rpm/afl
SHA256
1
0
Fork 0
forked from pool/afl
Code Pull Requests Activity

Accepting request 985620 from home:msmeissn:branches:devel:tools

Browse Source 
- updated to 4.01c
  - fixed */build_...sh scripts to work outside of git
  - new custom_mutator: libafl with token fuzzing :)
  - afl-fuzz:
    - when you just want to compile once and set CMPLOG, then just
      set -c 0 to tell afl-fuzz that the fuzzing binary is also for
      CMPLOG.
    - new commandline options -g/G to set min/max length of generated
      fuzz inputs
    - you can set the time for syncing to other fuzzer now with
      AFL_SYNC_TIME
    - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow
      persistent mode and manual forkserver support if these are not
      in the target binary (e.g. are in a shared library)
    - add AFL_EARLY_FORKSERVER to install the forkserver as earliest as
      possible in the target (for afl-gcc-fast/afl-clang-fast/
      afl-clang-lto)
    - "saved timeouts" was wrong information, timeouts are still thrown
      away by default even if they have new coverage (hangs are always
      kept), unless AFL_KEEP_TIMEOUTS are set
    - AFL never implemented auto token inserts (but user token inserts,
      user token overwrite and auto token overwrite), added now!
    - fixed a mutation type in havoc mode
    - Mopt fix to always select the correct algorithm
    - fix effector map calculation (deterministic mode)
    - fix custom mutator post_process functionality
    - document and auto-activate pizza mode on condition
  - afl-cc:
    - due a bug in lld of llvm 15 LTO instrumentation wont work atm :-(
    - converted all passed to use the new llvm pass manager for llvm 11+

OBS-URL: https://build.opensuse.org/request/show/985620
OBS-URL: https://build.opensuse.org/package/show/devel:tools/afl?expand=0&rev=150
This commit is contained in:
Marcus Meissner 2022-06-28 15:18:08 +00:00 committed by Git OBS Bridge
parent 6314bcb1a3
commit 4ce66ab158
5 changed files with 47 additions and 146 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
4.00c.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f427294ed674e37d34a1b756a2190de17937e046ef21abb3ae37bba018a760f1
size 2805041

3
4.01c.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4a0b42a62272c8f07cfba8f5f2fc43a5c072a30d0dbee47732bb2f06ecd7e44f
size 2818445

43
afl.changes
View File

@ -1,4 +1,47 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jun 28 14:32:52 UTC 2022 - Marcus Meissner <meissner@suse.com>
- updated to 4.01c
- fixed */build_...sh scripts to work outside of git
- new custom_mutator: libafl with token fuzzing :)
- afl-fuzz:
- when you just want to compile once and set CMPLOG, then just
set -c 0 to tell afl-fuzz that the fuzzing binary is also for
CMPLOG.
- new commandline options -g/G to set min/max length of generated
fuzz inputs
- you can set the time for syncing to other fuzzer now with
AFL_SYNC_TIME
- reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow
persistent mode and manual forkserver support if these are not
in the target binary (e.g. are in a shared library)
- add AFL_EARLY_FORKSERVER to install the forkserver as earliest as
possible in the target (for afl-gcc-fast/afl-clang-fast/
afl-clang-lto)
- "saved timeouts" was wrong information, timeouts are still thrown
away by default even if they have new coverage (hangs are always
kept), unless AFL_KEEP_TIMEOUTS are set
- AFL never implemented auto token inserts (but user token inserts,
user token overwrite and auto token overwrite), added now!
- fixed a mutation type in havoc mode
- Mopt fix to always select the correct algorithm
- fix effector map calculation (deterministic mode)
- fix custom mutator post_process functionality
- document and auto-activate pizza mode on condition
- afl-cc:
- due a bug in lld of llvm 15 LTO instrumentation wont work atm :-(
- converted all passed to use the new llvm pass manager for llvm 11+
- AFL++ PCGUARD mode is not available for 10.0.1 anymore (11+ only)
- trying to stay on top on all these #$&§!! changes in llvm 15 ...
- frida_mode:
- update to new frida release, handles now c++ throw/catch
- unicorn_mode:
- update unicorn engine, fix C example
- utils:
- removed optimin because it looses coverage due to a bug and is
unmaintained :-(
- removed upstream llvm14-fix-build.patch
-------------------------------------------------------------------
Sat Jun 4 13:26:34 UTC 2022 - Aaron Puchert <aaronpuchert@alice-dsl.net> Sat Jun 4 13:26:34 UTC 2022 - Aaron Puchert <aaronpuchert@alice-dsl.net>
- Add llvm14-fix-build.patch: fix build with LLVM 14. - Add llvm14-fix-build.patch: fix build with LLVM 14.

