commit afl for openSUSE:Factory

Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package afl for openSUSE:Factory checked in at 2022-10-21 17:28:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/afl (Old) and /work/SRC/openSUSE:Factory/.afl.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "afl" Fri Oct 21 17:28:36 2022 rev:73 rq:1030429 version:4.04c Changes: -------- --- /work/SRC/openSUSE:Factory/afl/afl.changes 2022-09-20 19:24:24.122614876 +0200 +++ /work/SRC/openSUSE:Factory/.afl.new.2275/afl.changes 2022-10-21 17:28:37.436465891 +0200 @@ -1,0 +2,21 @@ +Fri Oct 21 14:28:09 UTC 2022 - Marcus Meissner <meissner@suse.com> + +- updated to 4.04c + - fix gramatron and grammar_mutator build scripts + - enhancements to the afl-persistent-config and afl-system-config + - scripts + - afl-fuzz: + - force writing all stats on exit + - afl-cc: + - make gcc_mode (afl-gcc-fast) work with gcc down to version 3.6 + - qemu_mode: + - fixed 10x speed degredation in v4.03c + - added qemu_mode/fastexit helper library + - unicorn_mode: + - Enabled tricore arch (by @jma-qb) + - Updated Capstone version in Rust bindings + - llvm-mode: + - AFL runtime will always pass inputs via shared memory, when possible, + ignoring the command line. + +------------------------------------------------------------------- Old: ---- 4.03c.tar.gz New: ---- 4.04c.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ afl.spec ++++++ --- /var/tmp/diff_new_pack.rvArE1/_old 2022-10-21 17:28:38.036467019 +0200 +++ /var/tmp/diff_new_pack.rvArE1/_new 2022-10-21 17:28:38.040467027 +0200 @@ -36,7 +36,7 @@ %endif Name: afl -Version: 4.03c +Version: 4.04c Release: 0 Summary: American fuzzy lop is a security-oriented fuzzer #URL: https://lcamtuf.coredump.cx/afl/ ++++++ 4.03c.tar.gz -> 4.04c.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/GNUmakefile new/AFLplusplus-4.04c/GNUmakefile --- old/AFLplusplus-4.03c/GNUmakefile 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/GNUmakefile 2022-10-11 15:40:55.000000000 +0200 @@ -592,6 +592,7 @@ -$(MAKE) -C utils/argv_fuzzing clean -$(MAKE) -C utils/plot_ui clean -$(MAKE) -C qemu_mode/unsigaction clean + -$(MAKE) -C qemu_mode/fastexit clean -$(MAKE) -C qemu_mode/libcompcov clean -$(MAKE) -C qemu_mode/libqasan clean -$(MAKE) -C frida_mode clean diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/GNUmakefile.llvm new/AFLplusplus-4.04c/GNUmakefile.llvm --- old/AFLplusplus-4.03c/GNUmakefile.llvm 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/GNUmakefile.llvm 2022-10-11 15:40:55.000000000 +0200 @@ -214,6 +214,17 @@ ifeq "$(AFL_REAL_LD)" "" ifneq "$(shell readlink $(LLVM_BINDIR)/ld.lld 2>&1)" "" AFL_REAL_LD = $(LLVM_BINDIR)/ld.lld + else ifneq "$(shell command -v ld.lld 2>/dev/null)" "" + AFL_REAL_LD = $(shell command -v ld.lld) + TMP_LDLDD_VERSION = $(shell $(AFL_REAL_LD) --version | awk '{ print $$2 }') + ifeq "$(LLVMVER)" "$(TMP_LDLDD_VERSION)" + $(warning ld.lld found in a weird location ($(AFL_REAL_LD)), but its the same version as LLVM so we will allow it) + else + $(warning ld.lld found in a weird location ($(AFL_REAL_LD)) and its of a different version than LLMV ($(TMP_LDLDD_VERSION) vs. $(LLVMVER)) - cannot enable LTO mode) + AFL_REAL_LD= + LLVM_LTO = 0 + endif + undefine TMP_LDLDD_VERSION else $(warning ld.lld not found, cannot enable LTO mode) LLVM_LTO = 0 @@ -229,7 +240,7 @@ ifeq "$(LLVM_LTO)" "1" ifeq "$(shell echo 'int main() {return 0; }' | $(CLANG_BIN) -x c - -fuse-ld=`command -v ld` -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" AFL_CLANG_FUSELD=1 - ifeq "$(shell echo 'int main() {return 0; }' | $(CLANG_BIN) -x c - -fuse-ld=ld.lld --ld-path=$(LLVM_BINDIR)/ld.lld -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" + ifeq "$(shell echo 'int main() {return 0; }' | $(CLANG_BIN) -x c - -fuse-ld=ld.lld --ld-path=$(AFL_REAL_LD) -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" AFL_CLANG_LDPATH=1 endif else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/README.md new/AFLplusplus-4.04c/README.md --- old/AFLplusplus-4.03c/README.md 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/README.md 2022-10-11 15:40:55.000000000 +0200 @@ -2,7 +2,7 @@ <img align="right" src="https://raw.githubusercontent.com/AFLplusplus/Website/master/static/aflpp_bg..." alt="AFL++ logo" width="250" heigh="250"> -Release version: [4.03c](https://github.com/AFLplusplus/AFLplusplus/releases) +Release