From 287828fe0bef3224e5e4f0b80e880235570876e4 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 11 Oct 2019 03:24:50 +0200 Subject: if afl-clang has to be used, extend the hardening test as from llvm_mode --- test/test.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 44236b63..0c5c18f7 100755 --- a/test/test.sh +++ b/test/test.sh @@ -64,7 +64,7 @@ $ECHO "${RESET}${GREY}[*] starting afl++ test framework ..." $ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap and afl-fuzz" test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 - AFL_HARDEN=1 ../${AFL_GCC} -o test-instr.harden ../test-instr.c > /dev/null 2>&1 + AFL_HARDEN=1 ../${AFL_GCC} -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { $ECHO "$GREEN[+] ${AFL_GCC} compilation succeeded" echo 0 | ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.0 -r -- ./test-instr.plain > /dev/null 2>&1 @@ -76,11 +76,11 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { } || $ECHO "$RED[!] ${AFL_GCC} instrumentation failed" rm -f test-instr.plain.0 test-instr.plain.1 } || $ECHO "$RED[!] ${AFL_GCC} failed" - test -e test-instr.harden && { - grep -qa fstack-protector-all test-instr.harden > /dev/null 2>&1 && { + test -e test-compcov.harden && { + grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden > /dev/null 2>&1 && { $ECHO "$GREEN[+] ${AFL_GCC} hardened mode succeeded and is working" } || $ECHO "$RED[!] ${AFL_GCC} hardened mode is not hardened" - rm -f test-instr.harden + rm -f test-compcov.harden } || $ECHO "$RED[!] ${AFL_GCC} hardened mode compilation failed" # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux -- cgit 1.4.1 From 132ecc0580e35a629ce7b6c0d9441ac63262318d Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 12 Oct 2019 01:49:23 +0200 Subject: catch afl-fuzz's output and print it in case of errors --- test/test.sh | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 0c5c18f7..a7376d16 100755 --- a/test/test.sh +++ b/test/test.sh @@ -97,12 +97,15 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for ${AFL_GCC}, this will take approx 10 seconds" { - ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with ${AFL_GCC}" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" - rm -rf in out + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" + } + rm -rf in out errors } rm -f test-instr.plain } || $ECHO "$YELLOW[-] afl is not compiled, cannot test" @@ -144,12 +147,15 @@ test -e ../afl-clang-fast && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for llvm_mode, this will take approx 10 seconds" { - ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" - rm -rf in out + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" + } + rm -rf in out errors } rm -f test-instr.plain -- cgit 1.4.1 From bd312607a36a319ecfbd01820dc1ac222afabcd2 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 12 Oct 2019 00:39:59 +0200 Subject: add afl-fuzz error capturing for qemu_mode and unicorn_mode --- test/test.sh | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index a7376d16..27bf708f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -222,24 +222,31 @@ test -e ../afl-qemu-trace && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for qemu_mode, this will take approx 10 seconds" { - ../afl-fuzz -V10 -Q -i in -o out -- ./test-instr > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V10 -Q -i in -o out -- ./test-instr >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" + } + rm -f errors test -e ../libcompcov.so && { $ECHO "$GREY[*] running afl-fuzz for qemu_mode libcompcov, this will take approx 10 seconds" { export AFL_PRELOAD=../libcompcov.so export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V10 -Q -i in -o out -- ./test-compcov > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V10 -Q -i in -o out -- ./test-compcov >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode libcompcov" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" + } } || $ECHO "$YELLOW[-] we cannot test qemu_mode libcompcov because it is not present" - rm -rf in out + rm -rf in out errors } } || $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" @@ -267,21 +274,28 @@ test -d ../unicorn_mode/unicorn && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 15 seconds" { - ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode" + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode" + } + rm -f errors $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 15 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ > /dev/null 2>&1 - } > /dev/null 2>&1 + ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" - } || $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode compcov" - rm -rf in out + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode compcov" + } + rm -rf in out errors } } || $ECHO "$RED[-] missing sample binaries in unicorn_mode/samples/ - what is going on??" -- cgit 1.4.1 From 8f854ee83a6dd70ff5a3e70f6064928b35d2ab17 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Sun, 13 Oct 2019 10:34:51 +0200 Subject: test for persistent qemu --- test/test.sh | 37 ++++++++++++++++++++++--------------- 1 file changed, 22 insertions(+), 15 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 27bf708f..94d28047 100755 --- a/test/test.sh +++ b/test/test.sh @@ -113,7 +113,11 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { $ECHO "$BLUE[*] Testing: llvm_mode" test -e ../afl-clang-fast && { # on FreeBSD need to set AFL_CC - export AFL_CC=`llvm-config --bindir`/clang + if which clang >/dev/null; then + export AFL_CC=`which clang` + else + export AFL_CC=`llvm-config --bindir`/clang + fi ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { @@ -244,25 +248,28 @@ test -e ../afl-qemu-trace && { } || { cat errors $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" - } + } } || $ECHO "$YELLOW[-] we cannot test qemu_mode libcompcov because it is not present" + rm -f errors + + $ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds" + { + export AFL_QEMU_PERSISTENT_ADDR=0x$(nm test-instr | grep "T main" | awk '{ print $1 }') + export AFL_QEMU_PERSISTENT_GPR=1 + ../afl-fuzz -V10 -Q -i in -o out -- ./test-instr > /dev/null 2>&1 + } >>errors 2>&1 + test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" + } || { + cat errors + $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" + exit 1 + } + $ECHO "$YELLOW[?] we need a test case for qemu_mode unsigaction library" rm -rf in out errors } } || $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" - $ECHO "$YELLOW[?] we need a test case for qemu_mode persistent mode" - $ECHO "$YELLOW[?] we need a test case for qemu_mode unsigaction library" - # This works but there are already problems with persistent (e.g. stability) - #$ECHO "$GREY[*] running afl-fuzz for persistent qemu_mode, this will take approx 10 seconds" - #{ - # export AFL_QEMU_PERSISTENT_ADDR=0x$(nm test-instr | grep "T main" | awk '{ print $1 }') - # export AFL_QEMU_PERSISTENT_GPR=1 - # ../afl-fuzz -V10 -Q -i in -o out -- ./test-instr > /dev/null 2>&1 - #} > /dev/null 2>&1 - #test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { - # $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" - #} || $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" - rm -f test-instr test-compcov } || $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" -- cgit 1.4.1 From 540de896e346694dd6df03bf4b3676388b53fecf Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 14 Oct 2019 11:08:25 +0200 Subject: more time for test case --- TODO | 1 + test/test.sh | 20 +++++++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/TODO b/TODO index 40828168..696e9372 100644 --- a/TODO +++ b/TODO @@ -4,6 +4,7 @@ Roadmap 2.55d: afl-fuzz: - radamsa mutator + - test the libmutator actually works and does not run infinite (need an example though) gcc_plugin: - needs to be rewritten diff --git a/test/test.sh b/test/test.sh index 94d28047..d5372233 100755 --- a/test/test.sh +++ b/test/test.sh @@ -102,7 +102,9 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with ${AFL_GCC}" } || { - cat errors + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" } rm -rf in out errors @@ -156,7 +158,9 @@ test -e ../afl-clang-fast && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with llvm_mode" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" } rm -rf in out errors @@ -231,7 +235,9 @@ test -e ../afl-qemu-trace && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" } rm -f errors @@ -246,7 +252,9 @@ test -e ../afl-qemu-trace && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode libcompcov" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" } } || $ECHO "$YELLOW[-] we cannot test qemu_mode libcompcov because it is not present" @@ -261,7 +269,9 @@ test -e ../afl-qemu-trace && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" exit 1 } @@ -286,20 +296,24 @@ test -d ../unicorn_mode/unicorn && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode" } rm -f errors - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 15 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" } || { + echo CUT------------------------------------------------------------------CUT cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode compcov" } rm -rf in out errors -- cgit 1.4.1 From 77695d75bb9619807dc27d3542e81b6b6332e2cf Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 15 Oct 2019 17:14:59 +0200 Subject: test.sh check to see if qemu persistent mode is faster --- test/test.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index d5372233..4fcd132e 100755 --- a/test/test.sh +++ b/test/test.sh @@ -234,6 +234,7 @@ test -e ../afl-qemu-trace && { } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with qemu_mode" + RUNTIME=`grep execs_done out/fuzzer_stats | awk '{print$3}'` } || { echo CUT------------------------------------------------------------------CUT cat errors @@ -268,6 +269,18 @@ test -e ../afl-qemu-trace && { } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent qemu_mode" + RUNTIMEP=`grep execs_done out/fuzzer_stats | awk '{print$3}'` + test -n "$RUNTIME" -a -n "$RUNTIMEP" && { + SLOW=`expr $RUNTIME '*' 103` # persistent mode should be at least 3% faster - minimum! + FAST=`expr $RUNTIMEP '*' 100` + test "$SLOW" -lt "$FAST" && { + $ECHO "$GREEN[+] persistent qemu_mode was noticeable faster than standard qemu_mode" + } || { + $ECHO "$YELLOW[?] persistent qemu_mode was not noticeable faster than standard qemu_mode" + } + } || { + $ECHO "$YELLOW[?] we got no data on executions performed? weird!" + } } || { echo CUT------------------------------------------------------------------CUT cat errors -- cgit 1.4.1 From f2a1456e940949a1cb976795ff3bc054e0a3c3b5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 17 Oct 2019 11:31:12 +0200 Subject: needed increased unicorn test time --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 4fcd132e..e93e19f8 100755 --- a/test/test.sh +++ b/test/test.sh @@ -302,9 +302,9 @@ test -d ../unicorn_mode/unicorn && { { mkdir -p in echo 0 > in/in - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 15 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" { - ../afl-fuzz -V15 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V20 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" -- cgit 1.4.1 From f4a74a3405d140e81111657ca28b994c5758286c Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 18 Oct 2019 10:10:47 +0200 Subject: added test/test-performance.sh --- docs/ChangeLog | 3 +- test/test-performance.sh | 189 +++++++++++++++++++++++++++++++++++++++++++++++ test/test.sh | 15 ++-- 3 files changed, 199 insertions(+), 8 deletions(-) create mode 100755 test/test-performance.sh (limited to 'test') diff --git a/docs/ChangeLog b/docs/ChangeLog index f073123c..9ffa17e3 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -17,7 +17,8 @@ sending a mail to . Version ++2.57d (dev): ---------------------- - - revertedd patch to not unlink and recreate the input file, it resulted in performance loss + - reverted patch to not unlink and recreate the input file, it resulted in performance loss + - added test/test-performance.sh script -------------------------------- diff --git a/test/test-performance.sh b/test/test-performance.sh new file mode 100755 index 00000000..198b58c4 --- /dev/null +++ b/test/test-performance.sh @@ -0,0 +1,189 @@ +#!/bin/bash + +FILE=~/.afl_performance + +test -e $FILE || { + echo Warning: This script measure the performance of afl++ and saves the result for future comparisons into $FILE + echo Press ENTER to continue or CONTROL-C to abort + read IN +} + +export AFL_QUIET=1 +unset AFL_EXIT_WHEN_DONE +unset AFL_SKIP_CPUFREQ +unset AFL_DEBUG +unset AFL_HARDEN +unset AFL_USE_ASAN +unset AFL_USE_MSAN +unset AFL_CC +unset AFL_PRELOAD +unset AFL_LLVM_WHITELIST +unset AFL_LLVM_INSTRIM +unset AFL_LLVM_LAF_SPLIT_SWITCHES +unset AFL_LLVM_LAF_TRANSFORM_COMPARES +unset AFL_LLVM_LAF_SPLIT_COMPARES + +# on OpenBSD we need to work with llvm from /usr/local/bin +test -e /usr/local/bin/opt && { + export PATH=/usr/local/bin:${PATH} +} +# on MacOS X we prefer afl-clang over afl-gcc, because +# afl-gcc does not work there +test `uname -s` = 'Darwin' -o `uname -s` = 'FreeBSD' && { + AFL_GCC=afl-clang +} || { + AFL_GCC=afl-gcc +} + +ECHO="printf %b\\n" +$ECHO \\101 2>&1 | grep -qE '^A' || { + ECHO= + test -e /bin/printf && { + ECHO="/bin/printf %b\\n" + $ECHO '\\101' 2>&1 | grep -qE '^A' || ECHO= + } +} +test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; } + +GREY="\\033[1;90m" +BLUE="\\033[1;94m" +GREEN="\\033[0;32m" +RED="\\033[0;31m" +YELLOW="\\033[1;93m" +RESET="\\033[0m" + +MEM_LIMIT=150 + +>> $FILE || { echo Error: can not write to $FILE ; exit 1 ; } + +echo Warning: this script is setting performance parameters with afl-system-config +sleep 1 +afl-system-config > /dev/null 2>&1 +echo Performance settings applied. +echo + +$ECHO "${RESET}${GREY}[*] starting afl++ performance test framework ..." + +$ECHO "$BLUE[*] Testing: ${AFL_GCC}" +GCC=x +test -e ../${AFL_GCC} -a -e ../afl-fuzz && { + ../${AFL_GCC} -o test-instr.plain ../test-instr.c > /dev/null 2>&1 + test -e test-instr.plain && { + $ECHO "$GREEN[+] ${AFL_GCC} compilation succeeded" + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz for ${AFL_GCC} for 30 seconds" + { + ../afl-fuzz -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-gcc -- ./test-instr.plain + } >>errors 2>&1 + test -n "$( ls out-gcc/queue/id:000002* 2> /dev/null )" && { + GCC=`grep execs_done out-gcc/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT---------------------------------------------------------------- + cat errors + echo CUT---------------------------------------------------------------- + $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" + } + rm -rf in out-gcc errors test-instr.plain + } || $ECHO "$RED[!] ${AFL_GCC} instrumentation failed" +} || $ECHO "$YELLOW[-] afl is not compiled, cannot test" + +$ECHO "$BLUE[*] Testing: llvm_mode" +LLVM=x +test -e ../afl-clang-fast -a -e ../afl-fuzz && { + ../afl-clang-fast -o test-instr.llvm ../test-instr.c > /dev/null 2>&1 + test -e test-instr.llvm && { + $ECHO "$GREEN[+] llvm_mode compilation succeeded" + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz for llvm_mode for 30 seconds" + { + ../afl-fuzz -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-llvm -- ./test-instr.llvm + } >>errors 2>&1 + test -n "$( ls out-llvm/queue/id:000002* 2> /dev/null )" && { + LLVM=`grep execs_done out-llvm/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT---------------------------------------------------------------- + cat errors + echo CUT---------------------------------------------------------------- + $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" + } + rm -rf in out-llvm errors test-instr.llvm + } || $ECHO "$RED[!] llvm_mode instrumentation failed" +} || $ECHO "$YELLOW[-] llvm_mode is not compiled, cannot test" + +$ECHO "$BLUE[*] Testing: qemu_mode" +QEMU=x +test -e ../afl-qemu-trace -a -e ../afl-fuzz && { + cc -o test-instr.qemu ../test-instr.c > /dev/null 2>&1 + test -e test-instr.qemu && { + $ECHO "$GREEN[+] native compilation with cc succeeded" + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz for qemu_mode for 30 seconds" + { + ../afl-fuzz -Q -V 30 -s 123 -m ${MEM_LIMIT} -i in -o out-qemu -- ./test-instr.qemu + } >>errors 2>&1 + test -n "$( ls out-qemu/queue/id:000002* 2> /dev/null )" && { + QEMU=`grep execs_done out-qemu/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT---------------------------------------------------------------- + cat errors + echo CUT---------------------------------------------------------------- + $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" + } + rm -rf in out-qemu errors test-instr.qemu + } || $ECHO "$RED[!] qemu_mode instrumentation failed" +} || $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" + +LOW_GCC= +HIGH_GCC= +LAST_GCC= +LOW_LLVM= +HIGH_LLVM= +LAST_LLVM= +LOW_QEMU= +HIGH_QEMU= +LAST_QEMU= + +test -s $FILE && { + while read LINE; do + G=`echo $LINE | awk '{print$1}'` + L=`echo $LINE | awk '{print$2}'` + Q=`echo $LINE | awk '{print$3}'` + test "$G" = x && G= + test "$L" = x && L= + test "$Q" = x && Q= + test -n "$G" && LAST_GCC=$G + test -n "$L" && LAST_LLVM=$L + test -n "$Q" && LAST_QEMU=$Q + test -n "$G" -a -z "$LOW_GCC" && LOW_GCC=$G || { + test -n "$G" -a "$G" -lt "$LOW_GCC" 2> /dev/null && LOW_GCC=$G + } + test -n "$L" -a -z "$LOW_LLVM" && LOW_LLVM=$L || { + test -n "$L" -a "$L" -lt "$LOW_LLVM" 2> /dev/null && LOW_LLVM=$L + } + test -n "$Q" -a -z "$LOW_QEMU" && LOW_QEMU=$Q || { + test -n "$Q" -a "$Q" -lt "$LOW_QEMU" 2> /dev/null && LOW_QEMU=$Q + } + test -n "$G" -a -z "$HIGH_GCC" && HIGH_GCC=$G || { + test -n "$G" -a "$G" -gt "$HIGH_GCC" 2> /dev/null && HIGH_GCC=$G + } + test -n "$L" -a -z "$HIGH_LLVM" && HIGH_LLVM=$L || { + test -n "$L" -a "$L" -gt "$HIGH_LLVM" 2> /dev/null && HIGH_LLVM=$L + } + test -n "$Q" -a -z "$HIGH_QEMU" && HIGH_QEMU=$Q || { + test -n "$Q" -a "$Q" -gt "$HIGH_QEMU" 2> /dev/null && HIGH_QEMU=$Q + } + done < $FILE + $ECHO "$YELLOW[!] Reading saved data from $FILE completed, please compare the results:" + $ECHO "$BLUE[!] afl-cc: lowest=$LOW_GCC highest=$HIGH_GCC last=$LAST_GCC current=$GCC" + $ECHO "$BLUE[!] llvm_mode: lowest=$LOW_LLVM highest=$HIGH_LLVM last=$LAST_LLVM current=$LLVM" + $ECHO "$BLUE[!] qemu_mode: lowest=$LOW_QEMU highest=$HIGH_QEMU last=$LAST_QEMU current=$QEMU" +} || { + $ECHO "$YELLOW[!] First run, just saving data" + $ECHO "$BLUE[!] afl-gcc=$GCC llvm_mode=$LLVM qemu_mode=$QEMU" +} +echo "$GCC $LLVM $QEMU" >> $FILE +$ECHO "$GREY[*] done." +$ECHO "$RESET" diff --git a/test/test.sh b/test/test.sh index e93e19f8..ab2985fe 100755 --- a/test/test.sh +++ b/test/test.sh @@ -46,10 +46,11 @@ test -e /usr/local/bin/opt && { # on MacOS X we prefer afl-clang over afl-gcc, because # afl-gcc does not work there test `uname -s` = 'Darwin' -o `uname -s` = 'FreeBSD' && { -AFL_GCC=afl-clang + AFL_GCC=afl-clang } || { -AFL_GCC=afl-gcc + AFL_GCC=afl-gcc } + GREY="\\033[1;90m" BLUE="\\033[1;94m" GREEN="\\033[0;32m" @@ -102,9 +103,9 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with ${AFL_GCC}" } || { - echo CUT------------------------------------------------------------------CUT - cat errors - echo CUT------------------------------------------------------------------CUT + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" } rm -rf in out errors @@ -116,9 +117,9 @@ $ECHO "$BLUE[*] Testing: llvm_mode" test -e ../afl-clang-fast && { # on FreeBSD need to set AFL_CC if which clang >/dev/null; then - export AFL_CC=`which clang` + export AFL_CC=`which clang` else - export AFL_CC=`llvm-config --bindir`/clang + export AFL_CC=`llvm-config --bindir`/clang fi ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 -- cgit 1.4.1 From e7ab8be0cd97f9a18e6ca2f855afa69768322dfb Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 18 Oct 2019 19:53:10 +0200 Subject: sync afl-fast-gcc with afl-clang-fast, add tests for gcc_plugin --- gcc_plugin/afl-gcc-fast.c | 50 +++++++++++++++++++++---------- gcc_plugin/afl-gcc-pass.so.cc | 4 +-- llvm_mode/afl-clang-fast.c | 4 +-- src/afl-gcc.c | 2 +- test/test.sh | 69 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 108 insertions(+), 21 deletions(-) (limited to 'test') diff --git a/gcc_plugin/afl-gcc-fast.c b/gcc_plugin/afl-gcc-fast.c index 8be05bb5..25ecf310 100644 --- a/gcc_plugin/afl-gcc-fast.c +++ b/gcc_plugin/afl-gcc-fast.c @@ -104,7 +104,7 @@ static void edit_params(u32 argc, char** argv) { cc_params = ck_alloc((argc + 64) * sizeof(u8*)); name = strrchr(argv[0], '/'); - if (!name) name = argv[0]; else name++; + if (!name) name = argv[0]; else ++name; if (!strcmp(name, "afl-g++-fast")) { u8* alt_cxx = getenv("AFL_CXX"); @@ -114,9 +114,15 @@ static void edit_params(u32 argc, char** argv) { cc_params[0] = alt_cc ? alt_cc : (u8*)"gcc"; } + + char* fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path); cc_params[cc_par_cnt++] = fplugin_arg; + /* Detect stray -v calls from ./configure scripts. */ + + if (argc == 1 && !strcmp(argv[1], "-v")) maybe_linking = 0; + while (--argc) { u8* cur = *(++argv); @@ -134,6 +140,8 @@ static void edit_params(u32 argc, char** argv) { if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1; + if (!strcmp(cur, "-shared")) maybe_linking = 0; + cc_params[cc_par_cnt++] = cur; } @@ -151,17 +159,23 @@ static void edit_params(u32 argc, char** argv) { if (getenv("AFL_USE_ASAN")) { - cc_params[cc_par_cnt++] = "-fsanitize=address"; + if (getenv("AFL_USE_MSAN")) FATAL("ASAN and MSAN are mutually exclusive"); + + if (getenv("AFL_HARDEN")) + FATAL("ASAN and AFL_HARDEN are mutually exclusive"); - if (getenv("AFL_USE_MSAN")) - FATAL("ASAN and MSAN are mutually exclusive"); + cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; + cc_params[cc_par_cnt++] = "-fsanitize=address"; } else if (getenv("AFL_USE_MSAN")) { - cc_params[cc_par_cnt++] = "-fsanitize=memory"; + if (getenv("AFL_USE_ASAN")) FATAL("ASAN and MSAN are mutually exclusive"); + + if (getenv("AFL_HARDEN")) + FATAL("MSAN and AFL_HARDEN are mutually exclusive"); - if (getenv("AFL_USE_ASAN")) - FATAL("ASAN and MSAN are mutually exclusive"); + cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; + cc_params[cc_par_cnt++] = "-fsanitize=memory"; } @@ -175,7 +189,13 @@ static void edit_params(u32 argc, char** argv) { } +#ifdef USEMMAP + cc_params[cc_par_cnt++] = "-lrt"; +#endif + cc_params[cc_par_cnt++] = "-D__AFL_HAVE_MANUAL_CONTROL=1"; + cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1"; + cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"; /* When the user tries to use persistent or deferred forkserver modes by appending a single line to the program, we want to reliably inject a @@ -237,15 +257,10 @@ static void edit_params(u32 argc, char** argv) { int main(int argc, char** argv) { - if (isatty(2) && !getenv("AFL_QUIET")) { - - SAYF(cCYA "afl-gcc-fast " cBRI VERSION cRST " initially by , maintainer: hexcoder-\n"); - - } - - if (argc < 2) { + if (argc < 2 || strcmp(argv[1], "-h") == 0) { - SAYF("\n" + printf(cCYA "afl-gcc-fast" VERSION cRST " initially by , maintainer: hexcoder-\n" + "\n" "This is a helper application for afl-fuzz. It serves as a drop-in replacement\n" "for gcc, letting you recompile third-party code with the required runtime\n" "instrumentation. A common use pattern would be one of the following:\n\n" @@ -263,8 +278,11 @@ int main(int argc, char** argv) { exit(1); - } + } else if (isatty(2) && !getenv("AFL_QUIET")) { + SAYF(cCYA "afl-gcc-fast" VERSION cRST " initially by , maintainer: hexcoder-\n"); + + } find_obj(argv[0]); diff --git a/gcc_plugin/afl-gcc-pass.so.cc b/gcc_plugin/afl-gcc-pass.so.cc index f0f5b30b..a44f5a74 100644 --- a/gcc_plugin/afl-gcc-pass.so.cc +++ b/gcc_plugin/afl-gcc-pass.so.cc @@ -416,7 +416,7 @@ public: /* Either we couldn't figure out our location or the location is * not whitelisted, so we skip instrumentation. */ - if (!instrumentBlock) return 0;; + if (!instrumentBlock) return 0; } return do_ext_call ? ext_call_instrument(fun) : inline_instrument(fun); @@ -464,7 +464,7 @@ int plugin_init(struct plugin_name_args *plugin_info, /* Show a banner */ if (isatty(2) && !getenv("AFL_QUIET")) { - SAYF(G_(cCYA "afl-gcc-pass " cBRI VERSION cRST " initially by , maintainer: hexcoder-\n")); + SAYF(G_(cCYA "afl-gcc-pass" VERSION cRST " initially by , maintainer: hexcoder-\n")); } else be_quiet = 1; diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 142d6331..54f9e6e9 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -112,7 +112,7 @@ static void edit_params(u32 argc, char** argv) { if (!name) name = argv[0]; else - name++; + ++name; if (!strcmp(name, "afl-clang-fast++")) { @@ -128,7 +128,7 @@ static void edit_params(u32 argc, char** argv) { /* There are three ways to compile with afl-clang-fast. In the traditional mode, we use afl-llvm-pass.so, then there is libLLVMInsTrim.so which is - much faster but has less coverage. Finally tere is the experimental + much faster but has less coverage. Finally there is the experimental 'trace-pc-guard' mode, we use native LLVM instrumentation callbacks instead. For trace-pc-guard see: http://clang.llvm.org/docs/SanitizerCoverage.html#tracing-pcs-with-guards diff --git a/src/afl-gcc.c b/src/afl-gcc.c index 8982ca97..dd7ba4d6 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -131,7 +131,7 @@ static void edit_params(u32 argc, char** argv) { if (!name) name = argv[0]; else - name++; + ++name; if (!strncmp(name, "afl-clang", 9)) { diff --git a/test/test.sh b/test/test.sh index ab2985fe..1c5cdda6 100755 --- a/test/test.sh +++ b/test/test.sh @@ -200,6 +200,75 @@ test -e ../afl-clang-fast && { rm -f test-persistent } || $ECHO "$YELLOW[-] llvm_mode not compiled, cannot test" +$ECHO "$BLUE[*] Testing: gcc_plugin" +export AFL_CC=`which gcc` +test -e ../afl-gcc-fast && { + ../afl-gcc-fast -o test-instr.plain.gccpi ../test-instr.c > /dev/null 2>&1 + AFL_HARDEN=1 ../afl-gcc-fast -o test-compcov.harden.gccpi test-compcov.c > /dev/null 2>&1 + test -e test-instr.plain.gccpi && { + $ECHO "$GREEN[+] gcc_plugin compilation succeeded" + echo 0 | ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.0 -r -- ./test-instr.plain.gccpi > /dev/null 2>&1 + ../afl-showmap -m ${MEM_LIMIT} -o test-instr.plain.1 -r -- ./test-instr.plain.gccpi < /dev/null > /dev/null 2>&1 + test -e test-instr.plain.0 -a -e test-instr.plain.1 && { + diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { + $ECHO "$RED[!] gcc_plugin instrumentation should be different on different input but is not" + } || $ECHO "$GREEN[+] gcc_plugin instrumentation present and working correctly" + } || $ECHO "$RED[!] gcc_plugin instrumentation failed" + rm -f test-instr.plain.0 test-instr.plain.1 + } || $ECHO "$RED[!] gcc_plugin failed" + + test -e test-compcov.harden.gccpi && { + grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden.gccpi > /dev/null 2>&1 && { + $ECHO "$GREEN[+] gcc_plugin hardened mode succeeded and is working" + } || $ECHO "$RED[!] gcc_plugin hardened mode is not hardened" + rm -f test-compcov.harden.gccpi + } || $ECHO "$RED[!] gcc_plugin hardened mode compilation failed" + # now we want to be sure that afl-fuzz is working + (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + true + }) || + # make sure crash reporter is disabled on Mac OS X + (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { + $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" + true + }) || { + mkdir -p in + echo 0 > in/in + $ECHO "$GREY[*] running afl-fuzz for gcc_plugin, this will take approx 10 seconds" + { + ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-instr.plain.gccpi >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with gcc_plugin" + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with gcc_plugin" + } + rm -rf in out errors + } + rm -f test-instr.plain.gccpi + + # now for the special gcc_plugin things + echo foobar.c > whitelist.txt + AFL_GCC_WHITELIST=whitelist.txt ../afl-gcc-fast -o test-compcov test-compcov.c > /dev/null 2>&1 + test -e test-compcov && { + echo 1 | ../afl-showmap -m ${MEM_LIMIT} -o - -r -- ./test-compcov 2>&1 | grep -q "Captured 1 tuples" && { + $ECHO "$GREEN[+] gcc_plugin whitelist feature works correctly" + } || $ECHO "$RED[!] gcc_plugin whitelist feature failed" + } || $ECHO "$RED[!] gcc_plugin whitelist feature compilation failed" + rm -f test-compcov test.out whitelist.txt + ../afl-gcc-fast -o test-persistent ../experimental/persistent_demo/persistent_demo.c > /dev/null 2>&1 + test -e test-persistent && { + echo foo | ../afl-showmap -o /dev/null -q -r ./test-persistent && { + $ECHO "$GREEN[+] gcc_plugin persistent mode feature works correctly" + } || $ECHO "$RED[!] gcc_plugin persistent mode feature failed to work" + } || $ECHO "$RED[!] gcc_plugin persistent mode feature compilation failed" + rm -f test-persistent +} || $ECHO "$YELLOW[-] gcc_plugin not compiled, cannot test" + $ECHO "$BLUE[*] Testing: shared library extensions" gcc -o test-compcov test-compcov.c > /dev/null 2>&1 test -e ../libtokencap.so && { -- cgit 1.4.1 From d0bbef74ef4ecdf41f7b88b77ff833b563d78450 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sun, 20 Oct 2019 02:35:06 +0200 Subject: loading dynamical libraries on Darwin/MacOSX is done with DYLD_INSERT_LIBRARIES --- test/test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 1c5cdda6..d1be014f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -281,7 +281,8 @@ test -e ../libtokencap.so && { test -e ../libdislocator.so && { { ulimit -c 1 - LD_PRELOAD=../libdislocator.so ./test-compcov BUFFEROVERFLOW > test.out 2> /dev/null + # DYLD_INSERT_LIBRARIES is used on Darwin/MacOSX + LD_PRELOAD=../libdislocator.so DYLD_INSERT_LIBRARIES=../libdislocator.so ./test-compcov BUFFEROVERFLOW > test.out 2> /dev/null } > /dev/null 2>&1 grep -q BUFFEROVERFLOW test.out > /dev/null 2>&1 && { $ECHO "$RED[!] libdislocator did not detect the memory corruption" -- cgit 1.4.1 From b9bc81544a438868529fbe040f4734256dce7a1d Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Wed, 23 Oct 2019 14:53:05 +0200 Subject: debugged and fixed libdislocator malfunction on MacOSX --- libdislocator/libdislocator.so.c | 4 ++-- test/test.sh | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/libdislocator/libdislocator.so.c b/libdislocator/libdislocator.so.c index f3f02c8b..7f44071a 100644 --- a/libdislocator/libdislocator.so.c +++ b/libdislocator/libdislocator.so.c @@ -88,7 +88,7 @@ static u8 alloc_verbose, /* Additional debug messages */ hard_fail, /* abort() when max_mem exceeded? */ no_calloc_over; /* abort() on calloc() overflows? */ -#ifdef __OpenBSD__ +#if defined __OpenBSD__ || defined __APPLE__ #define __thread #warning no thread support available #endif @@ -121,7 +121,7 @@ static void* __dislocator_alloc(size_t len) { ret = mmap(NULL, (1 + PG_COUNT(len + 8)) * PAGE_SIZE, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); - if (ret == (void*)-1) { + if (ret == MAP_FAILED) { if (hard_fail) FATAL("mmap() failed on alloc (OOM?)"); diff --git a/test/test.sh b/test/test.sh index d1be014f..598fb502 100755 --- a/test/test.sh +++ b/test/test.sh @@ -281,8 +281,8 @@ test -e ../libtokencap.so && { test -e ../libdislocator.so && { { ulimit -c 1 - # DYLD_INSERT_LIBRARIES is used on Darwin/MacOSX - LD_PRELOAD=../libdislocator.so DYLD_INSERT_LIBRARIES=../libdislocator.so ./test-compcov BUFFEROVERFLOW > test.out 2> /dev/null + # DYLD_INSERT_LIBRARIES and DYLD_FORCE_FLAT_NAMESPACE is used on Darwin/MacOSX + LD_PRELOAD=../libdislocator.so DYLD_INSERT_LIBRARIES=../libdislocator.