4
afl.spec
View File

@ -36,7 +36,7 @@
%endif %endif
Name: afl Name: afl
Version: 4.00c Version: 4.01c
Release: 0 Release: 0
Summary: American fuzzy lop is a security-oriented fuzzer Summary: American fuzzy lop is a security-oriented fuzzer
#URL: https://lcamtuf.coredump.cx/afl/ #URL: https://lcamtuf.coredump.cx/afl/
@ -45,7 +45,6 @@ URL: https://github.com/AFLplusplus/AFLplusplus
Source: https://github.com/AFLplusplus/AFLplusplus/archive/%{version}.tar.gz Source: https://github.com/AFLplusplus/AFLplusplus/archive/%{version}.tar.gz
Source1: afl-rpmlintrc Source1: afl-rpmlintrc
Patch1: afl-3.0c-fix-paths.patch Patch1: afl-3.0c-fix-paths.patch
Patch2: https://github.com/AFLplusplus/AFLplusplus/commit/675d17d737ee5dee88766d9c181567771592c94c.patch#/llvm14-fix-build.patch
BuildRequires: clang BuildRequires: clang
BuildRequires: gcc-c++ BuildRequires: gcc-c++
%ifarch x86_64 %ifarch x86_64
@ -77,7 +76,6 @@ use cases - say, common image parsing or file compression libraries.
%prep %prep
%setup -q -n AFLplusplus-%version %setup -q -n AFLplusplus-%version
%patch1 -p1 %patch1 -p1
%patch2 -p1
sed -i 's|#!/usr/bin/env sh|#!/bin/sh|g' afl-cmin sed -i 's|#!/usr/bin/env sh|#!/bin/sh|g' afl-cmin
sed -i 's|#!/usr/bin/env bash|#!/bin/bash|g' afl-cmin.bash sed -i 's|#!/usr/bin/env bash|#!/bin/bash|g' afl-cmin.bash

