diff --git a/Makefile b/Makefile index 64d1d156..7a4771a5 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ # PROGNAME = afl -VERSION = 1.93b +VERSION = 1.94b PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin diff --git a/afl-as.c b/afl-as.c index 70ae7b77..7686fe8a 100644 --- a/afl-as.c +++ b/afl-as.c @@ -117,6 +117,12 @@ static void edit_params(int argc, char** argv) { #endif /* __APPLE__ */ + /* Although this is not documented, GCC also uses TEMP and TMP when TMPDIR + is not set. We need to check these non-standard variables to properly + handle the pass_thru logic later on. */ + + if (!tmp_dir) tmp_dir = getenv("TEMP"); + if (!tmp_dir) tmp_dir = getenv("TMP"); if (!tmp_dir) tmp_dir = "/tmp"; as_params = ck_alloc((argc + 32) * sizeof(u8*)); @@ -444,7 +450,8 @@ static void add_instrumentation(void) { if (!be_quiet) { - if (!ins_lines) WARNF("No instrumentation targets found."); + if (!ins_lines) WARNF("No instrumentation targets found%s.", + pass_thru ? " (pass-thru mode)" : ""); else OKF("Instrumented %u locations (%s-bit, %s mode, ratio %u%%).", ins_lines, use_64bit ? "64" : "32", getenv("AFL_HARDEN") ? "hardened" : "non-hardened", diff --git a/afl-cmin b/afl-cmin index 16e98a6c..5af4b774 100755 --- a/afl-cmin +++ b/afl-cmin @@ -18,8 +18,8 @@ # the starting corpus. This has two uses: # # - Screening large corpora of input files before using them as a seed for -# seed for afl-fuzz. The tool will remove functionally redundant files and -# likely leave you with a much smaller set. +# afl-fuzz. The tool will remove functionally redundant files and likely +# leave you with a much smaller set. # # (In this case, you probably also want to consider running afl-tmin on # the individual files later on to reduce their size.) diff --git a/alloc-inl.h b/alloc-inl.h index d5a6baba..d3c125fb 100644 --- a/alloc-inl.h +++ b/alloc-inl.h @@ -57,17 +57,17 @@ /* Magic tokens used to mark used / freed chunks. */ -#define ALLOC_MAGIC_C1 0xFF00 -#define ALLOC_MAGIC_F 0xFE00 -#define ALLOC_MAGIC_C2 0xF0 +#define ALLOC_MAGIC_C1 0xFF00FF00 /* Used head (dword) */ +#define ALLOC_MAGIC_F 0xFE00FE00 /* Freed head (dword) */ +#define ALLOC_MAGIC_C2 0xF0 /* Used tail (byte) */ /* Positions of guard tokens in relation to the user-visible pointer. */ -#define ALLOC_C1(_ptr) (((u16*)(_ptr))[-3]) +#define ALLOC_C1(_ptr) (((u32*)(_ptr))[-2]) #define ALLOC_S(_ptr) (((u32*)(_ptr))[-1]) #define ALLOC_C2(_ptr) (((u8*)(_ptr))[ALLOC_S(_ptr)]) -#define ALLOC_OFF_HEAD 6 +#define ALLOC_OFF_HEAD 8 #define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1) /* Allocator increments for ck_realloc_block(). */ diff --git a/docs/ChangeLog b/docs/ChangeLog index 29568077..408e0b99 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -16,6 +16,18 @@ Not sure if you should upgrade? The lowest currently recommended version is 1.92b. If you're stuck on an earlier release, it's strongly advisable to get on with the times. +-------------- +Version 1.94b: +-------------- + + - Changed allocator alignment to improve support for non-x86 systems (now + that llvm_mode makes this more feasible). + + - Fixed a minor typo in afl-cmin. Spotted by Jonathan Neuschafer. + + - Fixed an obscure bug that would affect people trying to use afl-gcc + with $TMP set but $TMPDIR absent. Spotted by Jeremy Barnes. + -------------- Version 1.93b: -------------- diff --git a/docs/README b/docs/README index 7a06b5f9..832f6324 100644 --- a/docs/README +++ b/docs/README @@ -424,6 +424,7 @@ bug reports, or patches from: rc0r Jonathan Foote Christian Holler Dominique Pelle Jacek Wielemborek Leo Barnes + Jeremy Barnes Thank you! diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c index 70a06948..f229478f 100644 --- a/llvm_mode/afl-clang-fast.c +++ b/llvm_mode/afl-clang-fast.c @@ -216,7 +216,6 @@ static void edit_params(u32 argc, char** argv) { #else "void _I(void) __asm__(\"__afl_manual_init\"); " #endif /* ^__APPLE__ */ - "_I(); } while (0)"; if (maybe_linking) {