-
van Hauser authored
* persistent replay env setup * implementation without testing * complete implemenation, still no test * fix * fixes * fixes * documentation for AFL_PERSISTENT_RECORD * afl-cmin: Allow @@ to be part of an arg The previous implementation of "@@ handling" in afl-cmin differed greatly from how it was handled in afl-fuzz and how the documentation presented it. It used to require that the @@ be its own argument separated by whitespace and could not be used in situations like "--file=@@". This change standardizes it to just look for @@ to be *in* an argument in the same manner that afl-cmin.bash does, so that it will have the expected and documented behavior. * triage_crashes.sh: Allow @@ to be part of an arg * triage_crashes.sh: Fix error reporting * afl-showmap: Allow @@ to be part of an arg The previous implementation of "@@ handling" in afl-showmap differed greatly from how it was handled in afl-fuzz and how the documentation presented it. It used to require that the @@ be its own argument separated by whitespace and could not be used in situations like "--file=@@". This change standardizes it to use detect_file_args() like everybody else does, so that it will have the expected and documented behavior. * afl-showmap: Unwind a change to keep it pre-C99 compatible * v3.13a init * ifdef for record * changelog info * AFL_PERSISTENT_RECORD not a default * Add support for FRIDA mode * support libraries for find_afl_binary * remove warnings * update dynamic list * update changelog * try to trigger github actions * try to trigger github actions * android: support host and target 32bit build * remove InsTrim * Fix support for afl-cmin and updated README * integrate frida_mode, code-format * update README * Update custom_mutators.md * fix compilation for llvm 3.8.0 * pass lib -ldl only on Linux platforms * typos * simpler argument processing * -m32 support for docker container * restructure havoc * add introspection * ensure one fuzzer sync per cycle, cycle introspection * remove unneeded var * add parallel builds * add parallel builds * Add network_proxy build targets to gitignore (#852) All other build targets in utils/ are ignored except for these due to the lack of file extension. * Fixes: 6d2ac3e3 ("fix grammar download script") The git submodle entry point is "grammar_mutator" not "grammar-mutator" The build script fails without this * fix #if A == B always evalutes to true * try to avoid CI build failure by updating apt packages * fix k-ctx * Initialalize the autodict-ql Initialalize the autodict-ql add codeql scripts * update the codes, readme - add readme - add required qlpack.yml * update readme update readme * Update readme Update readme * Update readme Update readme * rename python file rename python file * update update * Add shell command Add shell command * update readme update readme * Add support for standalone leak-sanitizer, introducting the environment variable AFL_USE_LSAN. AFL_USE_LSAN introduces the macro __AFL_CHECK_LEAK() which will check for a memory leak when the macro is run. This is especially helpful when using __AFL_LOOP(). If __AFL_LEAK_CHECK() is not used when AFL_USE_LSAN=1 is set, the leak checker will run when the program exits. * Replace __AFL_CHECK_LEAK with __AFL_LEAK_CHECK to be more proper. Fix spelling mistakes. Correctly call LSAN_ERROR not MSAN_ERROR. * Some updates on readme Some updates on readme * Update readme Update readme * Updates update * finalize 1 commit final things * space space * remove things remove things * Add python scripts Add python scripts * Update python scripts Update python scripts * new commit - change strings new commit - change strings * update qlpack name update qlpack name * remove unessential things remove unessential things from scripts * remove dirs remove dirs * Update readme Update readme * Add note Add note * Add ` Add ` * change cur change current dir * Fix typos, Use symbolize=0 for LSAN, Remove syntactic sugar. * Remove check for exit_code on LSAN and replace it with check for symbolize=0. * Move definition of __AFL_LEAK_CHECK inside ifguards, use LSAN_OPTIONS=print_suppressions=0 * revert Heiko's commit * Fix Haiku references, no <sys/syscall.h> and missing defines for USEMMAP * cleanup * Add -lnetwork to dependencies for Haiku * fix conflict * Fix undeclared SYS_write on Haiku * Declare private api __kern_write for Haiku * better MacOs msg * Haiku: create directory for debug_server, if not present * add missing env * better understandable directory creation logic * android: disable sigaction inside debuggerd check https://github.com/google/AFL/blob/master/docs/INSTALL#L173 * fix forkserver timeout error msg * removed -lc++ linking for lto * fix