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov BUFFEROVERFLOW > test.out 2> /dev/null } > /dev/null 2>&1 grep -q BUFFEROVERFLOW test.out > /dev/null 2>&1 && { $ECHO "$RED[!] libdislocator did not detect the memory corruption" -- cgit 1.4.1 From 39b7f488705a7e242b7a54695ca8e03fb2e73d81 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 23 Oct 2019 17:01:05 +0200 Subject: performance doc enhancements --- docs/perf_tips.txt | 8 ++++++++ test/test-performance.sh | 7 ++++++- test/test.sh | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/docs/perf_tips.txt b/docs/perf_tips.txt index 215895b6..2fa19234 100644 --- a/docs/perf_tips.txt +++ b/docs/perf_tips.txt @@ -50,6 +50,9 @@ Even if you don't have a lightweight harness for a particular target, remember that you can always use another, related library to generate a corpus that will be then manually fed to a more resource-hungry program later on. +Also note that reading the fuzzing input via stdin is faster than reading from +a file. + 3) Use LLVM instrumentation --------------------------- @@ -161,6 +164,11 @@ and not waste CPU time. There are several OS-level factors that may affect fuzzing speed: + - If you have no risk of power loss then run your fuzzing on a tmpfs + partition. This increases the performance noticably. + Alternatively you can use AFL_TMPDIR to point to a tmpfs location to + just write the input file to a tmpfs. + - High system load. Use idle machines where possible. Kill any non-essential CPU hogs (idle browser windows, media players, complex screensavers, etc). diff --git a/test/test-performance.sh b/test/test-performance.sh index 198b58c4..87eea665 100755 --- a/test/test-performance.sh +++ b/test/test-performance.sh @@ -1,6 +1,10 @@ #!/bin/bash -FILE=~/.afl_performance +# if you want a specific performance file (e.g. to compare features to another) +# you can set the AFL_PERFORMANCE_FILE environment variable: +FILE=$AFL_PERFORMANCE_FILE +# otherwise we use ~/.afl_performance +test -z "$FILE" && FILE=~/.afl_performance test -e $FILE || { echo Warning: This script measure the performance of afl++ and saves the result for future comparisons into $FILE @@ -17,6 +21,7 @@ unset AFL_USE_ASAN unset AFL_USE_MSAN unset AFL_CC unset AFL_PRELOAD +unset AFL_GCC_WHITELIST unset AFL_LLVM_WHITELIST unset AFL_LLVM_INSTRIM unset AFL_LLVM_LAF_SPLIT_SWITCHES diff --git a/test/test.sh b/test/test.sh index 598fb502..da0590ef 100755 --- a/test/test.sh +++ b/test/test.sh @@ -33,6 +33,7 @@ unset AFL_USE_ASAN unset AFL_USE_MSAN unset AFL_CC unset AFL_PRELOAD +unset AFL_GCC_WHITELIST unset AFL_LLVM_WHITELIST unset AFL_LLVM_INSTRIM unset AFL_LLVM_LAF_SPLIT_SWITCHES -- cgit 1.4.1 From cb7ada2e78333c3d53928adf0575cf04be8bb907 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Thu, 24 Oct 2019 22:32:37 +0200 Subject: fix libtokencap test for Darwin --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index da0590ef..e4a5eb63 100755 --- a/test/test.sh +++ b/test/test.sh @@ -273,7 +273,7 @@ test -e ../afl-gcc-fast && { $ECHO "$BLUE[*] Testing: shared library extensions" gcc -o test-compcov test-compcov.c > /dev/null 2>&1 test -e ../libtokencap.so && { - AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so ./test-compcov foobar > /dev/null 2>&1 + AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1 grep -q BUGMENOT token.out > /dev/null 2>&1 && { $ECHO "$GREEN[+] libtokencap did successfully capture tokens" } || $ECHO "$RED[!] libtokencap did not capture tokens" -- cgit 1.4.1 From b0036759fa991f5c940e40ad4b313fbe3504f6f8 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 25 Oct 2019 01:22:20 +0200 Subject: portability fix: use cc instead of gcc for test-compcov --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index e4a5eb63..42ddf70b 100755 --- a/test/test.sh +++ b/test/test.sh @@ -271,7 +271,7 @@ test -e ../afl-gcc-fast && { } || $ECHO "$YELLOW[-] gcc_plugin not compiled, cannot test" $ECHO "$BLUE[*] Testing: shared library extensions" -gcc -o test-compcov test-compcov.c > /dev/null 2>&1 +cc -o test-compcov test-compcov.c > /dev/null 2>&1 test -e ../libtokencap.so && { AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1 grep -q BUGMENOT token.out > /dev/null 2>&1 && { -- cgit 1.4.1 From ae990ce8dcf3074d770d2595a98d4c7706959dff Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 11:38:01 +0100 Subject: travis updates --- .travis.yml | 4 ---- test/test.sh | 7 ++++--- 2 files changed, 4 insertions(+), 7 deletions(-) (limited to 'test') diff --git a/.travis.yml b/.travis.yml index d8f12483..f1d74952 100644 --- a/.travis.yml +++ b/.travis.yml @@ -11,11 +11,7 @@ before_install: - sudo apt update - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev -# TODO: Look into splitting off some builds using a build matrix. -# TODO: Move this all into a bash script so we don't need to write bash in yaml. script: - make distrib - - ./afl-system-config - - sudo echo core > /proc/sys/kernel/core_pattern - make tests - make clean diff --git a/test/test.sh b/test/test.sh index 42ddf70b..e75d9fc7 100755 --- a/test/test.sh +++ b/test/test.sh @@ -26,6 +26,7 @@ test -z "$ECHO" && { printf Error: printf command does not support octal charact export AFL_EXIT_WHEN_DONE=1 export AFL_SKIP_CPUFREQ=1 +export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 unset AFL_QUIET unset AFL_DEBUG unset AFL_HARDEN @@ -87,7 +88,7 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X @@ -143,7 +144,7 @@ test -e ../afl-clang-fast && { } || $ECHO "$RED[!] llvm_mode hardened mode compilation failed" # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X @@ -226,7 +227,7 @@ test -e ../afl-gcc-fast && { } || $ECHO "$RED[!] gcc_plugin hardened mode compilation failed" # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$RED[!] we cannot run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" + $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || # make sure crash reporter is disabled on Mac OS X -- cgit 1.4.1 From 744910ad1b458e5e713fd4bd0c383cc019ab2c6e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 12:43:51 +0100 Subject: travis update --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index e75d9fc7..02eea821 100755 --- a/test/test.sh +++ b/test/test.sh @@ -377,7 +377,7 @@ test -d ../unicorn_mode/unicorn && { echo 0 > in/in $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" { - ../afl-fuzz -V20 -U -i in -o out -d -- python ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V20 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" @@ -392,7 +392,7 @@ test -d ../unicorn_mode/unicorn && { $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V25 -U -i in -o out -d -- python ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit 1.4.1 From e8d0ffa8b474532c0364128f42a76f5ed9578dfe Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 31 Oct 2019 12:56:59 +0100 Subject: travis update --- test/test.