Skip to content

Commit

Permalink
2.44b
Browse files Browse the repository at this point in the history
  • Loading branch information
thomas-huet committed Jul 2, 2017
1 parent e6d4330 commit a1d2c39
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 12 deletions.
11 changes: 8 additions & 3 deletions afl-as.c
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,8 @@ static u8* modified_file; /* Instrumented file for the real 'as' */
static u8 be_quiet, /* Quiet mode (no stderr output) */
clang_mode, /* Running in clang mode? */
pass_thru, /* Just pass data through? */
just_version; /* Just show version? */
just_version, /* Just show version? */
sanitizer; /* Using ASAN / MSAN */

static u32 inst_ratio = 100, /* Instrumentation probability (%) */
as_par_cnt = 1; /* Number of params to 'as' */
Expand Down Expand Up @@ -454,7 +455,8 @@ static void add_instrumentation(void) {
pass_thru ? " (pass-thru mode)" : "");
else OKF("Instrumented %u locations (%s-bit, %s mode, ratio %u%%).",
ins_lines, use_64bit ? "64" : "32",
getenv("AFL_HARDEN") ? "hardened" : "non-hardened",
getenv("AFL_HARDEN") ? "hardened" :
(sanitizer ? "ASAN/MSAN" : "non-hardened"),
inst_ratio);

}
Expand Down Expand Up @@ -521,7 +523,10 @@ int main(int argc, char** argv) {
ASAN-specific branches. But we can probabilistically compensate for
that... */

if (getenv("AFL_USE_ASAN") || getenv("AFL_USE_MSAN")) inst_ratio /= 3;
if (getenv("AFL_USE_ASAN") || getenv("AFL_USE_MSAN")) {
sanitizer = 1;
inst_ratio /= 3;
}

if (!just_version) add_instrumentation();

Expand Down
20 changes: 16 additions & 4 deletions afl-showmap.c
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,8 @@ static s32 shm_id; /* ID of the SHM region */
static u8 quiet_mode, /* Hide non-essential messages? */
edges_only, /* Ignore hit counts? */
cmin_mode, /* Generate output in afl-cmin mode? */
binary_mode; /* Write output as a binary map */
binary_mode, /* Write output as a binary map */
keep_cores; /* Allow coredumps? */

static volatile u8
stop_soon, /* Ctrl-C pressed? */
Expand Down Expand Up @@ -285,9 +286,13 @@ static void run_target(char** argv) {

}

r.rlim_max = r.rlim_cur = 0;
if (keep_cores) r.rlim_max = r.rlim_cur = 0;
else r.rlim_max = r.rlim_cur = RLIM_INFINITY;

setrlimit(RLIMIT_CORE, &r); /* Ignore errors */

if (!getenv("LD_BIND_LAZY")) setenv("LD_BIND_NOW", "1", 0);

execv(target_path, argv);

*(u32*)trace_bits = EXEC_FAIL_SIG;
Expand Down Expand Up @@ -479,7 +484,8 @@ static void usage(u8* argv0) {
"Other settings:\n\n"

" -q - sink program's output and don't show messages\n"
" -e - show edge coverage only, ignore hit counts\n\n"
" -e - show edge coverage only, ignore hit counts\n"
" -c - allow core dumps\n\n"

"This tool displays raw tuple data captured by AFL instrumentation.\n"
"For additional help, consult %s/README.\n\n" cRST,
Expand Down Expand Up @@ -614,7 +620,7 @@ int main(int argc, char** argv) {

doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;

while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQb")) > 0)
while ((opt = getopt(argc,argv,"+o:m:t:A:eqZQbc")) > 0)

switch (opt) {

Expand Down Expand Up @@ -719,6 +725,12 @@ int main(int argc, char** argv) {
binary_mode = 1;
break;

case 'c':

if (keep_cores) FATAL("Multiple -c options not supported");
keep_cores = 1;
break;

default:

usage(argv[0]);
Expand Down
2 changes: 1 addition & 1 deletion config.h
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

/* Version string: */

#define VERSION "2.43b"
#define VERSION "2.44b"

/******************************************************
* *
Expand Down
15 changes: 15 additions & 0 deletions docs/ChangeLog
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,21 @@ Not sure if you should upgrade? The lowest currently recommended version
is 2.41b. If you're stuck on an earlier release, it's strongly advisable
to get on with the times.

--------------
Version 2.44b:
--------------

- Added a visual indicator of ASAN / MSAN mode when compiling. Requested
by Jakub Wilk.

- Added support for afl-showmap coredumps (-c). Suggested by Jakub Wilk.

- Added LD_BIND_NOW=1 for afl-showmap by default. Although not really useful,
it reportedly helps reproduce some crashes. Suggested by Jakub Wilk.

- Added a note about allocator_may_return_null=1 not always working with
ASAN. Spotted by Jakub Wilk.

--------------
Version 2.43b:
--------------
Expand Down
18 changes: 17 additions & 1 deletion docs/notes_for_asan.txt
Original file line number Diff line number Diff line change
Expand Up @@ -113,7 +113,23 @@ emulation, so please do not try to use them with the -Q option; QEMU doesn't
seem to appreciate the shadow VM trick used by these tools, and will likely
just allocate all your physical memory, then crash.

4) What about UBSAN?
4) ASAN and OOM crashes
-----------------------

By default, ASAN treats memory allocation failures as fatal errors, immediately
causing the program to crash. Since this is a departure from normal POSIX
semantics (and creates the appearance of security issues in otherwise
properly-behaving programs), we try to disable this by specifying
allocator_may_return_null=1 in ASAN_OPTIONS.

Unfortunately, it's been reported that this setting still causes ASAN to
trigger phantom crashes in situations where the standard allocator would
simply return NULL. If this is interfering with your fuzzing jobs, you may
want to cc: yourself on this bug:

https://bugs.llvm.org/show_bug.cgi?id=22026

5) What about UBSAN?
--------------------

Some folks expressed interest in fuzzing with UBSAN. This isn't officially
Expand Down
6 changes: 3 additions & 3 deletions llvm_mode/afl-llvm-pass.so.cc
Original file line number Diff line number Diff line change
Expand Up @@ -159,9 +159,9 @@ bool AFLCoverage::runOnModule(Module &M) {

if (!inst_blocks) WARNF("No instrumentation targets found.");
else OKF("Instrumented %u locations (%s mode, ratio %u%%).",
inst_blocks,
getenv("AFL_HARDEN") ? "hardened" : "non-hardened",
inst_ratio);
inst_blocks, getenv("AFL_HARDEN") ? "hardened" :
((getenv("AFL_USE_ASAN") || getenv("AFL_USE_MSAN")) ?
"ASAN/MSAN" : "non-hardened"), inst_ratio);

}

Expand Down

0 comments on commit a1d2c39

Please sign in to comment.