From 41cbaf9b8bb5e1f346eccda9009a6716bed0ddc7 Mon Sep 17 00:00:00 2001 From: Thomas HUET Date: Sat, 21 May 2016 18:49:12 +0200 Subject: [PATCH] 2.08b --- Makefile | 4 +++- afl-fuzz.c | 4 +++- docs/ChangeLog | 9 +++++++++ docs/env_variables.txt | 3 ++- llvm_mode/Makefile | 12 ++++++++++-- llvm_mode/afl-clang-fast.c | 31 ++++++++++++++++++++++++++----- 6 files changed, 53 insertions(+), 10 deletions(-) diff --git a/Makefile b/Makefile index 963a8fb7..4a711581 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ # PROGNAME = afl -VERSION = 2.07b +VERSION = 2.08b PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin @@ -121,6 +121,8 @@ install: all rm -f $${DESTDIR}$(BIN_PATH)/afl-as if [ -f afl-qemu-trace ]; then install -m 755 afl-qemu-trace $${DESTDIR}$(BIN_PATH); fi if [ -f afl-clang-fast -a -f afl-llvm-pass.so -a -f afl-llvm-rt.o ]; then set -e; install -m 755 afl-clang-fast $${DESTDIR}$(BIN_PATH); ln -sf afl-clang-fast $${DESTDIR}$(BIN_PATH)/afl-clang-fast++; install -m 755 afl-llvm-pass.so afl-llvm-rt.o $${DESTDIR}$(HELPER_PATH); fi + if [ -f afl-llvm-rt-32.o ]; then set -e; install -m 755 afl-llvm-rt-32.o $${DESTDIR}$(HELPER_PATH); fi + if [ -f afl-llvm-rt-64.o ]; then set -e; install -m 755 afl-llvm-rt-64.o $${DESTDIR}$(HELPER_PATH); fi set -e; for i in afl-g++ afl-clang afl-clang++; do ln -sf afl-gcc $${DESTDIR}$(BIN_PATH)/$$i; done install -m 755 afl-as $${DESTDIR}$(HELPER_PATH) ln -sf afl-as $${DESTDIR}$(HELPER_PATH)/as diff --git a/afl-fuzz.c b/afl-fuzz.c index de841415..763f185e 100644 --- a/afl-fuzz.c +++ b/afl-fuzz.c @@ -3782,11 +3782,13 @@ static void show_stats(void) { } - /* Honor AFL_EXIT_WHEN_DONE. */ + /* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */ if (!dumb_mode && cycles_wo_finds > 20 && !pending_not_fuzzed && getenv("AFL_EXIT_WHEN_DONE")) stop_soon = 2; + if (total_crashes && getenv("AFL_BENCH_UNTIL_CRASH")) stop_soon = 2; + /* If we're not on TTY, bail out. */ if (not_on_tty) return; diff --git a/docs/ChangeLog b/docs/ChangeLog index 08101682..d20e1d7a 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -16,6 +16,15 @@ Not sure if you should upgrade? The lowest currently recommended version is 2.07b. If you're stuck on an earlier release, it's strongly advisable to get on with the times. +-------------- +Version 2.08b: +-------------- + + - Added explicit support for -m32 and -m64 for llvm_mode. Inspired by + a request from Christian Holler. + + - Added a new benchmarking option, as requested by Kostya Serebryany. + -------------- Version 2.07b: -------------- diff --git a/docs/env_variables.txt b/docs/env_variables.txt index 22229bf4..16de0344 100644 --- a/docs/env_variables.txt +++ b/docs/env_variables.txt @@ -146,7 +146,8 @@ checks or alter some of the more exotic semantics of the tool: Others need not apply. - Benchmarking only: AFL_BENCH_JUST_ONE causes the fuzzer to exit after - processing the first queue entry. + processing the first queue entry; and AFL_BENCH_UNTIL_CRASH causes it to + exit when first crash is found. 4) Settings for afl-qemu-trace ------------------------------ diff --git a/llvm_mode/Makefile b/llvm_mode/Makefile index f5df16a8..0176fb79 100644 --- a/llvm_mode/Makefile +++ b/llvm_mode/Makefile @@ -55,9 +55,9 @@ ifeq "$(origin CC)" "default" endif ifndef AFL_TRACE_PC - PROGS = ../afl-clang-fast ../afl-llvm-pass.so ../afl-llvm-rt.o + PROGS = ../afl-clang-fast ../afl-llvm-pass.so ../afl-llvm-rt.o ../afl-llvm-rt-32.o ../afl-llvm-rt-64.o else - PROGS = ../afl-clang-fast ../afl-llvm-rt.o + PROGS = ../afl-clang-fast ../afl-llvm-rt.o ../afl-llvm-rt-32.o ../afl-llvm-rt-64.o endif all: test_deps $(PROGS) test_build all_done @@ -85,6 +85,14 @@ endif ../afl-llvm-rt.o: afl-llvm-rt.o.c | test_deps $(CC) $(CFLAGS) -fPIC -c $< -o $@ +../afl-llvm-rt-32.o: afl-llvm-rt.o.c | test_deps + @printf "[*] Building 32-bit variant of the runtime (-m32)... " + @$(CC) $(CFLAGS) -m32 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; else echo "failed (that's fine)"; fi + +../afl-llvm-rt-64.o: afl-llvm-rt.o.c | test_deps + @printf "[*] Building 64-bit variant of the runtime (-m64)... " + @$(CC) $(CFLAGS) -m64 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; else echo "failed (that's fine)"; fi + test_build: $(PROGS) @echo "[*] Testing the CC wrapper and instrumentation output..." unset AFL_USE_ASAN AFL_USE_MSAN; AFL_QUIET=1 AFL_INST_RATIO=100 AFL_PATH=. AFL_CC=$(CC) ../afl-clang-fast $(CFLAGS) ../test-instr.c -o test-instr $(LDFLAGS) diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 2303340c..f715d6b2 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -96,7 +96,7 @@ static void find_obj(u8* argv0) { static void edit_params(u32 argc, char** argv) { - u8 fortify_set = 0, asan_set = 0, x_set = 0, maybe_linking = 1; + u8 fortify_set = 0, asan_set = 0, x_set = 0, maybe_linking = 1, bit_mode = 0; u8 *name; cc_params = ck_alloc((argc + 64) * sizeof(u8*)); @@ -133,9 +133,8 @@ static void edit_params(u32 argc, char** argv) { while (--argc) { u8* cur = *(++argv); -#if defined(__x86_64__) - if (!strcmp(cur, "-m32")) FATAL("-m32 is not supported"); -#endif + if (!strcmp(cur, "-m32")) bit_mode = 32; + if (!strcmp(cur, "-m64")) bit_mode = 64; if (!strcmp(cur, "-x")) x_set = 1; @@ -251,7 +250,29 @@ static void edit_params(u32 argc, char** argv) { cc_params[cc_par_cnt++] = "none"; } - cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt.o", obj_path); + switch (bit_mode) { + + case 0: + cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt.o", obj_path); + break; + + case 32: + cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt-32.o", obj_path); + + if (access(cc_params[cc_par_cnt - 1], R_OK)) + FATAL("-m32 is not supported by your compiler"); + + break; + + case 64: + cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-rt-64.o", obj_path); + + if (access(cc_params[cc_par_cnt - 1], R_OK)) + FATAL("-m64 is not supported by your compiler"); + + break; + + } }