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 02eea821..2d5c5e39 100755 --- a/test/test.sh +++ b/test/test.sh @@ -373,11 +373,15 @@ $ECHO "$BLUE[*] Testing: unicorn_mode" test -d ../unicorn_mode/unicorn && { test -e ../unicorn_mode/samples/simple/simple_target.bin -a -e ../unicorn_mode/samples/compcov_x64/compcov_target.bin && { { + # travis workaround + PY=`which python2.7` + test "$PY" = "/opt/pyenv/shims/python2.7" -a -x /usr/bin/python2.7 && PY=/usr/bin/python2.7 mkdir -p in echo 0 > in/in + $ECHO "$GREY[*] Using python binary $PY" $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" { - ../afl-fuzz -V20 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V20 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" @@ -392,7 +396,7 @@ test -d ../unicorn_mode/unicorn && { $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V25 -U -i in -o out -d -- python2.7 ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit 1.4.1 From 1c7b6a5e0590b4a34819fec3cdfe430d32b041d5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 4 Nov 2019 13:10:52 +0100 Subject: travis --- .travis.yml | 3 +- dictionaries/regexp.dict | 244 +++++++++++++++++++++++++++++++++++++++++++++++ docs/ChangeLog | 1 + test/test.sh | 162 ++++++++++++++++++++++++------- 4 files changed, 376 insertions(+), 34 deletions(-) create mode 100644 dictionaries/regexp.dict (limited to 'test') diff --git a/.travis.yml b/.travis.yml index 87b3ef04..00d58853 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,8 +9,7 @@ env: before_install: - sudo apt update - - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-8 gcc-8-plugin-dev libc++-8-dev -# libc++-7-dev + - sudo apt install -y libtool libtool-bin automake bison libglib2.0 build-essential clang gcc-7 gcc-7-plugin-dev libc++-7-dev script: - gcc -v diff --git a/dictionaries/regexp.dict b/dictionaries/regexp.dict new file mode 100644 index 00000000..957d18e2 --- /dev/null +++ b/dictionaries/regexp.dict @@ -0,0 +1,244 @@ +# +# AFL dictionary for JS regex +# --------------------------- +# +# Contains various regular expressions. +# +# Created by Yang Guo +# +# Contributed by Dhiraj Mishra +# +"?" +"abc" +"()" +"[]" +"abc|def" +"abc|def|ghi" +"^xxx$" +"ab\\b\\d\\bcd" +"\\w|\\d" +"a*?" +"abc+" +"abc+?" +"xyz?" +"xyz??" +"xyz{0,1}" +"xyz{0,1}?" +"xyz{93}" +"xyz{1,32}" +"xyz{1,32}?" +"xyz{1,}" +"xyz{1,}?" +"a\\fb\\nc\\rd\\te\\vf" +"a\\nb\\bc" +"/^\d*\./" +"(?:foo)" +"(?: foo )" +"foo|(bar|baz)|quux" +"foo(?=bar)baz" +"foo(?!bar)baz" +"foo(?<=bar)baz" +"foo(?)" +"(?.)" +"(?.)\\k" +"\\p{Script=Greek}" +"\\P{sc=Greek}" +"\\p{Script_Extensions=Greek}" +"\\P{scx=Greek}" +"\\p{General_Category=Decimal_Number}" +"\\P{gc=Decimal_Number}" +"\\p{gc=Nd}" +"\\P{Decimal_Number}" +"\\p{Nd}" +"\\P{Any}" +"\\p{Changes_When_NFKC_Casefolded}" diff --git a/docs/ChangeLog b/docs/ChangeLog index 4c51502b..3a5961ad 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -23,6 +23,7 @@ Version ++2.58d (dev): - llvm_mode: float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS - libtokencap: support for *BSD/OSX added - libcompcov floating point splitting support for qemu and unicorn + - ripped regex.dictionary from Google afl PR - removed unnecessary warnings diff --git a/test/test.sh b/test/test.sh index 2d5c5e39..f954776f 100755 --- a/test/test.sh +++ b/test/test.sh @@ -24,6 +24,8 @@ $ECHO \\101 2>&1 | grep -qE '^A' || { } test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; } +CODE=0 + export AFL_EXIT_WHEN_DONE=1 export AFL_SKIP_CPUFREQ=1 export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 @@ -75,16 +77,26 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { test -e test-instr.plain.0 -a -e test-instr.plain.1 && { diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { $ECHO "$RED[!] ${AFL_GCC} instrumentation should be different on different input but is not" + CODE=1 } || $ECHO "$GREEN[+] ${AFL_GCC} instrumentation present and working correctly" - } || $ECHO "$RED[!] ${AFL_GCC} instrumentation failed" + } || { + $ECHO "$RED[!] ${AFL_GCC} instrumentation failed" + CODE=1 + } rm -f test-instr.plain.0 test-instr.plain.1 } || $ECHO "$RED[!] ${AFL_GCC} failed" test -e test-compcov.harden && { grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden > /dev/null 2>&1 && { $ECHO "$GREEN[+] ${AFL_GCC} hardened mode succeeded and is working" - } || $ECHO "$RED[!] ${AFL_GCC} hardened mode is not hardened" + } || { + $ECHO "$RED[!] ${AFL_GCC} hardened mode is not hardened" + CODE=1 + } rm -f test-compcov.harden - } || $ECHO "$RED[!] ${AFL_GCC} hardened mode compilation failed" + } || { + $ECHO "$RED[!] ${AFL_GCC} hardened mode compilation failed" + CODE=1 + } # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { @@ -109,6 +121,7 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with ${AFL_GCC}" + CODE=1 } rm -rf in out errors } @@ -132,16 +145,29 @@ test -e ../afl-clang-fast && { test -e test-instr.plain.0 -a -e test-instr.plain.1 && { diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { $ECHO "$RED[!] llvm_mode instrumentation should be different on different input but is not" + CODE=1 } || $ECHO "$GREEN[+] llvm_mode instrumentation present and working correctly" - } || $ECHO "$RED[!] llvm_mode instrumentation failed" + } || { + $ECHO "$RED[!] llvm_mode instrumentation failed" + CODE=1 + } rm -f test-instr.plain.0 test-instr.plain.1 - } || $ECHO "$RED[!] llvm_mode failed" + } || { + $ECHO "$RED[!] llvm_mode failed" + CODE=1 + } test -e test-compcov.harden && { grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden > /dev/null 2>&1 && { $ECHO "$GREEN[+] llvm_mode hardened mode succeeded and is working" - } || $ECHO "$RED[!] llvm_mode hardened mode is not hardened" + } || { + $ECHO "$RED[!] llvm_mode hardened mode is not hardened" + CODE=1 + } rm -f test-compcov.harden - } || $ECHO "$RED[!] llvm_mode hardened mode compilation failed" + } || { + $ECHO "$RED[!] llvm_mode hardened mode compilation failed" + CODE=1 + } # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" @@ -150,6 +176,7 @@ test -e ../afl-clang-fast && { # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" + CODE=1 true }) || { mkdir -p in @@ -165,6 +192,7 @@ test -e ../afl-clang-fast && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with llvm_mode" + CODE=1 } rm -rf in out errors } @@ -175,30 +203,54 @@ test -e ../afl-clang-fast && { test -e test-compcov.instrim && { grep -Eq " [1-3] location" test.out && { $ECHO "$GREEN[+] llvm_mode InsTrim feature works correctly" - } || $ECHO "$RED[!] llvm_mode InsTrim feature failed" - } || $ECHO "$RED[!] llvm_mode InsTrim feature compilation failed" + } || { + $ECHO "$RED[!] llvm_mode InsTrim feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode InsTrim feature compilation failed" + CODE=1 + } rm -f test-compcov.instrim test.out AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > /dev/null 2> test.out test -e test-compcov.compcov && { grep -Eq " [3-9][0-9] location" test.out && { $ECHO "$GREEN[+] llvm_mode laf-intel/compcov feature works correctly" - } || $ECHO "$RED[!] llvm_mode laf-intel/compcov feature failed" - } || $ECHO "$RED[!] llvm_mode laf-intel/compcov feature compilation failed" + } || { + $ECHO "$RED[!] llvm_mode laf-intel/compcov feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode laf-intel/compcov feature compilation failed" + CODE=1 + } rm -f test-compcov.compcov test.out echo foobar.c > whitelist.txt AFL_LLVM_WHITELIST=whitelist.txt ../afl-clang-fast -o test-compcov test-compcov.c > test.out 2>&1 test -e test-compcov && { grep -q "No instrumentation targets found" test.out && { $ECHO "$GREEN[+] llvm_mode whitelist feature works correctly" - } || $ECHO "$RED[!] llvm_mode whitelist feature failed" - } || $ECHO "$RED[!] llvm_mode whitelist feature compilation failed" + } || { + $ECHO "$RED[!] llvm_mode whitelist feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode whitelist feature compilation failed" + CODE=1 + } rm -f test-compcov test.out whitelist.txt ../afl-clang-fast -o test-persistent ../experimental/persistent_demo/persistent_demo.c > /dev/null 2>&1 test -e test-persistent && { echo foo | ../afl-showmap -o /dev/null -q -r ./test-persistent && { $ECHO "$GREEN[+] llvm_mode persistent mode feature works correctly" - } || $ECHO "$RED[!] llvm_mode persistent mode feature failed to work" - } || $ECHO "$RED[!] llvm_mode persistent mode feature compilation failed" + } || { + $ECHO "$RED[!] llvm_mode persistent mode feature failed to work" + CODE=1 + } + } || { + $ECHO "$RED[!] llvm_mode persistent mode feature compilation failed" + CODE=1 + } rm -f test-persistent } || $ECHO "$YELLOW[-] llvm_mode not compiled, cannot test" @@ -214,17 +266,32 @@ test -e ../afl-gcc-fast && { test -e test-instr.plain.0 -a -e test-instr.plain.1 && { diff -q test-instr.plain.0 test-instr.plain.1 > /dev/null 2>&1 && { $ECHO "$RED[!] gcc_plugin instrumentation should be different on different input but is not" - } || $ECHO "$GREEN[+] gcc_plugin instrumentation present and working correctly" - } || $ECHO "$RED[!] gcc_plugin instrumentation