version: [4.04c](https://github.com/AFLplusplus/AFLplusplus/releases) GitHub version: 4.04a diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/afl-persistent-config new/AFLplusplus-4.04c/afl-persistent-config --- old/AFLplusplus-4.03c/afl-persistent-config 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/afl-persistent-config 2022-10-11 15:40:55.000000000 +0200 @@ -113,10 +113,10 @@ grep -E -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null || echo Error: /etc/default/grub with GRUB_CMDLINE_LINUX_DEFAULT is not present, cannot set boot options grep -E -q '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub 2>/dev/null && { - grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | grep -E -q hardened_usercopy=off || { + grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | grep -E -q 'noibrs pcid nopti' || { echo "Configuring performance boot options" LINE=`grep -E '^GRUB_CMDLINE_LINUX_DEFAULT=' /etc/default/grub | sed 's/^GRUB_CMDLINE_LINUX_DEFAULT=//' | tr -d '"'` - OPTIONS="$LINE ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx=on tsx_async_abort=off mitigations=off audit=0 hardened_usercopy=off ssbd=force-off" + OPTIONS="$LINE ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs pcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=on pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx=on tsx_async_abort=off mitigations=off audit=0 hardened_usercopy=off ssbd=force-off" echo Setting boot options in /etc/default/grub to GRUB_CMDLINE_LINUX_DEFAULT=\"$OPTIONS\" sed -i "s|^GRUB_CMDLINE_LINUX_DEFAULT=.*|GRUB_CMDLINE_LINUX_DEFAULT=\"$OPTIONS\"|" /etc/default/grub } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/afl-system-config new/AFLplusplus-4.04c/afl-system-config --- old/AFLplusplus-4.03c/afl-system-config 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/afl-system-config 2022-10-11 15:40:55.000000000 +0200 @@ -47,9 +47,9 @@ } > /dev/null echo Settings applied. echo - dmesg | grep -E -q 'nospectre_v2|spectre_v2=off' || { + dmesg | grep -E -q 'noibrs pcid nopti' || { echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this: - echo ' /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"' + echo ' /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs pcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=on pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"' echo } echo If you run fuzzing instances in docker, run them with \"--security-opt seccomp=unconfined\" for more speed. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/custom_mutators/gramatron/build_gramatron_mutator.sh new/AFLplusplus-4.04c/custom_mutators/gramatron/build_gramatron_mutator.sh --- old/AFLplusplus-4.03c/custom_mutators/gramatron/build_gramatron_mutator.sh 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/custom_mutators/gramatron/build_gramatron_mutator.sh 2022-10-11 15:40:55.000000000 +0200 @@ -125,7 +125,7 @@ } fi -test -d json-c/.git || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } +test -e json-c/.git || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } echo "[+] Got json-c." test -e json-c/.libs/libjson-c.a || { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/custom_mutators/grammar_mutator/build_grammar_mutator.sh new/AFLplusplus-4.04c/custom_mutators/grammar_mutator/build_grammar_mutator.sh --- old/AFLplusplus-4.03c/custom_mutators/grammar_mutator/build_grammar_mutator.sh 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/custom_mutators/grammar_mutator/build_grammar_mutator.sh 2022-10-11 15:40:55.000000000 +0200 @@ -119,7 +119,7 @@ } fi -test -f grammar_mutator/.git || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } +test -e grammar_mutator/.git || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } echo "[+] Got grammar mutator." cd "grammar_mutator" || exit 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/docs/Changelog.md new/AFLplusplus-4.04c/docs/Changelog.md --- old/AFLplusplus-4.03c/docs/Changelog.md 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/docs/Changelog.md 2022-10-11 15:40:55.000000000 +0200 @@ -4,6 +4,26 @@ release of the tool. See README.md for the general instruction manual. +### Version ++4.04c (release) + - fix gramatron and grammar_mutator build scripts + - enhancements to the afl-persistent-config and afl-system-config + scripts + - afl-fuzz: + - force writing all