140
llvm14-fix-build.patch
View File

@ -1,140 +0,0 @@
From 05119990b6075aaf8f16a385a763651f68b8b1ef Mon Sep 17 00:00:00 2001
From: Raphael Isemann <teemperor@gmail.com>
Date: Tue, 22 Feb 2022 10:54:51 +0100
Subject: [PATCH] LLVM 14 fixes
---
instrumentation/SanitizerCoverageLTO.so.cc | 5 +++--
instrumentation/SanitizerCoveragePCGUARD.so.cc | 1 +
instrumentation/afl-llvm-dict2file.so.cc | 4 ++--
instrumentation/afl-llvm-lto-instrumentlist.so.cc | 1 +
instrumentation/afl-llvm-pass.so.cc | 1 +
instrumentation/compare-transform-pass.so.cc | 4 ++--
src/afl-cc.c | 4 ++--
7 files changed, 12 insertions(+), 8 deletions(-)
diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc
index 6a4a071f7..1bdc53768 100644
--- a/instrumentation/SanitizerCoverageLTO.so.cc
+++ b/instrumentation/SanitizerCoverageLTO.so.cc
@@ -17,6 +17,7 @@
#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
#include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallVector.h"
+#include "llvm/ADT/Triple.h"
#include "llvm/Analysis/EHPersonalities.h"
#include "llvm/Analysis/PostDominators.h"
#include "llvm/Analysis/ValueTracking.h"
@@ -757,7 +758,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
if (!HasStr2) {
auto *Ptr = dyn_cast<ConstantExpr>(Str2P);
- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
@@ -838,7 +839,7 @@ bool ModuleSanitizerCoverage::instrumentModule(
auto Ptr = dyn_cast<ConstantExpr>(Str1P);
- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc
index e4ffeb508..48bb5a2cc 100644
--- a/instrumentation/SanitizerCoveragePCGUARD.so.cc
+++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc
@@ -13,6 +13,7 @@
#include "llvm/Transforms/Instrumentation/SanitizerCoverage.h"
#include "llvm/ADT/ArrayRef.h"
#include "llvm/ADT/SmallVector.h"
+#include "llvm/ADT/Triple.h"
#include "llvm/Analysis/EHPersonalities.h"
#include "llvm/Analysis/PostDominators.h"
#include "llvm/IR/CFG.h"
diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc
index 391246606..94dc6984d 100644
--- a/instrumentation/afl-llvm-dict2file.so.cc
+++ b/instrumentation/afl-llvm-dict2file.so.cc
@@ -435,7 +435,7 @@ bool AFLdict2filePass::runOnModule(Module &M) {
if (!HasStr2) {
auto *Ptr = dyn_cast<ConstantExpr>(Str2P);
- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
@@ -519,7 +519,7 @@ bool AFLdict2filePass::runOnModule(Module &M) {
auto Ptr = dyn_cast<ConstantExpr>(Str1P);
- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
diff --git a/instrumentation/afl-llvm-lto-instrumentlist.so.cc b/instrumentation/afl-llvm-lto-instrumentlist.so.cc
index 35ba9c5a0..2ddbc7253 100644
--- a/instrumentation/afl-llvm-lto-instrumentlist.so.cc
+++ b/instrumentation/afl-llvm-lto-instrumentlist.so.cc
@@ -43,6 +43,7 @@
#include "llvm/IR/IRBuilder.h"
#include "llvm/IR/LegacyPassManager.h"
#include "llvm/IR/Module.h"
+#include "llvm/Pass.h"
#include "llvm/Support/Debug.h"
#include "llvm/Transforms/IPO/PassManagerBuilder.h"
#include "llvm/IR/CFG.h"
diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc
index 5246ba089..6419cd1dc 100644
--- a/instrumentation/afl-llvm-pass.so.cc
+++ b/instrumentation/afl-llvm-pass.so.cc
@@ -45,6 +45,7 @@ typedef long double max_align_t;
#endif
#include "llvm/IR/IRBuilder.h"
+#include "llvm/Pass.h"
#include "llvm/IR/LegacyPassManager.h"
#include "llvm/IR/BasicBlock.h"
#include "llvm/IR/Module.h"
diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc
index c3a4ee344..1e250d7aa 100644
--- a/instrumentation/compare-transform-pass.so.cc
+++ b/instrumentation/compare-transform-pass.so.cc
@@ -246,7 +246,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
if (!(HasStr1 || HasStr2)) {
auto *Ptr = dyn_cast<ConstantExpr>(Str2P);
- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
@@ -271,7 +271,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp,
if (!HasStr2) {
Ptr = dyn_cast<ConstantExpr>(Str1P);
- if (Ptr && Ptr->isGEPWithNoNotionalOverIndexing()) {
+ if (Ptr && Ptr->getOpcode() == Instruction::GetElementPtr) {
if (auto *Var = dyn_cast<GlobalVariable>(Ptr->getOperand(0))) {
diff --git a/src/afl-cc.c b/src/afl-cc.c
index ed57ca1ed..bacd9de96 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -549,8 +549,8 @@ static void edit_params(u32 argc, char **argv, char **envp) {
}
#if LLVM_MAJOR >= 13
- // fuck you llvm 13
- cc_params[cc_par_cnt++] = "-fno-experimental-new-pass-manager";
+ // Use the old pass manager in LLVM 14 which the afl++ passes still use.
+ cc_params[cc_par_cnt++] = "-flegacy-pass-manager";
#endif
if (lto_mode && !have_c) {