failed" + CODE=1 + } || { + $ECHO "$GREEN[+] gcc_plugin instrumentation present and working correctly" + } + } || { + $ECHO "$RED[!] gcc_plugin instrumentation failed" + CODE=1 + } rm -f test-instr.plain.0 test-instr.plain.1 - } || $ECHO "$RED[!] gcc_plugin failed" + } || { + $ECHO "$RED[!] gcc_plugin failed" + CODE=1 + } test -e test-compcov.harden.gccpi && { grep -Eqa 'stack_chk_fail|fstack-protector-all|fortified' test-compcov.harden.gccpi > /dev/null 2>&1 && { $ECHO "$GREEN[+] gcc_plugin hardened mode succeeded and is working" - } || $ECHO "$RED[!] gcc_plugin hardened mode is not hardened" + } || { + $ECHO "$RED[!] gcc_plugin hardened mode is not hardened" + CODE=1 + } rm -f test-compcov.harden.gccpi - } || $ECHO "$RED[!] gcc_plugin hardened mode compilation failed" + } || { + $ECHO "$RED[!] gcc_plugin hardened mode compilation failed" + CODE=1 + } # now we want to be sure that afl-fuzz is working (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" @@ -233,6 +300,7 @@ test -e ../afl-gcc-fast && { # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" + CODE=1 true }) || { mkdir -p in @@ -248,6 +316,7 @@ test -e ../afl-gcc-fast && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with gcc_plugin" + CODE=1 } rm -rf in out errors } @@ -259,15 +328,27 @@ test -e ../afl-gcc-fast && { test -e test-compcov && { echo 1 | ../afl-showmap -m ${MEM_LIMIT} -o - -r -- ./test-compcov 2>&1 | grep -q "Captured 1 tuples" && { $ECHO "$GREEN[+] gcc_plugin whitelist feature works correctly" - } || $ECHO "$RED[!] gcc_plugin whitelist feature failed" - } || $ECHO "$RED[!] gcc_plugin whitelist feature compilation failed" + } || { + $ECHO "$RED[!] gcc_plugin whitelist feature failed" + CODE=1 + } + } || { + $ECHO "$RED[!] gcc_plugin whitelist feature compilation failed" + CODE=1 + } rm -f test-compcov test.out whitelist.txt ../afl-gcc-fast -o test-persistent ../experimental/persistent_demo/persistent_demo.c > /dev/null 2>&1 test -e test-persistent && { echo foo | ../afl-showmap -o /dev/null -q -r ./test-persistent && { $ECHO "$GREEN[+] gcc_plugin persistent mode feature works correctly" - } || $ECHO "$RED[!] gcc_plugin persistent mode feature failed to work" - } || $ECHO "$RED[!] gcc_plugin persistent mode feature compilation failed" + } || { + $ECHO "$RED[!] gcc_plugin persistent mode feature failed to work" + CODE=1 + } + } || { + $ECHO "$RED[!] gcc_plugin persistent mode feature compilation failed" + CODE=1 + } rm -f test-persistent } || $ECHO "$YELLOW[-] gcc_plugin not compiled, cannot test" @@ -277,7 +358,10 @@ test -e ../libtokencap.so && { AFL_TOKEN_FILE=token.out LD_PRELOAD=../libtokencap.so DYLD_INSERT_LIBRARIES=../libtokencap.so DYLD_FORCE_FLAT_NAMESPACE=1 ./test-compcov foobar > /dev/null 2>&1 grep -q BUGMENOT token.out > /dev/null 2>&1 && { $ECHO "$GREEN[+] libtokencap did successfully capture tokens" - } || $ECHO "$RED[!] libtokencap did not capture tokens" + } || { + $ECHO "$RED[!] libtokencap did not capture tokens" + CODE=1 + } rm -f token.out } || $ECHO "$YELLOW[-] libtokencap is not compiled, cannot test" test -e ../libdislocator.so && { @@ -288,6 +372,7 @@ test -e ../libdislocator.so && { } > /dev/null 2>&1 grep -q BUFFEROVERFLOW test.out > /dev/null 2>&1 && { $ECHO "$RED[!] libdislocator did not detect the memory corruption" + CODE=1 } || $ECHO "$GREEN[+] libdislocator did successfully detect the memory corruption" rm -f test.out core test-compcov.core core.test-compcov } || $ECHO "$YELLOW[-] libdislocator is not compiled, cannot test" @@ -313,6 +398,7 @@ test -e ../afl-qemu-trace && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode" + CODE=1 } rm -f errors @@ -330,6 +416,7 @@ test -e ../afl-qemu-trace && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with qemu_mode libcompcov" + CODE=1 } } || $ECHO "$YELLOW[-] we cannot test qemu_mode libcompcov because it is not present" rm -f errors @@ -359,12 +446,16 @@ test -e ../afl-qemu-trace && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with persistent qemu_mode" + CODE=1 exit 1 } $ECHO "$YELLOW[?] we need a test case for qemu_mode unsigaction library" rm -rf in out errors } - } || $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" + } || { + $ECHO "$RED[-] gcc compilation of test targets failed - what is going on??" + CODE=1 + } rm -f test-instr test-compcov } || $ECHO "$YELLOW[-] qemu_mode is not compiled, cannot test" @@ -379,9 +470,9 @@ test -d ../unicorn_mode/unicorn && { mkdir -p in echo 0 > in/in $ECHO "$GREY[*] Using python binary $PY" - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 20 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode, this will take approx 25 seconds" { - ../afl-fuzz -V20 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V25 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/simple/simple_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000002* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode" @@ -390,13 +481,14 @@ test -d ../unicorn_mode/unicorn && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode" + CODE=1 } rm -f errors - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 25 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V25 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V35 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" @@ -405,12 +497,18 @@ test -d ../unicorn_mode/unicorn && { cat errors echo CUT------------------------------------------------------------------CUT $ECHO "$RED[!] afl-fuzz is not working correctly with unicorn_mode compcov" + CODE=1 } rm -rf in out errors } - } || $ECHO "$RED[-] missing sample binaries in unicorn_mode/samples/ - what is going on??" + } || { + $ECHO "$RED[-] missing sample binaries in unicorn_mode/samples/ - what is going on??" + CODE=1 + } } || $ECHO "$YELLOW[-] unicorn_mode is not compiled, cannot test" $ECHO "$GREY[*] all test cases completed.$RESET" - +test "$CODE" = "0" && $ECHO "$GREEN[+] all tests were successful :-)$RESET" +test "$CODE" = "0" || $ECHO "$RED[-] failure in tests :-($RESET" +exit $CODE -- cgit 1.4.1 From 73cb58726649b860cbea9eef727e90ad14be4b31 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 5 Nov 2019 18:39:16 +0100 Subject: test unicorn && AFL_DISABLE_TRIM env var --- include/afl-fuzz.h | 3 ++- src/afl-fuzz-globals.c | 3 ++- src/afl-fuzz-one.c | 2 +- src/afl-fuzz.c | 3 +++ test/test.sh | 1 + unicorn_mode/samples/compcov_x64/compcov_target.bin | Bin 86 -> 86 bytes unicorn_mode/samples/compcov_x64/compcov_target.c | 4 +--- unicorn_mode/samples/compcov_x64/compcov_target.elf | Bin 5728 -> 5728 bytes 8 files changed, 10 insertions(+), 6 deletions(-) (limited to 'test') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 637c2795..90f3b419 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -315,7 +315,8 @@ extern u8 skip_deterministic, /* Skip deterministic stages? */ deferred_mode, /* Deferred forkserver mode? */ fixed_seed, /* do not reseed */ fast_cal, /* Try to calibrate faster? */ - uses_asan; /* Target uses ASAN? */ + uses_asan, /* Target uses ASAN? */ + disable_trim; /* Never trim in fuzz_one */ extern s32 out_fd, /* Persistent fd for out_file */ #ifndef HAVE_ARC4RANDOM diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index 36ba6e14..06eb06d8 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -122,7 +122,8 @@ u8 skip_deterministic, /* Skip deterministic stages? */ deferred_mode, /* Deferred forkserver mode? */ fixed_seed, /* do not reseed */ fast_cal, /* Try to calibrate faster? */ - uses_asan; /* Target uses ASAN? */ + uses_asan, /* Target uses ASAN? */ + disable_trim; /* Never trim in fuzz_one */ s32 out_fd, /* Persistent fd for out_file */ #ifndef HAVE_ARC4RANDOM diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index bed8d254..8ca219b5 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -449,7 +449,7 @@ u8 fuzz_one_original(char** argv) { * TRIMMING * ************/ - if (!dumb_mode && !queue_cur->trim_done && !custom_mutator) { + if (!dumb_mode && !queue_cur->trim_done && !custom_mutator && !disable_trim) { u8 res = trim_case(argv, queue_cur, in_buf); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 14d7802d..26ed7b61 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -551,6 +551,9 @@ int main(int argc, char** argv) { } + if (getenv("AFL_DISABLE_TRIM")) + disable_trim = 1; + if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI")) FATAL("AFL_NO_UI and AFL_FORCE_UI are mutually exclusive"); diff --git a/test/test.sh b/test/test.sh index f954776f..f086ee50 100755 --- a/test/test.sh +++ b/test/test.sh @@ -485,6 +485,7 @@ test -d ../unicorn_mode/unicorn && { } rm -f errors + echo -e '\xbf' > in/in $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" { export AFL_COMPCOV_LEVEL=2 diff --git a/unicorn_mode/samples/compcov_x64/compcov_target.bin b/unicorn_mode/samples/compcov_x64/compcov_target.bin index 091bf1db..30eada89 100644 Binary files a/unicorn_mode/samples/compcov_x64/compcov_target.bin and b/unicorn_mode/samples/compcov_x64/compcov_target.bin differ diff --git a/unicorn_mode/samples/compcov_x64/compcov_target.c b/unicorn_mode/samples/compcov_x64/compcov_target.c index eb1205b1..f4576261 100644 --- a/unicorn_mode/samples/compcov_x64/compcov_target.c +++ b/unicorn_mode/samples/compcov_x64/compcov_target.c @@ -16,11 +16,9 @@ int main(void) { unsigned int *data_buf = (unsigned int *) DATA_ADDRESS; - if (data_buf[0] == 0xabadcafe) { - // Cause an 'invalid read' crash if data[0..3] == '\x01\x02\x03\x04' + if (((unsigned short*)data_buf)[0] == 0xaabb) { unsigned char invalid_read = *(unsigned char *) 0x00000000; } else if (data_buf[1] == data_buf[2] + 0x4141) { - // Cause an 'invalid read' crash if (0x10 < data[0] < 0x20) and data[1] > data[2] unsigned char invalid_read = *(unsigned char *) 0x00000000; } diff --git a/unicorn_mode/samples/compcov_x64/compcov_target.elf b/unicorn_mode/samples/compcov_x64/compcov_target.elf index 7015fb46..9f90f8d2 100755 Binary files a/unicorn_mode/samples/compcov_x64/compcov_target.elf and b/unicorn_mode/samples/compcov_x64/compcov_target.elf differ -- cgit 1.4.1 From e13fdfb2ce4d3f97c8fa4ef3adfaa93e84835e39 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 5 Nov 2019 18:41:23 +0100 Subject: reduce time for unicorn compcov test --- test/test.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index f086ee50..89310389 100755 --- a/test/test.sh +++ b/test/test.sh @@ -486,10 +486,12 @@ test -d ../unicorn_mode/unicorn && { rm -f errors echo -e '\xbf' > in/in - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" + # This seed is close to the first byte of the comparison. + # If CompCov works, a new tuple will appear in the map => new input in queue + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 15 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V35 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V15 -U -i in -o out -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit 1.4.1 From ed1628173717a91dbb8bd5b0498cb618da6d349c Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 5 Nov 2019 19:48:17 +0100 Subject: mmmm travis doh --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 89310389..a56466c4 100755 --- a/test/test.sh +++ b/test/test.sh @@ -488,10 +488,10 @@ test -d ../unicorn_mode/unicorn && { echo -e '\xbf' > in/in # This seed is close to the first byte of the comparison. # If CompCov works, a new tuple will appear in the map => new input in queue - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 15 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 30 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V15 -U -i in -o out -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V30 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit 1.4.1 From 62d972962938fc84150768bbda448841e6c9d3e7 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 5 Nov 2019 20:06:11 +0100 Subject: travis is drunk --- test/test.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index a56466c4..3b071468 100755 --- a/test/test.sh +++ b/test/test.sh @@ -485,13 +485,13 @@ test -d ../unicorn_mode/unicorn && { } rm -f errors - echo -e '\xbf' > in/in + printf '\xbf' > in/in # This seed is close to the first byte of the comparison. # If CompCov works, a new tuple will appear in the map => new input in queue - $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 30 seconds" + $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" { export AFL_COMPCOV_LEVEL=2 - ../afl-fuzz -V30 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 + ../afl-fuzz -V35 -U -i in -o out -d -- "$PY" ../unicorn_mode/samples/compcov_x64/compcov_test_harness.py @@ >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/queue/id:000001* 2> /dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with unicorn_mode compcov" -- cgit 1.4.1 From db7c990346ea9e24269358bee02d9efcbf5230cb Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 6 Nov 2019 13:41:23 +0100 Subject: even easier test case solving :) --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 3b071468..617401eb 100755 --- a/test/test.sh +++ b/test/test.sh @@ -485,7 +485,7 @@ test -d ../unicorn_mode/unicorn && { } rm -f errors - printf '\xbf' > in/in + printf '\x01\x01' > in/in # This seed is close to the first byte of the comparison. # If CompCov works, a new tuple will appear in the map => new input in queue $ECHO "$GREY[*] running afl-fuzz for unicorn_mode compcov, this will take approx 35 seconds" -- cgit 1.4.1 From 8290bb337451e06e71af2f1a1e3dc241a10b8652 Mon Sep 17 00:00:00 2001 From: David Carlier Date: Fri, 8 Nov 2019 13:46:08 +0000 Subject: test, /sbin not necessarily in the path os casual users. --- test/test.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 617401eb..679a514e 100755 --- a/test/test.sh +++ b/test/test.sh @@ -99,7 +99,7 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { } # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + (test "$(uname -s)" = "Linux" && test "$(/sbin/sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || @@ -169,7 +169,7 @@ test -e ../afl-clang-fast && { CODE=1 } # now we want to be sure that afl-fuzz is working - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + (test "$(uname -s)" = "Linux" && test "$(/sbin/sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || -- cgit 1.4.1 From 58a18ea50bb5e73ce43e73151bdaa893fb7e2e84 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 9 Nov 2019 15:23:16 +0100 Subject: not all sysctl are in /sbin, e.g. with busybox --- test/test.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 679a514e..98482d05 100755 --- a/test/test.sh +++ b/test/test.sh @@ -64,6 +64,8 @@ RESET="\\033[0m" MEM_LIMIT=150 +export PATH=$PATH:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin + $ECHO "${RESET}${GREY}[*] starting afl++ test framework ..." $ECHO "$BLUE[*] Testing: ${AFL_GCC}, afl-showmap and afl-fuzz" @@ -99,7 +101,7 @@ test -e ../${AFL_GCC} -a -e ../afl-showmap -a -e ../afl-fuzz && { } # now we want to be sure that afl-fuzz is working # make sure core_pattern is set to core on linux - (test "$(uname -s)" = "Linux" && test "$(/sbin/sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || -- cgit 1.4.1 From 01d55372441960c435af8f3bd6b61d1302042728 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 9 Nov 2019 16:48:01 +0100 Subject: /sbin in path --- test/test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'test') diff --git a/test/test.sh b/test/test.sh index 98482d05..781313a7 100755 --- a/test/test.sh +++ b/test/test.sh @@ -171,7 +171,7 @@ test -e ../afl-clang-fast && { CODE=1 } # now we want to be sure that afl-fuzz is working - (test "$(uname -s)" = "Linux" && test "$(/sbin/sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { + (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { $ECHO "$YELLOW[!] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" true }) || -- cgit 1.4.1