afl_custom_queue_new_entry when syncing * update grammar-mutator, show better fuzzing strategy yields * Update ideas.md Hey, I noticed there was a spelling error in above documentation for GSOC '21. I have corrected it, you can have a look at it if you want. * display dictionary usage in havoc only mode * ui custom mutator only display * add AFL_EXIT_ON_SEED_ISSUES * afl-whatsup -d * fix alive count in afl-whatsup * update havoc * ui update * fix aflpp qemu hook * qemu driver new api * add readme * update readme * allow aflpp_qemu_driver_hook.o to fail * fix writing stat file on exit * remove duplicate plot file write * fix warnings * afl-whatsup -d fix * fix ui * update readme * qemuafl * fix compcovtest * fix compcovtest * fix compcovtest * cmplog -l3: disable trimming, forcing input2stage for all * autoformat with black * fix nits * Changes following code review * fix nits * update docs * review * Add newline Add newline * Update readme fix typo in readme * Add new line Add new line * fixes * fix compcovtest * fix compcovtest * code format for frida mode * reworked formatting in order to avoid gcc 8.3.0 warnings * add idea of thread-safe target feedback * fix-typo: "WIn32" -> "Win32" * fix custom trim for increasing data * drop support for llvm < 6.0 * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie * Push to stable (#895) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by:
Your Name <you@example.com> * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by:
Andrea Fioraldi <andreafioraldi@gmail.com> * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f723. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef16. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f723 commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by:
Dominik Maier <domenukk@gmail.com> Co-authored-by:
WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by:
Dmitry Zheregelya <zheregelya.d@gmail.com> Co-authored-by:
hexcoder <hexcoder-@users.noreply.github.com> Co-authored-by:
hexcoder- <heiko@hexco.de> Co-authored-by:
David CARLIER <devnexen@gmail.com> Co-authored-by:
realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by:
Roman M. Iudichev <SecNotice@ya.ru> * Push to stable (#927) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by:
Dustin Spicuzza <dustin@virtualroadside.com> * push to stable (#931) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by:
0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by:
Tommy Chiang <oToToT@users.noreply.github.com> Co-authored-by:
buherator <buherator@silentsignal.hu> * final push to stable (really?) (#939) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by:
Dag Heyman Kajevic <dag.heyman@gmail.com> * Dev (#949) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by:
van Hauser <vh@thc.org> Co-authored-by:
Jiangen Jiao <joeyjiaojg@qq.com> Co-authored-by:
Yong-Hao Zou <yonghaoz1994@gmail.com> Co-authored-by:
R. Elliott Childre <elliottchildre329@gmail.com> Co-authored-by:
microsvuln <55649192+Microsvuln@users.noreply.github.com> Co-authored-by:
Joshua Rogers <jrogers@opera.com> Co-authored-by:
begasus <begasus@gmail.com> Co-authored-by:
Ujjwal Kirti <64329707+ujjwalkirti@users.noreply.github.com> Co-authored-by:
veritas501 <hxzene@gmail.com> Co-authored-by:
van Hauser authored* persistent replay env setup * implementation without testing * complete implemenation, still no test * fix * fixes * fixes * documentation for AFL_PERSISTENT_RECORD * afl-cmin: Allow @@ to be part of an arg The previous implementation of "@@ handling" in afl-cmin differed greatly from how it was handled in afl-fuzz and how the documentation presented it. It used to require that the @@ be its own argument separated by whitespace and could not be used in situations like "--file=@@". This change standardizes it to just look for @@ to be *in* an argument in the same manner that afl-cmin.bash does, so that it will have the expected and documented behavior. * triage_crashes.sh: Allow @@ to be part of an arg * triage_crashes.sh: Fix error reporting * afl-showmap: Allow @@ to be part of an arg The previous implementation of "@@ handling" in afl-showmap differed greatly from how it was handled in afl-fuzz and how the documentation presented it. It used to require that the @@ be its own argument separated by whitespace and could not be used in situations like "--file=@@". This change standardizes it to use detect_file_args() like everybody else does, so that it will have the expected and documented behavior. * afl-showmap: Unwind a change to keep it pre-C99 compatible * v3.13a init * ifdef for record * changelog info * AFL_PERSISTENT_RECORD not a default * Add support for FRIDA mode * support libraries for find_afl_binary * remove warnings * update