1.93b

Author: thomas-huet

Makefile

@@ -14,7 +14,7 @@
 #
 
 PROGNAME    = afl
-VERSION     = 1.92b
+VERSION     = 1.93b
 
 PREFIX     ?= /usr/local
 BIN_PATH    = $(PREFIX)/bin

docs/ChangeLog

@@ -17,16 +17,23 @@ is 1.92b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
 --------------
-Version 1.91b:
+Version 1.93b:
+--------------
+
+  - Hopefully fixed a problem with MacOS X and persistent mode, spotted by
+    Leo Barnes.
+
+--------------
+Version 1.92b:
 --------------
 
-  - Yet another C++ fix (namespaces). Reported by Daniel Lockyer.
+  - Made yet another C++ fix (namespaces). Reported by Daniel Lockyer.
 
 --------------
 Version 1.91b:
 --------------
 
-  - Another fix to make 1.90b actually work properly with C++ (d'oh).
+  - Made another fix to make 1.90b actually work properly with C++ (d'oh).
     Problem spotted by Daniel Lockyer.
 
 --------------

docs/README

@@ -423,7 +423,7 @@ bug reports, or patches from:
   Richo Healey                          Martijn Bogaard
   rc0r                                  Jonathan Foote
   Christian Holler                      Dominique Pelle
-  Jacek Wielemborek
+  Jacek Wielemborek                     Leo Barnes
 
 Thank you!
 

docs/notes_for_asan.txt

@@ -27,6 +27,7 @@ Because of this, fuzzing with ASAN is recommended only in four scenarios:
 
 To compile with ASAN, set AFL_USE_ASAN=1 before calling 'make clean all'. The
 afl-gcc / afl-clang wrappers will pick that up and add the appropriate flags.
+Note that ASAN is incompatible with -static, so be mindful of that.
 
 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.)
 

docs/sister_projects.txt

@@ -118,6 +118,13 @@ afl-fuzzing-scripts (Tobias Ospelt)
 
   https://github.com/floyd-fuh/afl-fuzzing-scripts/
 
+afl-sid (Jacek Wielemborek)
+---------------------------
+
+  Allows users to more conveniently build and deploy AFL via Docker.
+
+  https://github.com/d33tah/afl-sid
+
 -------------------------------------
 Crash triage, coverage analysis, etc:
 -------------------------------------

experimental/persistent_demo/persistent_demo.c

@@ -80,8 +80,9 @@ int main(int argc, char** argv) {
 
   }
 
-  /* Once the loop is exited, terminate normally - AFL will restat the process
-     from scratch. */
+  /* Once the loop is exited, terminate normally - AFL will restart the process
+     when this happens, with a clean slate when it comes to allocated memory,
+     leftover file descriptors, etc. */
 
   return 0;
 

llvm_mode/afl-clang-fast.c

@@ -178,16 +178,45 @@ static void edit_params(u32 argc, char** argv) {
 
   cc_params[cc_par_cnt++] = "-D__AFL_HAVE_MANUAL_CONTROL=1";
 
+  /* When the user tries to use persistent or deferred forkserver modes by
+     appending a single line to the program, we want to reliably inject a
+     signature into the binary (to be picked up by afl-fuzz) and we want
+     to call a function from the runtime .o file. This is unnecessarily
+     painful for three reasons:
+
+     1) We need to convince the compiler not to optimize out the signature.
+        This is done with __attribute__((used)).
+
+     2) We need to convince the linker, when called with -Wl,--gc-sections,
+        not to do the same. This is done by forcing an assignment to a
+        'volatile' pointer.
+
+     3) We need to declare __afl_persistent_loop() in the global namespace,
+        but doing this within a method in a class is hard - :: and extern "C"
+        are forbidden and __attribute__((alias(...))) doesn't work. Hence the
+        __asm__ aliasing trick.
+
+   */
+
   cc_params[cc_par_cnt++] = "-D__AFL_LOOP(_A)="
     "({ static volatile char *_B __attribute__((used)); "
     " _B = (char*)\"" PERSIST_SIG "\"; "
+#ifdef __APPLE__
+    "int _L(unsigned int) __asm__(\"___afl_persistent_loop\"); "
+#else
     "int _L(unsigned int) __asm__(\"__afl_persistent_loop\"); "
+#endif /* ^__APPLE__ */
     "_L(_A); })";
 
   cc_params[cc_par_cnt++] = "-D__AFL_INIT()="
     "do { static volatile char *_A __attribute__((used)); "
     " _A = (char*)\"" DEFER_SIG "\"; "
+#ifdef __APPLE__
+    "void _I(void) __asm__(\"___afl_manual_init\"); "
+#else
     "void _I(void) __asm__(\"__afl_manual_init\"); "
+#endif /* ^__APPLE__ */
+
     "_I(); } while (0)";
 
   if (maybe_linking) {