stability, bitmap_cvg, afl->saved_crashes, afl->saved_hangs, afl->last_find_time / 1000, afl->last_crash_time / 1000, afl->last_hang_time / 1000, afl->fsrv.total_execs - afl->last_crash_execs, afl->fsrv.exec_tmout, afl->slowest_exec_ms, -- cgit 1.4.1 From e903f12e8c70d63b1f62392ec8e1ef12c6e10634 Mon Sep 17 00:00:00 2001 From: yuawn Date: Sun, 12 Dec 2021 07:13:38 +0000 Subject: code format --- src/afl-fuzz-stats.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 3c0480e5..289f7e09 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -296,9 +296,9 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, ((double)(afl->prev_run_time + get_cur_time() - afl->start_time) / 1000), afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored, - afl->queued_discovered, afl->queued_imported, afl->queued_variable, afl->max_depth, - afl->current_entry, afl->pending_favored, afl->pending_not_fuzzed, - stability, bitmap_cvg, afl->saved_crashes, + afl->queued_discovered, afl->queued_imported, afl->queued_variable, + afl->max_depth, afl->current_entry, afl->pending_favored, + afl->pending_not_fuzzed, stability, bitmap_cvg, afl->saved_crashes, afl->saved_hangs, afl->last_find_time / 1000, afl->last_crash_time / 1000, afl->last_hang_time / 1000, afl->fsrv.total_execs - afl->last_crash_execs, afl->fsrv.exec_tmout, afl->slowest_exec_ms, -- cgit 1.4.1 From 57bc3c07018463ad6d069850be9f2bce5c450dd6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Dec 2021 15:45:41 +0100 Subject: fix qemu/unicorn oob --- docs/Changelog.md | 2 ++ src/afl-sharedmem.c | 3 +++ 2 files changed, 5 insertions(+) (limited to 'src') diff --git a/docs/Changelog.md b/docs/Changelog.md index e9b62dc0..00502efe 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -34,6 +34,8 @@ sending a mail to . - better banner - more effective cmplog mode - more often update the UI when in input2stage mode + - qemu_mode/unicorn_mode: fixed OOB write when using libcompcov, + thanks to kotee4ko for reporting! - frida_mode: - better performance, bug fixes - David Carlier added Android support :) diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index 7fb8f821..09941d61 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -242,6 +242,9 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, #else u8 *shm_str; + // handle qemu/unicorn compcov map overwrite + if (map_size == MAP_SIZE) { map_size += 8; } + shm->shm_id = shmget(IPC_PRIVATE, map_size, IPC_CREAT | IPC_EXCL | DEFAULT_PERMISSION); if (shm->shm_id < 0) { -- cgit 1.4.1 From ece717c42496b95930639fd0df7cc3b1704fb687 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 13 Dec 2021 16:43:16 +0100 Subject: fix --- src/afl-sharedmem.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c index 09941d61..c1d4ff03 100644 --- a/src/afl-sharedmem.c +++ b/src/afl-sharedmem.c @@ -242,11 +242,11 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size, #else u8 *shm_str; - // handle qemu/unicorn compcov map overwrite - if (map_size == MAP_SIZE) { map_size += 8; } - + // for qemu+unicorn we have to increase by 8 to account for potential + // compcov map overwrite shm->shm_id = - shmget(IPC_PRIVATE, map_size, IPC_CREAT | IPC_EXCL | DEFAULT_PERMISSION); + shmget(IPC_PRIVATE, map_size == MAP_SIZE ? map_size + 8 : map_size, + IPC_CREAT | IPC_EXCL | DEFAULT_PERMISSION); if (shm->shm_id < 0) { PFATAL("shmget() failed, try running afl-system-config"); -- cgit 1.4.1