2.26b

afl-analyze.c

@@ -244,9 +244,6 @@ static u32 run_target(char** argv, u8* mem, u32 len, u8 first_run) {
   s32 prog_in_fd;
   u32 cksum;
 
-  if (getenv("AFL_LD_PRELOAD"))
-    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
-
   memset(trace_bits, 0, MAP_SIZE);
   MEM_BARRIER();
 
@@ -710,8 +707,10 @@ static void set_up_environment(void) {
                          "allocator_may_return_null=1:"
                          "msan_track_origins=0", 0);
 
-  if (getenv("AFL_LD_PRELOAD"))
-    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
+  if (getenv("AFL_PRELOAD")) {
+    setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1);
+    setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1);
+  }
 
 }
 

afl-fuzz.c

@@ -7821,8 +7821,13 @@ int main(int argc, char** argv) {
   if (dumb_mode == 2 && no_forkserver)
     FATAL("AFL_DUMB_FORKSRV and AFL_NO_FORKSRV are mutually exclusive");
 
+  if (getenv("AFL_PRELOAD")) {
+    setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1);
+    setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1);
+  }
+
   if (getenv("AFL_LD_PRELOAD"))
-    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
+    FATAL("Use AFL_PRELOAD instead of AFL_LD_PRELOAD");
 
   save_cmdline(argc, argv);
 

afl-showmap.c

@@ -215,9 +215,6 @@ static void run_target(char** argv) {
   static struct itimerval it;
   int status = 0;
 
-  if (getenv("AFL_LD_PRELOAD"))
-    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
-
   if (!quiet_mode)
     SAYF("-- Program output begins --\n" cRST);
 
@@ -345,8 +342,10 @@ static void set_up_environment(void) {
                          "allocator_may_return_null=1:"
                          "msan_track_origins=0", 0);
 
-  if (getenv("AFL_LD_PRELOAD"))
-    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
+  if (getenv("AFL_PRELOAD")) {
+    setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1);
+    setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1);
+  }
 
 }
 

afl-tmin.c

@@ -237,9 +237,6 @@ static u8 run_target(char** argv, u8* mem, u32 len, u8 first_run) {
   s32 prog_in_fd;
   u32 cksum;
 
-  if (getenv("AFL_LD_PRELOAD"))
-    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
-
   memset(trace_bits, 0, MAP_SIZE);
   MEM_BARRIER();
 
@@ -701,8 +698,10 @@ static void set_up_environment(void) {
                          "allocator_may_return_null=1:"
                          "msan_track_origins=0", 0);
 
-  if (getenv("AFL_LD_PRELOAD"))
-    setenv("LD_PRELOAD", getenv("AFL_LD_PRELOAD"), 1);
+  if (getenv("AFL_PRELOAD")) {
+    setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1);
+    setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1);
+  }
 
 }
 

config.h

@@ -21,7 +21,7 @@
 
 /* Version string: */
 
-#define VERSION             "2.25b"
+#define VERSION             "2.26b"
 
 /******************************************************
  *                                                    *

docs/ChangeLog

@@ -16,6 +16,16 @@ Not sure if you should upgrade? The lowest currently recommended version
 is 2.21b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 2.26b:
+--------------
+
+  - Made a fix for libdislocator.so to compile on MacOS X.
+
+  - Added support for DYLD_INSERT_LIBRARIES.
+
+  - Renamed AFL_LD_PRELOAD to AFL_PRELOAD.
+
 --------------
 Version 2.25b:
 --------------

docs/README

@@ -116,7 +116,7 @@ $ CC=/path/to/afl/afl-gcc ./configure --disable-shared
 Setting AFL_HARDEN=1 when calling 'make' will cause the CC wrapper to
 automatically enable code hardening options that make it easier to detect
 simple memory bugs. Preloading 'libdislocator.so' (an abusive allocator) can
-help uncover heap corruption isses, too; see libdislocator.so.c for info and
+help uncover heap corruption issues, too; see libdislocator.so.c for info and
 usage tips.
 
 PS. ASAN users are advised to review notes_for_asan.txt file for important

docs/env_variables.txt

@@ -138,7 +138,7 @@ checks or alter some of the more exotic semantics of the tool:
 
   - In QEMU mode (-Q), AFL_PATH will be searched for afl-qemu-trace.
 
-  - Setting AFL_LD_PRELOAD causes AFL to set LD_PRELOAD for the target binary
+  - Setting AFL_PRELOAD causes AFL to set LD_PRELOAD for the target binary
     without disrupting the afl-fuzz process itself. This is useful, among other
     things, for bootstrapping libdislocator.so.
 

libdislocator.so.c

@@ -54,11 +54,10 @@
 
    To use this library, run AFL like so:
 
-   AFL_LD_PRELOAD=/path/to/libdislocator.so ./afl-fuzz [...other params...]
+   AFL_PRELOAD=/path/to/libdislocator.so ./afl-fuzz [...other params...]
 
    You *have* to specify path, even if it's just ./libdislocator.so or
-   $PWD/libdislocator.so. On MacOS X, you may have to use DYLD_INSERT_LIBRARIES
-   instead of LD_PRELOAD.
+   $PWD/libdislocator.so.
 
    Similarly to afl-tmin, the library is not "proprietary" and can be
    used with other fuzzers or testing tools without the need for any code
@@ -82,6 +81,10 @@
 #  define PAGE_SIZE 4096
 #endif /* !PAGE_SIZE */
 
+#ifndef MAP_ANONYMOUS
+#  define MAP_ANONYMOUS MAP_ANON
+#endif /* !MAP_ANONYMOUS */
+
 /* Error / message handling: */
 
 #define DEBUGF(_x...) do { \
@@ -123,7 +126,7 @@ static u8  alloc_verbose,               /* Additional debug messages        */
 
 static __thread size_t total_mem;       /* Currently allocated mem          */
 
-static __thread u32 call_depth;
+static __thread u32 call_depth;         /* To avoid recursion via fprintf() */
 
 /* This is the main alloc function. It allocates one page more than necessary,
    sets that tailing page to PROT_NONE, and then increments the return address