stats on exit + - afl-cc: + - make gcc_mode (afl-gcc-fast) work with gcc down to version 3.6 + - qemu_mode: + - fixed 10x speed degredation in v4.03c, thanks to @ele7enxxh for + reporting! + - added qemu_mode/fastexit helper library + - unicorn_mode: + - Enabled tricore arch (by @jma-qb) + - Updated Capstone version in Rust bindings + - llvm-mode: + - AFL runtime will always pass inputs via shared memory, when possible, + ignoring the command line. + + ### Version ++4.03c (release) - Building now gives a build summary what succeeded and what not - afl-fuzz: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/docs/custom_mutators.md new/AFLplusplus-4.04c/docs/custom_mutators.md --- old/AFLplusplus-4.03c/docs/custom_mutators.md 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/docs/custom_mutators.md 2022-10-11 15:40:55.000000000 +0200 @@ -68,7 +68,7 @@ def init(seed): pass -def fuzz_count(buf, add_buf, max_size): +def fuzz_count(buf): return cnt def fuzz(buf, add_buf, max_size): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/include/config.h new/AFLplusplus-4.04c/include/config.h --- old/AFLplusplus-4.03c/include/config.h 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/include/config.h 2022-10-11 15:40:55.000000000 +0200 @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.03c" +#define VERSION "++4.04c" /****************************************************** * * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/instrumentation/README.llvm.md new/AFLplusplus-4.04c/instrumentation/README.llvm.md --- old/AFLplusplus-4.03c/instrumentation/README.llvm.md 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/instrumentation/README.llvm.md 2022-10-11 15:40:55.000000000 +0200 @@ -116,7 +116,7 @@ Several options are present to make llvm_mode faster or help it rearrange the code to make afl-fuzz path discovery easier. -If you need just to instrument specific parts of the code, you can the +If you need just to instrument specific parts of the code, you can create the instrument file list which C/C++ files to actually instrument. See [README.instrument_list.md](README.instrument_list.md) @@ -275,4 +275,4 @@ Please note that the default counter implementations are not thread safe! Support for thread safe counters in mode LLVM CLASSIC can be activated with -setting `AFL_LLVM_THREADSAFE_INST=1`. \ No newline at end of file +setting `AFL_LLVM_THREADSAFE_INST=1`. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/instrumentation/afl-compiler-rt.o.c new/AFLplusplus-4.04c/instrumentation/afl-compiler-rt.o.c --- old/AFLplusplus-4.03c/instrumentation/afl-compiler-rt.o.c 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/instrumentation/afl-compiler-rt.o.c 2022-10-11 15:40:55.000000000 +0200 @@ -97,11 +97,13 @@ u8 *__afl_fuzz_ptr; static u32 __afl_fuzz_len_dummy; u32 *__afl_fuzz_len = &__afl_fuzz_len_dummy; +int __afl_sharedmem_fuzzing __attribute__((weak)); u32 __afl_final_loc; u32 __afl_map_size = MAP_SIZE; u32 __afl_dictionary_len; u64 __afl_map_addr; +u32 __afl_first_final_loc; // for the __AFL_COVERAGE_ON/__AFL_COVERAGE_OFF features to work: int __afl_selective_coverage __attribute__((weak)); @@ -118,8 +120,6 @@ __thread u32 __afl_prev_ctx; #endif -int __afl_sharedmem_fuzzing __attribute__((weak)); - struct cmp_map *__afl_cmp_map; struct cmp_map *__afl_cmp_map_backup; @@ -319,13 +319,16 @@ } else { - if (!getenv("AFL_QUIET")) + if (__afl_final_loc > MAP_INITIAL_SIZE && !getenv("AFL_QUIET")) { + fprintf(stderr, "Warning: AFL++ tools might need to set AFL_MAP_SIZE to %u " "to be able to run this instrumented program if this " "crashes!\n", __afl_final_loc); + } + } } @@ -343,29 +346,51 @@ } - if (!id_str && __afl_area_ptr_dummy == __afl_area_initial) { + if (__afl_sharedmem_fuzzing && (!id_str || !getenv(SHM_FUZZ_ENV_VAR) || + fcntl(FORKSRV_FD, F_GETFD) == -1 || + fcntl(FORKSRV_FD + 1, F_GETFD) == -1)) { + + if (__afl_debug) { + + fprintf(stderr, + "DEBUG: running not inside afl-fuzz, disabling shared memory " + "testcases\n"); + + } + + __afl_sharedmem_fuzzing = 0; + + } + + if (!id_str) { u32 val = 0; u8 *ptr; - if ((ptr = getenv("AFL_MAP_SIZE")) != NULL) val = atoi(ptr); + if ((ptr = getenv("AFL_MAP_SIZE")) != NULL) { val = atoi(ptr); } if (val > MAP_INITIAL_SIZE) { __afl_map_size = val; - __afl_area_ptr_dummy = malloc(__afl_map_size); - if (!