2.22b

legend-issue · Aug 3, 2016 · 2e8d756 · 2e8d756
1 parent 68cbbaf
commit 2e8d756
Show file tree

Hide file tree

Showing 11 changed files with 59 additions and 15 deletions.
diff --git a/afl-analyze.c b/afl-analyze.c
@@ -244,6 +244,9 @@ static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) {
   s32 prog_in_fd;
   u32 cksum;
 
+  if (getenv("AFL_LD_PRELOAD"))
+    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
+
   memset(trace_bits, 0, MAP_SIZE);
   MEM_BARRIER();
 

diff --git a/afl-fuzz.c b/afl-fuzz.c
@@ -2585,12 +2585,17 @@ static u8 calibrate_case(char** argv, struct queue_entry* q, u8* use_mem,
 
         u32 i;
 
-        for (i = 0; i < MAP_SIZE; i++) 
+        for (i = 0; i < MAP_SIZE; i++) {
+
           if (!var_bytes[i] && first_trace[i] != trace_bits[i]) {
+
             var_bytes[i] = 1;
             stage_max    = CAL_CYCLES_LONG;
+
           }
 
+        }
+
         var_detected = 1;
 
       } else {
@@ -7639,12 +7644,7 @@ int main(int argc, char** argv) {
         out_dir = optarg;
         break;
 
-      case 'M': /* master sync ID */
-
-        force_deterministic = 1;
-        /* Fall through */
-
-      case 'S': { /* secondary sync ID */
+      case 'M': { /* master sync ID */
 
           u8* c;
 
@@ -7661,10 +7661,18 @@ int main(int argc, char** argv) {
 
           }
 
+          force_deterministic = 1;
+
         }
 
         break;
 
+      case 'S': 
+
+        if (sync_id) FATAL("Multiple -S or -M options not supported");
+        sync_id = optarg;
+        break;
+
       case 'f': /* target file */
 
         if (out_file) FATAL("Multiple -f options not supported");

diff --git a/afl-showmap.c b/afl-showmap.c
@@ -215,6 +215,9 @@ static void run_target(char** argv) {
   static struct itimerval it;
   int status = 0;
 
+  if (getenv("AFL_LD_PRELOAD"))
+    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
+
   if (!quiet_mode)
     SAYF("-- Program output begins --\n" cRST);
 

diff --git a/afl-tmin.c b/afl-tmin.c
@@ -237,6 +237,9 @@ static u8 run_target(char** argv, u8* mem, u32 len, u8 first_run) {
   s32 prog_in_fd;
   u32 cksum;
 
+  if (getenv("AFL_LD_PRELOAD"))
+    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
+
   memset(trace_bits, 0, MAP_SIZE);
   MEM_BARRIER();
 

diff --git a/config.h b/config.h
@@ -21,7 +21,7 @@
 
 /* Version string: */
 
-#define VERSION             "2.21b"
+#define VERSION             "2.22b"
 
 /******************************************************
  *                                                    *

diff --git a/docs/ChangeLog b/docs/ChangeLog
@@ -13,9 +13,22 @@ Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <[email protected]>.
 
 Not sure if you should upgrade? The lowest currently recommended version
-is 2.18b. If you're stuck on an earlier release, it's strongly advisable
+is 2.21b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 2.22b:
+--------------
+
+  - Mentioned the potential conflicts between MSAN / ASAN and FORTIFY_SOURCE.
+    There is no automated check for this, since some distros may implicitly
+    set FORTIFY_SOURCE outside of the compiler's argv[].
+
+  - Populated the support for AFL_LD_PRELOAD to all companion tools.
+
+  - Made a change to the handling of ./afl-clang-fast -v. Spotted by
+    Jan Kneschke.
+
 --------------
 Version 2.21b:
 --------------

diff --git a/docs/README b/docs/README
@@ -464,7 +464,7 @@ bug reports, or patches from:
   Daniel Godas-Lopez                    Franjo Ivancic
   Austin Seipp                          Daniel Komaromy
   Daniel Binderman                      Jonathan Metzman
-  Vegard Nossum
+  Vegard Nossum                         Jan Kneschke
 
 Thank you!
 

diff --git a/docs/env_variables.txt b/docs/env_variables.txt
@@ -146,7 +146,7 @@ checks or alter some of the more exotic semantics of the tool:
 
   - Benchmarking only: AFL_BENCH_JUST_ONE causes the fuzzer to exit after
     processing the first queue entry; and AFL_BENCH_UNTIL_CRASH causes it to
-    exit when first crash is found.
+    exit soon after the first crash is found.
 
 4) Settings for afl-qemu-trace
 ------------------------------
@@ -214,5 +214,6 @@ optimal values if not already present in the environment:
     msan_track_origins=0
     allocator_may_return_null=1
 
-    Be sure to include the first one when customizing anything, since MSAN
-    doesn't call abort() on error, and we need a way to detect faults.
+    Be sure to include the first one when customizing anything, since some
+    MSAN versions don't call abort() on error, and we need a way to detect
+    faults.
diff --git a/docs/notes_for_asan.txt b/docs/notes_for_asan.txt
@@ -31,6 +31,11 @@ Note that ASAN is incompatible with -static, so be mindful of that.
 
 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.)
 
+Note that both ASAN and MSAN are incompatible with -D_FORTIFY_SOURCE (enabled
+by default in some distros) and with AFL_HARDEN. Attempting to combine these
+settings can lead to false negatives in ASAN and false positives in MSAN. This
+is not AFL-specific.
+
 There is also the option of generating a corpus using a non-ASAN binary, and
 then feeding it to an ASAN-instrumented one to check for bugs. This is faster,
 and can give you somewhat comparable results.

diff --git a/docs/status_screen.txt b/docs/status_screen.txt
@@ -333,6 +333,10 @@ there are several things to look at:
     - Replace pthreads with GNU Pth (https://www.gnu.org/software/pth/), which
       allows you to use a deterministic scheduler.
 
+  - In persistent mode, the code within __AFL_LOOP() not working correctly on
+    subsequent iterations (e.g., due to incomplete clean-up or
+    reinitialization of the state).
+
 The paths where variable behavior is detected are marked with a matching entry
 in the <out_dir>/queue/.state/variable_behavior/ directory, so you can look
 them up easily.

diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
@@ -130,6 +130,10 @@ static void edit_params(u32 argc, char** argv) {
 
   cc_params[cc_par_cnt++] = "-Qunused-arguments";
 
+  /* Detect stray -v calls from ./configure scripts. */
+
+  if (argc == 1 && !strcmp(argv[1], "-v")) maybe_linking = 0;
+
   while (--argc) {
     u8* cur = *(++argv);
 
@@ -138,8 +142,8 @@ static void edit_params(u32 argc, char** argv) {
 
     if (!strcmp(cur, "-x")) x_set = 1;
 
-    if (!strcmp(cur, "-c") || !strcmp(cur, "-S") || !strcmp(cur, "-E") ||
-        !strcmp(cur, "-v")) maybe_linking = 0;
+    if (!strcmp(cur, "-c") || !strcmp(cur, "-S") || !strcmp(cur, "-E"))
+      maybe_linking = 0;
 
     if (!strcmp(cur, "-fsanitize=address") ||
         !strcmp(cur, "-fsanitize=memory")) asan_set = 1;