diff options
| -rw-r--r-- | README.md | 3 | ||||
| -rw-r--r-- | loftix/fuzzing.scm | 26 | ||||
| -rw-r--r-- | patches/aflrun-disable-inst-checks.patch | 13 | ||||
| -rw-r--r-- | patches/aflrun-keep-all-crashes.patch (renamed from patches/afl++-keep-all-crashes.patch) | 15 |
4 files changed, 50 insertions, 7 deletions
diff --git a/README.md b/README.md index 8dbde02..557dbf8 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,7 @@ Then run `guix pull`. ### Fuzzing +- [AFLRun]: multi-target directed [AFL++] with path diversity - [afl-dyninst]: Dyninst integration for AFL++ ### Patching @@ -35,6 +36,8 @@ Then run `guix pull`. - [python-pacfix]: PAC-learning-based program systhesizer [Guix channel]: https://guix.gnu.org/manual/devel/en/html_node/Channels.html +[AFLRun]: https://trong.loang.net/~cnx/afl++/log?h=run +[AFL++]: https://github.com/AFLplusplus/AFLplusplus [afl-dyninst]: https://trong.loang.net/~cnx/afl-dyninst/about [e9patch]: https://github.com/GJDuck/e9patch [python-pacfix]: https://github.com/hsh814/pacfix-python diff --git a/loftix/fuzzing.scm b/loftix/fuzzing.scm index dada485..8ce42d0 100644 --- a/loftix/fuzzing.scm +++ b/loftix/fuzzing.scm @@ -29,6 +29,32 @@ #:use-module ((guix licenses) #:prefix license:) #:use-module (guix packages)) +(define-public aflrun + (let ((commit "2ae8a8631c031ee2b50fb91e11d9b77d8c0147ff") + (revision "0")) + (package + (inherit aflplusplus) + (name "aflrun") + (version (git-version "2024.12.03" revision commit)) + (source + (origin + (method url-fetch) + (uri (string-append + "https://trong.loang.net/~cnx/afl++/snapshot/afl++-" + commit ".tar.gz")) + (sha256 + (base32 + "187j6qyvrmm5jb4v870dl7abp5yaqbl7c2qzk06pyl2x96irakc7")) + (file-name (git-file-name name version)) + (patches (search-patches + "patches/aflrun-keep-all-crashes.patch" + "patches/aflrun-disable-inst-checks.patch")))) + (synopsis "Multi-target directed AFL++ with path diversity") + (description "AFLRun is a fork of AFL++ +for unbiased multiple-target fuxxing with path diversity.") + (home-page "https://trong.loang.net/~cnx/afl++/log?h=run") + (license license:asl2.0)))) + (define-public afl-dyninst (package (name "afl-dyninst") diff --git a/patches/aflrun-disable-inst-checks.patch b/patches/aflrun-disable-inst-checks.patch new file mode 100644 index 0000000..68ea511 --- /dev/null +++ b/patches/aflrun-disable-inst-checks.patch @@ -0,0 +1,13 @@ +diff --git a/GNUmakefile b/GNUmakefile +index 9a2a7ad3d307..9c3b6a1b1f96 100644 +--- a/GNUmakefile ++++ b/GNUmakefile +@@ -325,7 +325,7 @@ ifdef TEST_MMAP + endif + + .PHONY: all +-all: test_x86 test_shm test_python ready $(PROGS) afl-as llvm gcc_plugin test_build all_done ++all: test_x86 test_shm test_python ready $(PROGS) afl-as llvm gcc_plugin + -$(MAKE) -C utils/aflpp_driver + @echo + @echo diff --git a/patches/afl++-keep-all-crashes.patch b/patches/aflrun-keep-all-crashes.patch index f5e0b7a..e3ce8f6 100644 --- a/patches/afl++-keep-all-crashes.patch +++ b/patches/aflrun-keep-all-crashes.patch @@ -1,28 +1,29 @@ diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c -index fd75a822934f..6257403e12a4 100644 +index f05bb7db59d5..de275e374ff1 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c -@@ -523,7 +523,6 @@ u8 __attribute__((hot)) save_if_interesting(afl_state_t *afl, void *mem, - if (likely(!new_bits)) { +@@ -556,7 +556,6 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault, u8 inc) { + if (likely(!new_bits && !new_paths)) { if (unlikely(afl->crash_mode)) { ++afl->total_crashes; } - return 0; } -@@ -804,7 +804,6 @@ u8 __attribute__((hot)) save_if_interesting(afl_state_t *afl, void *mem, +@@ -837,16 +836,12 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault, u8 inc) { ++afl->total_crashes; - if (afl->saved_crashes >= KEEP_UNIQUE_CRASH) { return keeping; } - +- if (likely(!afl->non_instrumented_mode)) { -@@ -816,7 +816,6 @@ u8 __attribute__((hot)) save_if_interesting(afl_state_t *afl, void *mem, + if (!classified) { classify_counts(&afl->fsrv); } simplify_trace(afl, afl->fsrv.trace_bits); - if (!has_new_bits(afl, afl->virgin_crash)) { return keeping; } - +- } + if (unlikely(!afl->saved_crashes) && |