__afl_area_ptr_dummy) { - fprintf(stderr, - "Error: AFL++ could not aquire %u bytes of memory, exiting!\n", - __afl_map_size); - exit(-1); + } else { + + if (__afl_first_final_loc > MAP_INITIAL_SIZE) { + + // done in second stage constructor + __afl_map_size = __afl_first_final_loc; + + } else { + + __afl_map_size = MAP_INITIAL_SIZE; } - } else { + } + + if (__afl_map_size > MAP_INITIAL_SIZE && __afl_final_loc < __afl_map_size) { - __afl_map_size = MAP_INITIAL_SIZE; + __afl_final_loc = __afl_map_size; } @@ -516,7 +541,9 @@ } - } else if (__afl_final_loc > __afl_map_size) { + } else if (__afl_final_loc > MAP_INITIAL_SIZE && + + __afl_final_loc > __afl_first_final_loc) { if (__afl_area_initial != __afl_area_ptr_dummy) { @@ -531,13 +558,13 @@ if (!__afl_area_ptr_dummy) { fprintf(stderr, - "Error: AFL++ could not aquire %u bytes of memory, exiting!\n", + "Error: AFL++ could not acquire %u bytes of memory, exiting!\n", __afl_final_loc); exit(-1); } - } + } // else: nothing to be done __afl_area_ptr_backup = __afl_area_ptr; @@ -745,10 +772,10 @@ assume we're not running in forkserver mode and just execute program. */ status |= (FS_OPT_ENABLED | FS_OPT_SNAPSHOT | FS_OPT_NEWCMPLOG); - if (__afl_sharedmem_fuzzing != 0) status |= FS_OPT_SHDMEM_FUZZ; + if (__afl_sharedmem_fuzzing) { status |= FS_OPT_SHDMEM_FUZZ; } if (__afl_map_size <= FS_OPT_MAX_MAPSIZE) status |= (FS_OPT_SET_MAPSIZE(__afl_map_size) | FS_OPT_MAPSIZE); - if (__afl_dictionary_len && __afl_dictionary) status |= FS_OPT_AUTODICT; + if (__afl_dictionary_len && __afl_dictionary) { status |= FS_OPT_AUTODICT; } memcpy(tmp, &status, 4); if (write(FORKSRV_FD + 1, tmp, 4) != 4) { return; } @@ -1009,7 +1036,7 @@ } - if (__afl_sharedmem_fuzzing != 0) { status_for_fsrv |= FS_OPT_SHDMEM_FUZZ; } + if (__afl_sharedmem_fuzzing) { status_for_fsrv |= FS_OPT_SHDMEM_FUZZ; } if (status_for_fsrv) { status_for_fsrv |= (FS_OPT_ENABLED | FS_OPT_NEWCMPLOG); @@ -1375,21 +1402,24 @@ if (getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) return; u8 *ptr; - if (__afl_final_loc) { + if (__afl_final_loc > MAP_INITIAL_SIZE) { + + __afl_first_final_loc = __afl_final_loc + 1; if (__afl_area_ptr && __afl_area_ptr != __afl_area_initial) free(__afl_area_ptr); if (__afl_map_addr) - ptr = (u8 *)mmap((void *)__afl_map_addr, __afl_final_loc, + ptr = (u8 *)mmap((void *)__afl_map_addr, __afl_first_final_loc, PROT_READ | PROT_WRITE, MAP_FIXED_NOREPLACE | MAP_SHARED | MAP_ANONYMOUS, -1, 0); else - ptr = (u8 *)malloc(__afl_final_loc); + ptr = (u8 *)malloc(__afl_first_final_loc); if (ptr && (ssize_t)ptr != -1) { __afl_area_ptr = ptr; + __afl_area_ptr_dummy = __afl_area_ptr; __afl_area_ptr_backup = __afl_area_ptr; } @@ -1407,14 +1437,18 @@ __afl_already_initialized_first = 1; if (getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) return; - u8 *ptr = (u8 *)malloc(MAP_INITIAL_SIZE); - if (ptr && (ssize_t)ptr != -1) { + /* + u8 *ptr = (u8 *)malloc(MAP_INITIAL_SIZE); - __afl_area_ptr = ptr; - __afl_area_ptr_backup = __afl_area_ptr; + if (ptr && (ssize_t)ptr != -1) { - } + __afl_area_ptr = ptr; + __afl_area_ptr_backup = __afl_area_ptr; + + } + + */ } // ptr memleak report is a false positive diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/instrumentation/afl-gcc-cmplog-pass.so.cc new/AFLplusplus-4.04c/instrumentation/afl-gcc-cmplog-pass.so.cc --- old/AFLplusplus-4.03c/instrumentation/afl-gcc-cmplog-pass.so.cc 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/instrumentation/afl-gcc-cmplog-pass.so.cc 2022-10-11 15:40:55.000000000 +0200 @@ -243,9 +243,9 @@ tree t = build_nonstandard_integer_type(sz, 1); - tree s = make_ssa_name(t); - gimple *g = gimple_build_assign(s, VIEW_CONVERT_EXPR, - build1(VIEW_CONVERT_EXPR, t, lhs)); + tree s = make_ssa_name(t); + gimple g = gimple_build_assign(s, VIEW_CONVERT_EXPR, + build1(VIEW_CONVERT_EXPR, t, lhs)); lhs = s; gsi_insert_before(&gsi, g, GSI_SAME_STMT); @@ -263,8 +263,8 @@ lhs = fold_convert_loc(UNKNOWN_LOCATION, t, lhs); if (!is_gimple_val(lhs)) { - tree s = make_ssa_name(t); - gimple *g = gimple_build_assign(s, lhs); + tree s = make_ssa_name(t); + gimple g = gimple_build_assign(s, lhs); lhs = s; gsi_insert_before(&gsi, g, GSI_SAME_STMT); @@ -273,16 +273,16 @@ rhs = fold_convert_loc(UNKNOWN_LOCATION, t, rhs); if (!is_gimple_val(rhs)) { - tree s = make_ssa_name(t); - gimple *g = gimple_build_assign(s, rhs); + tree s = make_ssa_name(t); + gimple g = gimple_build_assign(s, rhs); rhs = s; gsi_insert_before(&gsi, g, GSI_SAME_STMT); } /* Insert the call. */ - tree att = build_int_cst(t8u, attr); - gimple *call; + tree att = build_int_cst(t8u, attr); + gimple call; if (pass_n) call = gimple_build_call(fn, 4, lhs, rhs, att, build_int_cst(t8u, sz / 8 - 1)); @@ -305,7 +305,7 @@ gimple_stmt_iterator gsi = gsi_last_bb(bb); if (gsi_end_p(gsi)) continue; - gimple *stmt = gsi_stmt(gsi); + gimple stmt = gsi_stmt(gsi); if (gimple_code(stmt) == GIMPLE_COND) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/instrumentation/afl-gcc-cmptrs-pass.so.cc new/AFLplusplus-4.04c/instrumentation/afl-gcc-cmptrs-pass.so.cc --- old/AFLplusplus-4.03c/instrumentation/afl-gcc-cmptrs-pass.so.cc 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/instrumentation/afl-gcc-cmptrs-pass.so.cc 2022-10-11 15:40:55.000000000 +0200 @@ -241,7 +241,7 @@ for (gimple_stmt_iterator gsi = gsi_after_labels(bb); !gsi_end_p(gsi); gsi_next(&gsi)) { - gimple *stmt = gsi_stmt(gsi); + gimple stmt = gsi_stmt(gsi); /* We're only interested in GIMPLE_CALLs. */ if (gimple_code(stmt) != GIMPLE_CALL) continue; @@ -291,8 +291,8 @@ tree c = fold_convert_loc(UNKNOWN_LOCATION, tp8u, arg[i]); if (!is_gimple_val(c)) { - tree s = make_ssa_name(tp8u); - gimple *g = gimple_build_assign(s, c); + tree s = make_ssa_name(tp8u); + gimple g = gimple_build_assign(s, c); c = s; gsi_insert_before(&gsi, g, GSI_SAME_STMT); @@ -302,7 +302,7 @@ } - gimple *call = gimple_build_call(fn, 2, arg[0], arg[1]); + gimple call = gimple_build_call(fn, 2, arg[0], arg[1]); gsi_insert_before(&gsi, call, GSI_SAME_STMT); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/instrumentation/afl-gcc-common.h new/AFLplusplus-4.04c/instrumentation/afl-gcc-common.h --- old/AFLplusplus-4.03c/instrumentation/afl-gcc-common.h 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/instrumentation/afl-gcc-common.h 2022-10-11 15:40:55.000000000 +0200 @@ -498,3 +498,11 @@ } // namespace +// compatibility for older gcc versions +#if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) >= \ + 60200 /* >= version 6.2.0 */ + #define gimple gimple * +#else + #define gimple gimple +#endif + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/instrumentation/afl-gcc-pass.so.cc new/AFLplusplus-4.04c/instrumentation/afl-gcc-pass.so.cc --- old/AFLplusplus-4.03c/instrumentation/afl-gcc-pass.so.cc 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/instrumentation/afl-gcc-pass.so.cc 2022-10-11 15:40:55.000000000 +0200 @@ -125,7 +125,10 @@ */ #include "afl-gcc-common.h" -#include "memmodel.h" +#if (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) >= \ + 60200 /* >= version 6.2.0 */ + #include "memmodel.h" +#endif /* This plugin, being under the same license as GCC, satisfies the "GPL-compatible Software" definition in the GCC RUNTIME LIBRARY diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/qemu_mode/QEMUAFL_VERSION new/AFLplusplus-4.04c/qemu_mode/QEMUAFL_VERSION --- old/AFLplusplus-4.03c/qemu_mode/QEMUAFL_VERSION 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/qemu_mode/QEMUAFL_VERSION 2022-10-11 15:40:55.000000000 +0200 @@ -1 +1 @@ -dc19175a0b +ff9de4fbeb diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/qemu_mode/README.md new/AFLplusplus-4.04c/qemu_mode/README.md --- old/AFLplusplus-4.03c/qemu_mode/README.md 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/qemu_mode/README.md 2022-10-11 15:40:55.000000000 +0200 @@ -13,8 +13,8 @@ The usual performance cost is 2-5x, which is considerably better than seen so far in experiments with tools such as DynamoRIO and PIN. -The idea and much of the initial implementation comes from Andrew Griffiths. The -actual implementation on current QEMU (shipped as qemuafl) is from Andrea +The idea and much of the initial implementation comes from Andrew Griffiths. +The actual implementation on current QEMU (shipped as qemuafl) is from Andrea Fioraldi. Special thanks to abiondo that re-enabled TCG chaining. ## 2) How to use QEMU mode @@ -30,17 +30,13 @@ Once the binaries are compiled, you can leverage the QEMU tool by calling afl-fuzz and all the related utilities with `-Q` in the command line. -Note that QEMU requires a generous memory limit to run; somewhere around 200 MB -is a good starting point, but considerably more may be needed for more complex -programs. The default `-m` limit will be automatically bumped up to 200 MB when -specifying `-Q` to afl-fuzz; be careful when overriding this. - In principle, if you set `CPU_TARGET` before calling ./build_qemu_support.sh, you should get a build capable of running non-native binaries (say, you can try `CPU_TARGET=arm`). This is also necessary for running 32-bit binaries on a 64-bit system (`CPU_TARGET=i386`). If you're trying to run QEMU on a different architecture, you can also set `HOST` to the cross-compiler prefix to use (for example `HOST=arm-linux-gnueabi` to use arm-linux-gnueabi-gcc). +Another common target is `CPU_TARGET=aarch64`. You can also compile statically-linked binaries by setting `STATIC=1`. This can be useful when compiling QEMU on a different system than the one you're planning @@ -219,9 +215,6 @@ for AVX2/FMA3. Using binaries for older CPUs or recompiling them with `-march=core2`, can help. -Beyond that, this is an early-stage mechanism, so fields reports are welcome. -You can send them to <afl-users@googlegroups.com>. - ## 14) Alternatives: static rewriting Statically rewriting binaries just once, instead of attempting to translate them @@ -230,4 +223,4 @@ control flow without actually executing each and every code path. For more information and hints, check out -[docs/fuzzing_binary-only_targets.md](../docs/fuzzing_binary-only_targets.md). \ No newline at end of file +[docs/fuzzing_binary-only_targets.md](../docs/fuzzing_binary-only_targets.md). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/qemu_mode/README.persistent.md new/AFLplusplus-4.04c/qemu_mode/README.persistent.md --- old/AFLplusplus-4.03c/qemu_mode/README.persistent.md 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/qemu_mode/README.persistent.md 2022-10-11 15:40:55.000000000 +0200 @@ -27,11 +27,12 @@ return to START (like WinAFL). *Note:* If the target is compiled with position independent code (PIE/PIC) qemu -loads these to a specific base address. For 64 bit you have to add 0x4000000000 -(9 zeroes) and for 32 bit 0x40000000 (7 zeroes) to the address. On strange -setups the base address set by QEMU for PIE executable may change. You can check -it printing the process map using `AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace -TARGET-BINARY`. +loads these to a specific base address. For amd64 bit you have to add +0x4000000000 (9 zeroes) and for 32 bit 0x40000000 (7 zeroes) to the address. +For aarch64 it is usually 0x5500000000. +On strange setups the base address set by QEMU for PIE executable may change. +You can check it printing the process map using +`AFL_QEMU_DEBUG_MAPS=1 afl-qemu-trace TARGET-BINARY`. If this address is not valid, afl-fuzz will error during startup with the message that the forkserver was not found. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/qemu_mode/build_qemu_support.sh new/AFLplusplus-4.04c/qemu_mode/build_qemu_support.sh --- old/AFLplusplus-4.03c/qemu_mode/build_qemu_support.sh 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/qemu_mode/build_qemu_support.sh 2022-10-11 15:40:55.000000000 +0200 @@ -360,8 +360,10 @@ make -C libcompcov && echo "[+] libcompcov ready" echo "[+] Building unsigaction ..." make -C unsigaction && echo "[+] unsigaction ready" + echo "[+] Building fastexit ..." + make -C fastexit && echo "[+] fastexit ready" echo "[+] Building libqasan ..." - make -C libqasan && echo "[+] unsigaction ready" + make -C libqasan && echo "[+] libqasan ready" echo "[+] Building qemu libfuzzer helpers ..." make -C ../utils/aflpp_driver else diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/qemu_mode/fastexit/Makefile new/AFLplusplus-4.04c/qemu_mode/fastexit/Makefile --- old/AFLplusplus-4.03c/qemu_mode/fastexit/Makefile 1970-01-01 01:00:00.000000000 +0100 +++ new/AFLplusplus-4.04c/qemu_mode/fastexit/Makefile 2022-10-11 15:40:55.000000000 +0200 @@ -0,0 +1,30 @@ +# +# american fuzzy lop++ - fastexit +# -------------------------------- +# +# Written by Andrea Fioraldi <andreafioraldi@gmail.com> +# +# Copyright 2019-2022 Andrea Fioraldi. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# + +TARGETS=fastexit.so fastexit32.so fastexit64.so + +all: $(TARGETS) + +fastexit.so: fastexit.c + @if $(CC) -fPIC -shared fastexit.c -o fastexit.so 2>/dev/null ; then echo "fastexit build success"; else echo "fastexit build failure (that's fine)"; fi + +fastexit32.so: fastexit.c + @if $(CC) -fPIC -m32 -shared fastexit.c -o fastexit32.so 2>/dev/null ; then echo "fastexit32 build success"; else echo "fastexit32 build failure (that's fine)"; fi + +fastexit64.so: fastexit.c + @if $(CC) -fPIC -m64 -shared fastexit.c -o fastexit64.so 2>/dev/null ; then echo "fastexit64 build success"; else echo "fastexit64 build failure (that's fine)"; fi + +clean: + rm -f fastexit.so diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/qemu_mode/fastexit/README.md new/AFLplusplus-4.04c/qemu_mode/fastexit/README.md --- old/AFLplusplus-4.03c/qemu_mode/fastexit/README.md 1970-01-01 01:00:00.000000000 +0100 +++ new/AFLplusplus-4.04c/qemu_mode/fastexit/README.md 2022-10-11 15:40:55.000000000 +0200 @@ -0,0 +1,5 @@ +# fastexit + +This library forces _exit on exit when preloaded to gain speed. + +Gives speed on complex targets like Android or Wine. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/qemu_mode/fastexit/fastexit.c new/AFLplusplus-4.04c/qemu_mode/fastexit/fastexit.c --- old/AFLplusplus-4.03c/qemu_mode/fastexit/fastexit.c 1970-01-01 01:00:00.000000000 +0100 +++ new/AFLplusplus-4.04c/qemu_mode/fastexit/fastexit.c 2022-10-11 15:40:55.000000000 +0200 @@ -0,0 +1,6 @@ +#include <unistd.h> +#include <stdlib.h> + +void exit(int status) { + _exit(status); +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/qemu_mode/libqasan/malloc.c new/AFLplusplus-4.04c/qemu_mode/libqasan/malloc.c --- old/AFLplusplus-4.03c/qemu_mode/libqasan/malloc.c 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/qemu_mode/libqasan/malloc.c 2022-10-11 15:40:55.000000000 +0200 @@ -306,9 +306,7 @@ } - size_t rem = len % align; - size_t size = len; - if (rem) size += rem; + size_t size = len + align; int state = QASAN_SWAP(QASAN_DISABLED); // disable qasan for this thread diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/src/afl-cc.c new/AFLplusplus-4.04c/src/afl-cc.c --- old/AFLplusplus-4.03c/src/afl-cc.c 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/src/afl-cc.c 2022-10-11 15:40:55.000000000 +0200 @@ -317,7 +317,7 @@ char *tmp = malloc(strlen(ptr)); u32 count = 0, len, ende = 0; - if (!new || !tmp) { FATAL("could not aquire memory"); } + if (!new || !tmp) { FATAL("could not acquire memory"); } strcpy(new, "-fsanitize="); do { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/src/afl-fuzz.c new/AFLplusplus-4.04c/src/afl-fuzz.c --- old/AFLplusplus-4.03c/src/afl-fuzz.c 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/src/afl-fuzz.c 2022-10-11 15:40:55.000000000 +0200 @@ -2132,6 +2132,20 @@ } + if (afl->fsrv.out_file && afl->fsrv.use_shmem_fuzz) { + + afl->fsrv.out_file = NULL; + afl->fsrv.use_stdin = 0; + if (!afl->unicorn_mode && !afl->fsrv.use_stdin) { + + WARNF( + "You specified -f or @@ on the command line but the target harness " + "specified fuzz cases via shmem, switching to shmem!"); + + } + + } + deunicode_extras(afl); dedup_extras(afl); if (afl->extras_cnt) { OKF("Loaded a total of %u extras.", afl->extras_cnt); } @@ -2556,6 +2570,7 @@ stop_fuzzing: afl->force_ui_update = 1; // ensure the screen is reprinted + afl->stop_soon = 1; // ensure everything is written show_stats(afl); // print the screen one last time write_bitmap(afl); save_auto(afl); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/src/afl-showmap.c new/AFLplusplus-4.04c/src/afl-showmap.c --- old/AFLplusplus-4.03c/src/afl-showmap.c 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/src/afl-showmap.c 2022-10-11 15:40:55.000000000 +0200 @@ -1268,7 +1268,7 @@ (new_map_size > map_size && new_map_size - map_size > MAP_SIZE)) { if (!be_quiet) - ACTF("Aquired new map size for target: %u bytes\n", new_map_size); + ACTF("Acquired new map size for target: %u bytes\n", new_map_size); afl_shm_deinit(&shm); afl_fsrv_kill(fsrv); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/src/afl-tmin.c new/AFLplusplus-4.04c/src/afl-tmin.c --- old/AFLplusplus-4.03c/src/afl-tmin.c 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/src/afl-tmin.c 2022-10-11 15:40:55.000000000 +0200 @@ -1252,7 +1252,7 @@ (new_map_size > map_size && new_map_size - map_size > MAP_SIZE)) { if (!be_quiet) - ACTF("Aquired new map size for target: %u bytes\n", new_map_size); + ACTF("Acquired new map size for target: %u bytes\n", new_map_size); afl_shm_deinit(&shm); afl_fsrv_kill(fsrv); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/unicorn_mode/UNICORNAFL_VERSION new/AFLplusplus-4.04c/unicorn_mode/UNICORNAFL_VERSION --- old/AFLplusplus-4.03c/unicorn_mode/UNICORNAFL_VERSION 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/unicorn_mode/UNICORNAFL_VERSION 2022-10-11 15:40:55.000000000 +0200 @@ -1 +1 @@ -6e00ceac +0a31c2b28bf7037fe8b0ff376521fdbdf28a9efe diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/unicorn_mode/samples/speedtest/rust/Cargo.toml new/AFLplusplus-4.04c/unicorn_mode/samples/speedtest/rust/Cargo.toml --- old/AFLplusplus-4.03c/unicorn_mode/samples/speedtest/rust/Cargo.toml 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/unicorn_mode/samples/speedtest/rust/Cargo.toml 2022-10-11 15:40:55.000000000 +0200 @@ -11,5 +11,5 @@ [dependencies] unicornafl = { path = "../../../unicornafl/bindings/rust/", version="1.0.0" } -capstone="0.10.0" +capstone="0.11.0" libc="0.2.66" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/utils/aflpp_driver/aflpp_driver.c new/AFLplusplus-4.04c/utils/aflpp_driver/aflpp_driver.c --- old/AFLplusplus-4.03c/utils/aflpp_driver/aflpp_driver.c 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/utils/aflpp_driver/aflpp_driver.c 2022-10-11 15:40:55.000000000 +0200 @@ -35,6 +35,7 @@ #include <assert.h> #include <errno.h> #include <stdarg.h> +#include <stdbool.h> #include <stdint.h> #include <stdio.h> #include <stdlib.h> @@ -68,7 +69,7 @@ int LLVMFuzzerRunDriver(int *argc, char ***argv, int (*callback)(const uint8_t *data, size_t size)); -// Default nop ASan hooks for manual posisoning when not linking the ASan +// Default nop ASan hooks for manual poisoning when not linking the ASan // runtime // https://github.com/google/sanitizers/wiki/AddressSanitizerManualPoisoning __attribute__((weak)) void __asan_poison_memory_region( @@ -290,6 +291,12 @@ } + bool in_afl = !(!getenv(SHM_FUZZ_ENV_VAR) || !getenv(SHM_ENV_VAR) || + fcntl(FORKSRV_FD, F_GETFD) == -1 || + fcntl(FORKSRV_FD + 1, F_GETFD) == -1); + + if (!in_afl) { __afl_sharedmem_fuzzing = 0; } + output_file = stderr; maybe_duplicate_stderr(); maybe_close_fd_mask(); @@ -310,23 +317,20 @@ int N = INT_MAX; - if (argc == 2 && !strcmp(argv[1], "-")) { + if (!in_afl && argc == 2 && !strcmp(argv[1], "-")) { - __afl_sharedmem_fuzzing = 0; __afl_manual_init(); return ExecuteFilesOnyByOne(argc, argv, callback); - } else if (argc == 2 && argv[1][0] == '-') { + } else if (argc == 2 && argv[1][0] == '-' && argv[1][1]) { N = atoi(argv[1] + 1); - } else if (argc == 2 && (N = atoi(argv[1])) > 0) { + } else if (argc == 2 && argv[1][0] != '-' && (N = atoi(argv[1])) > 0) { printf("WARNING: using the deprecated call style `%s %d`\n", argv[0], N); - } else if (argc > 1) { - - __afl_sharedmem_fuzzing = 0; + } else if (!in_afl && argc > 1 && argv[1][0] != '-') { if (argc == 2) { __afl_manual_init(); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/utils/libdislocator/README.md new/AFLplusplus-4.04c/utils/libdislocator/README.md --- old/AFLplusplus-4.03c/utils/libdislocator/README.md 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/utils/libdislocator/README.md 2022-10-11 15:40:55.000000000 +0200 @@ -34,8 +34,8 @@ - Size alignment to `max_align_t` can be enforced with `AFL_ALIGNED_ALLOC=1`. In this case, a tail canary is inserted in the padding bytes at the end of the - allocated zone. This reduce the ability of libdislocator to detect - off-by-one bugs but also it make slibdislocator compliant to the C standard. + allocated zone. This reduces the ability of libdislocator to detect + off-by-one bugs but also it makes libdislocator compliant to the C standard. Basically, it is inspired by some of the non-default options available for the OpenBSD allocator - see malloc.conf(5) on that platform for reference. It is diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/AFLplusplus-4.03c/utils/libdislocator/libdislocator.so.c new/AFLplusplus-4.04c/utils/libdislocator/libdislocator.so.c --- old/AFLplusplus-4.03c/utils/libdislocator/libdislocator.so.c 2022-09-20 17:37:20.000000000 +0200 +++ new/AFLplusplus-4.04c/utils/libdislocator/libdislocator.so.c 2022-10-11 15:40:55.000000000 +0200 @@ -510,6 +510,24 @@ } +int reallocarr(void *ptr, size_t elem_len, size_t elem_cnt) { + + void *ret = NULL; + const size_t elem_tot = elem_len * elem_cnt; + + if (elem_tot == 0) { + + void **h = &ptr; + *h = ret; + return 0; + + } + + ret = reallocarray(ptr, elem_len, elem_cnt); + return ret ? 0 : -1; + +} + #if defined(__APPLE__) size_t malloc_size(const void *ptr) {