dynamic list * update changelog * try to trigger github actions * try to trigger github actions * android: support host and target 32bit build * remove InsTrim * Fix support for afl-cmin and updated README * integrate frida_mode, code-format * update README * Update custom_mutators.md * fix compilation for llvm 3.8.0 * pass lib -ldl only on Linux platforms * typos * simpler argument processing * -m32 support for docker container * restructure havoc * add introspection * ensure one fuzzer sync per cycle, cycle introspection * remove unneeded var * add parallel builds * add parallel builds * Add network_proxy build targets to gitignore (#852) All other build targets in utils/ are ignored except for these due to the lack of file extension. * Fixes: 6d2ac3e3 ("fix grammar download script") The git submodle entry point is "grammar_mutator" not "grammar-mutator" The build script fails without this * fix #if A == B always evalutes to true * try to avoid CI build failure by updating apt packages * fix k-ctx * Initialalize the autodict-ql Initialalize the autodict-ql add codeql scripts * update the codes, readme - add readme - add required qlpack.yml * update readme update readme * Update readme Update readme * Update readme Update readme * rename python file rename python file * update update * Add shell command Add shell command * update readme update readme * Add support for standalone leak-sanitizer, introducting the environment variable AFL_USE_LSAN. AFL_USE_LSAN introduces the macro __AFL_CHECK_LEAK() which will check for a memory leak when the macro is run. This is especially helpful when using __AFL_LOOP(). If __AFL_LEAK_CHECK() is not used when AFL_USE_LSAN=1 is set, the leak checker will run when the program exits. * Replace __AFL_CHECK_LEAK with __AFL_LEAK_CHECK to be more proper. Fix spelling mistakes. Correctly call LSAN_ERROR not MSAN_ERROR. * Some updates on readme Some updates on readme * Update readme Update readme * Updates update * finalize 1 commit final things * space space * remove things remove things * Add python scripts Add python scripts * Update python scripts Update python scripts * new commit - change strings new commit - change strings * update qlpack name update qlpack name * remove unessential things remove unessential things from scripts * remove dirs remove dirs * Update readme Update readme * Add note Add note * Add ` Add ` * change cur change current dir * Fix typos, Use symbolize=0 for LSAN, Remove syntactic sugar. * Remove check for exit_code on LSAN and replace it with check for symbolize=0. * Move definition of __AFL_LEAK_CHECK inside ifguards, use LSAN_OPTIONS=print_suppressions=0 * revert Heiko's commit * Fix Haiku references, no <sys/syscall.h> and missing defines for USEMMAP * cleanup * Add -lnetwork to dependencies for Haiku * fix conflict * Fix undeclared SYS_write on Haiku * Declare private api __kern_write for Haiku * better MacOs msg * Haiku: create directory for debug_server, if not present * add missing env * better understandable directory creation logic * android: disable sigaction inside debuggerd check https://github.com/google/AFL/blob/master/docs/INSTALL#L173 * fix forkserver timeout error msg * removed -lc++ linking for lto * fix afl_custom_queue_new_entry when syncing * update grammar-mutator, show better fuzzing strategy yields * Update ideas.md Hey, I noticed there was a spelling error in above documentation for GSOC '21. I have corrected it, you can have a look at it if you want. * display dictionary usage in havoc only mode * ui custom mutator only display * add AFL_EXIT_ON_SEED_ISSUES * afl-whatsup -d * fix alive count in afl-whatsup * update havoc * ui update * fix aflpp qemu hook * qemu driver new api * add readme * update readme * allow aflpp_qemu_driver_hook.o to fail * fix writing stat file on exit * remove duplicate plot file write * fix warnings * afl-whatsup -d fix * fix ui * update readme * qemuafl * fix compcovtest * fix compcovtest * fix compcovtest * cmplog -l3: disable trimming, forcing input2stage for all * autoformat with black * fix nits * Changes following code review * fix nits * update docs * review * Add newline Add newline * Update readme fix typo in readme * Add new line Add new line * fixes * fix compcovtest * fix compcovtest * code format for frida mode * reworked formatting in order to avoid gcc 8.3.0 warnings * add idea of thread-safe target feedback * fix-typo: "WIn32" -> "Win32" * fix custom trim for increasing data * drop support for llvm < 6.0 * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie * Push to stable (#895) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by:
Code owners
Assign users and groups as approvers for specific file changes. Learn more.