diff options
| author | van Hauser <vh@thc.org> | 2022-10-07 15:40:04 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-07 15:40:04 +0200 |
| commit | 2107ece114e66952f16d2dbc888d46a1061e6faf (patch) | |
| tree | 7e01902d97cc9dec5ad70c70c0a3722ae5c2df23 /instrumentation | |
| parent | 5e04c9693b19038871f3aa93544cac187785bc1a (diff) | |
| download | AFLplusplus-2107ece114e66952f16d2dbc888d46a1061e6faf.tar.gz | |
auto shmem fuzzing (#1541)
* auto shmem fuzzing
* print warning when forcing shmem fuzzing
* typos
* Shmem always
* typo fix
* fixes
Co-authored-by: Dominik Maier <dmnk@google.com>
Diffstat (limited to 'instrumentation')
| -rw-r--r-- | instrumentation/afl-compiler-rt.o.c | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 194d49b0..20069824 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -97,6 +97,7 @@ u8 *__afl_dictionary; u8 *__afl_fuzz_ptr; static u32 __afl_fuzz_len_dummy; u32 *__afl_fuzz_len = &__afl_fuzz_len_dummy; +int __afl_sharedmem_fuzzing __attribute__((weak)); u32 __afl_final_loc; u32 __afl_map_size = MAP_SIZE; @@ -119,8 +120,6 @@ __thread PREV_LOC_T __afl_prev_caller[CTX_MAX_K]; __thread u32 __afl_prev_ctx; #endif -int __afl_sharedmem_fuzzing __attribute__((weak)); - struct cmp_map *__afl_cmp_map; struct cmp_map *__afl_cmp_map_backup; @@ -347,6 +346,22 @@ static void __afl_map_shm(void) { } + if (__afl_sharedmem_fuzzing && (!id_str || !getenv(SHM_FUZZ_ENV_VAR) || + fcntl(FORKSRV_FD, F_GETFD) == -1 || + fcntl(FORKSRV_FD + 1, F_GETFD) == -1)) { + + if (__afl_debug) { + + fprintf(stderr, + "DEBUG: running not inside afl-fuzz, disabling shared memory " + "testcases\n"); + + } + + __afl_sharedmem_fuzzing = 0; + + } + if (!id_str) { u32 val = 0; @@ -543,7 +558,7 @@ static void __afl_map_shm(void) { if (!__afl_area_ptr_dummy) { fprintf(stderr, - "Error: AFL++ could not aquire %u bytes of memory, exiting!\n", + "Error: AFL++ could not acquire %u bytes of memory, exiting!\n", __afl_final_loc); exit(-1); @@ -757,10 +772,10 @@ static void __afl_start_snapshots(void) { assume we're not running in forkserver mode and just execute program. */ status |= (FS_OPT_ENABLED | FS_OPT_SNAPSHOT | FS_OPT_NEWCMPLOG); - if (__afl_sharedmem_fuzzing != 0) status |= FS_OPT_SHDMEM_FUZZ; + if (__afl_sharedmem_fuzzing) { status |= FS_OPT_SHDMEM_FUZZ; } if (__afl_map_size <= FS_OPT_MAX_MAPSIZE) status |= (FS_OPT_SET_MAPSIZE(__afl_map_size) | FS_OPT_MAPSIZE); - if (__afl_dictionary_len && __afl_dictionary) status |= FS_OPT_AUTODICT; + if (__afl_dictionary_len && __afl_dictionary) { status |= FS_OPT_AUTODICT; } memcpy(tmp, &status, 4); if (write(FORKSRV_FD + 1, tmp, 4) != 4) { return; } @@ -1021,7 +1036,7 @@ static void __afl_start_forkserver(void) { } - if (__afl_sharedmem_fuzzing != 0) { status_for_fsrv |= FS_OPT_SHDMEM_FUZZ; } + if (__afl_sharedmem_fuzzing) { status_for_fsrv |= FS_OPT_SHDMEM_FUZZ; } if (status_for_fsrv) { status_for_fsrv |= (FS_OPT_ENABLED | FS_OPT_NEWCMPLOG); |