From c05e4efbe9b4e7d1ff078b7a392621f2ca7572e6 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Tue, 1 Dec 2020 14:40:30 +0100
Subject: renamed examples/ to utils/

---
 utils/persistent_mode/test-instr.c | 69 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 utils/persistent_mode/test-instr.c

(limited to 'utils/persistent_mode/test-instr.c')

diff --git a/utils/persistent_mode/test-instr.c b/utils/persistent_mode/test-instr.c
new file mode 100644
index 00000000..a6188b22
--- /dev/null
+++ b/utils/persistent_mode/test-instr.c
@@ -0,0 +1,69 @@
+/*
+   american fuzzy lop++ - a trivial program to test the build
+   --------------------------------------------------------
+   Originally written by Michal Zalewski
+   Copyright 2014 Google Inc. All rights reserved.
+   Copyright 2019-2020 AFLplusplus Project. All rights reserved.
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at:
+     http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+__AFL_FUZZ_INIT();
+
+int main(int argc, char **argv) {
+
+  __AFL_INIT();
+  unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
+
+  while (__AFL_LOOP(2147483647)) {  // MAX_INT if you have 100% stability
+
+    unsigned int len = __AFL_FUZZ_TESTCASE_LEN;
+
+#ifdef _AFL_DOCUMENT_MUTATIONS
+    static unsigned int counter = 0;
+    char                fn[32];
+    sprintf(fn, "%09u:test-instr", counter);
+    int fd_doc = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+    if (fd_doc >= 0) {
+
+      if (write(fd_doc, buf, len) != __afl_fuzz_len) {
+
+        fprintf(stderr, "write of mutation file failed: %s\n", fn);
+        unlink(fn);
+
+      }
+
+      close(fd_doc);
+
+    }
+
+    counter++;
+#endif
+
+    // fprintf(stderr, "len: %u\n", len);
+
+    if (!len) continue;
+
+    if (buf[0] == '0')
+      printf("Looks like a zero to me!\n");
+    else if (buf[0] == '1')
+      printf("Pretty sure that is a one!\n");
+    else
+      printf("Neither one or zero? How quaint!\n");
+
+  }
+
+  return 0;
+
+}
+
-- 
cgit 1.4.1


From 39a4fac941177387578ec856aacea2187588fc13 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Wed, 9 Dec 2020 11:07:14 +0100
Subject: better examples

---
 instrumentation/afl-compiler-rt.o.c         | 8 ++++----
 src/afl-sharedmem.c                         | 8 ++++----
 utils/persistent_mode/persistent_demo.c     | 8 +++++++-
 utils/persistent_mode/persistent_demo_new.c | 8 +++++++-
 utils/persistent_mode/test-instr.c          | 8 +++++++-
 5 files changed, 29 insertions(+), 11 deletions(-)

(limited to 'utils/persistent_mode/test-instr.c')

diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c
index c29861e6..99dcbb67 100644
--- a/instrumentation/afl-compiler-rt.o.c
+++ b/instrumentation/afl-compiler-rt.o.c
@@ -174,8 +174,8 @@ static void __afl_map_shm_fuzz() {
     u8 *map = NULL;
 
 #ifdef USEMMAP
-    const char *   shm_file_path = id_str;
-    int            shm_fd = -1;
+    const char *shm_file_path = id_str;
+    int         shm_fd = -1;
 
     /* create the shared memory segment as if it was a file */
     shm_fd = shm_open(shm_file_path, O_RDWR, 0600);
@@ -414,8 +414,8 @@ static void __afl_map_shm(void) {
   if (id_str) {
 
 #ifdef USEMMAP
-    const char *   shm_file_path = id_str;
-    int            shm_fd = -1;
+    const char *    shm_file_path = id_str;
+    int             shm_fd = -1;
     struct cmp_map *shm_base = NULL;
 
     /* create the shared memory segment as if it was a file */
diff --git a/src/afl-sharedmem.c b/src/afl-sharedmem.c
index cef908e0..3e671df5 100644
--- a/src/afl-sharedmem.c
+++ b/src/afl-sharedmem.c
@@ -252,10 +252,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,
 
     shm_str = alloc_printf("%d", shm->shm_id);
 
-    /* If somebody is asking us to fuzz instrumented binaries in non-instrumented
-       mode, we don't want them to detect instrumentation, since we won't be
-       sending fork server commands. This should be replaced with better
-       auto-detection later on, perhaps? */
+    /* If somebody is asking us to fuzz instrumented binaries in
+       non-instrumented mode, we don't want them to detect instrumentation,
+       since we won't be sending fork server commands. This should be replaced
+       with better auto-detection later on, perhaps? */
 
     setenv(SHM_ENV_VAR, shm_str, 1);
 
diff --git a/utils/persistent_mode/persistent_demo.c b/utils/persistent_mode/persistent_demo.c
index 4cedc32c..f5e43728 100644
--- a/utils/persistent_mode/persistent_demo.c
+++ b/utils/persistent_mode/persistent_demo.c
@@ -27,9 +27,15 @@
 #include <unistd.h>
 #include <signal.h>
 #include <string.h>
+#include <limits.h>
 
 /* Main entry point. */
 
+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {
 
   ssize_t len;                               /* how much input did we read? */
@@ -42,7 +48,7 @@ int main(int argc, char **argv) {
      and similar hiccups. */
 
   __AFL_INIT();
-  while (__AFL_LOOP(1000)) {
+  while (__AFL_LOOP(UINT_MAX)) {
 
     /*** PLACEHOLDER CODE ***/
 
diff --git a/utils/persistent_mode/persistent_demo_new.c b/utils/persistent_mode/persistent_demo_new.c
index 0d24a51e..7e694696 100644
--- a/utils/persistent_mode/persistent_demo_new.c
+++ b/utils/persistent_mode/persistent_demo_new.c
@@ -27,6 +27,7 @@
 #include <unistd.h>
 #include <signal.h>
 #include <string.h>
+#include <limits.h>
 
 /* this lets the source compile without afl-clang-fast/lto */
 #ifndef __AFL_FUZZ_TESTCASE_LEN
@@ -47,6 +48,11 @@ __AFL_FUZZ_INIT();
 
 /* Main entry point. */
 
+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {
 
   ssize_t        len;                        /* how much input did we read? */
@@ -60,7 +66,7 @@ int main(int argc, char **argv) {
   __AFL_INIT();
   buf = __AFL_FUZZ_TESTCASE_BUF;  // this must be assigned before __AFL_LOOP!
 
-  while (__AFL_LOOP(1000)) {  // increase if you have good stability
+  while (__AFL_LOOP(UINT_MAX)) {  // increase if you have good stability
 
     len = __AFL_FUZZ_TESTCASE_LEN;  // do not use the macro directly in a call!
 
diff --git a/utils/persistent_mode/test-instr.c b/utils/persistent_mode/test-instr.c
index a6188b22..6da511de 100644
--- a/utils/persistent_mode/test-instr.c
+++ b/utils/persistent_mode/test-instr.c
@@ -17,15 +17,21 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <limits.h>
 
 __AFL_FUZZ_INIT();
 
+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {
 
   __AFL_INIT();
   unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
 
-  while (__AFL_LOOP(2147483647)) {  // MAX_INT if you have 100% stability
+  while (__AFL_LOOP(UINT_MAX)) {  // if you have 100% stability
 
     unsigned int len = __AFL_FUZZ_TESTCASE_LEN;
 
-- 
cgit 1.4.1