Merge pull request AFLplusplus#2679 from AFLplusplus/dev

push to stable

Author: vanhauser-thc

.custom-format.py

@@ -65,7 +65,7 @@ def check_clang_format_pip_version():
 if shutil.which(CLANG_FORMAT_BIN) is None \
         and CLANG_FORMAT_PIP is False:
     print(f"[!] clang-format-{CURRENT_LLVM} is needed. Aborted.")
-    print(f"Run `pip3 install \"clang-format=={CURRENT_LLVM}.*\"` \
+    print(f"Run `pip3 install --break-system-packages \"clang-format=={CURRENT_LLVM}.*\"` \
 to install via pip.")
     exit(1)
 

TODO.md

@@ -3,7 +3,7 @@
 ## Must
 
  - afl_fsrv_deinit cmplog
- - check for null ptr for xml/curl/g_ string transform functions
+ - ijon support?
  - hardened_usercopy=0 page_alloc.shuffle=0
  - add value_profile but only enable after 15 minutes without finds
  - cmplog max items env?

afl-cmin.bash

@@ -191,14 +191,15 @@ if [ "$AFL_ALLOW_TMP" = "" ]; then
 
 fi
 
-# If @@ is specified, but there's no -f, let's come up with a temporary input
+# If placeholder is specified, but there's no -f, let's come up with a temporary input
 # file name.
+PLACEHOLDER="${AFL_INPUT_PLACEHOLDER:-@@}"
 
 TRACE_DIR="$OUT_DIR/.traces"
 
 if [ "$STDIN_FILE" = "" ]; then
 
-  if echo "$*" | grep -qF '@@'; then
+  if echo "$*" | grep -qF "$PLACEHOLDER"; then
     STDIN_FILE="$TRACE_DIR/.cur_input"
   fi
 

afl-cmin.py

@@ -374,9 +374,10 @@ def afl_showmap(
         "-Z",  # cmin mode
     ]
     # yapf: enable
+    placeholder = os.environ.get("AFL_INPUT_PLACEHOLDER", "@@")
     found_atat = False
     for arg in args.args:
-        if "@@" in arg:
+        if placeholder in arg:
             found_atat = True
 
     if args.stdin_file:

custom_mutators/aflpp_tritondse/aflpp_tritondse.py

@@ -139,9 +139,10 @@ def init(seed):
         argv_tmp = [ os.environ['AFL_CUSTOM_INFO_PROGRAM'] ]
         argv_tmp += argv_list.split()
         argv = []
-        # now check for @@
+        placeholder = os.environ.get("AFL_INPUT_PLACEHOLDER", "@@")
+        # now check for placeholder
         for item in argv_tmp:
-            if "@@" in item:
+            if placeholder in item:
                 input_file = out_path + '/../.input'
                 argv.append(input_file)
             else:

custom_mutators/symqemu/symqemu.c

@@ -105,6 +105,9 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) {
 
   u8 *tmp = NULL;
   if ((tmp = getenv("AFL_CUSTOM_INFO_PROGRAM_ARGV")) && *tmp) {
+    char *placeholder = (char *) get_afl_env("AFL_INPUT_PLACEHOLDER");
+    if (!placeholder || !*placeholder) 
+      placeholder = (char *)"@@";
 
     int argc = 0, index = 2;
     for (u32 i = 0; i < strlen(tmp); ++i)
@@ -126,7 +129,7 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) {
 
       }
 
-      if (strcmp(data->argv[index], "@@") == 0) {
+      if (strcmp((char *)data->argv[index], placeholder) == 0) {
 
         if (!data->input_file) {
 

docs/Changelog.md

@@ -11,8 +11,12 @@
       change
   - afl-cc:
     - LLVM 22 support (they are again switching around include files ...)
+    - g_/curl_/xml_ string support for COMPCOV, thanks to @Prajwal-kp-18
   - afl-cmin:
-    - new implementation in C by @kcwu - thanks!
+    - new implementation in C by @kcwu - thanks! (it is the default now)
+    - afl-cmin.py was changing behaviour to hash the original filenames,
+      this was reverted.
+    - afl-cmin and afl-cmin.py honor `AFL_SHA1_FILENAMES` now
   - afl-showmap:
     - -f support added by Prajwal-kp-18 - thanks!
 

docs/env_variables.md

@@ -85,6 +85,12 @@ fairly broad use of environment variables instead:
 
     Note that this is an outdated variable. Only LLVM CLASSIC pass can use this.
 
+  - Setting `AFL_INPUT_PLACEHOLDER` to a string allows you to use that string 
+    as a placeholder instead of "@@" in the target command line arguments.
+    Use this when "@@" conflicts with the parameters of your program.
+    For eg. `AFL_INPUT_PLACEHOLDER=NEW_PLACEHOLDER afl-fuzz -i in -o out --
+    ./targetProgram NEW_PLACEHOLDER`
+
   - `AFL_NO_BUILTIN` causes the compiler to generate code suitable for use with
     libtokencap.so (but perhaps running a bit slower than without the flag).
 

include/envs.h

@@ -61,18 +61,19 @@ static char *afl_environment_variables[] = {
     "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES", "AFL_IGNORE_PROBLEMS",
     "AFL_IGNORE_PROBLEMS_COVERAGE", "AFL_IGNORE_SEED_PROBLEMS",
     "AFL_IGNORE_TIMEOUTS", "AFL_IGNORE_UNKNOWN_ENVS", "AFL_IMPORT_FIRST",
-    "AFL_IJON_HISTORY_LIMIT", "AFL_INPUT_LEN_MIN", "AFL_INPUT_LEN_MAX",
-    "AFL_INST_LIBS", "AFL_INST_RATIO", "AFL_KEEP_TIMEOUTS", "AFL_KILL_SIGNAL",
-    "AFL_FORK_SERVER_KILL_SIGNAL", "AFL_KEEP_TRACES", "AFL_KEEP_ASSEMBLY",
-    "AFL_LD_HARD_FAIL", "AFL_LD_LIMIT_MB", "AFL_LD_NO_CALLOC_OVER",
-    "AFL_LD_PASSTHROUGH", "AFL_REAL_LD", "AFL_LD_PRELOAD", "AFL_LD_VERBOSE",
-    "AFL_LLVM_ALLOWLIST", "AFL_LLVM_DENYLIST", "AFL_LLVM_BLOCKLIST",
-    "AFL_CMPLOG", "AFL_LLVM_CMPLOG", "AFL_GCC_CMPLOG", "AFL_LLVM_INSTRIM",
-    "AFL_LLVM_CALLER", "AFL_LLVM_CTX", "AFL_LLVM_NO_ERROR",
-    "AFL_LLVM_LTO_CALLER", "AFL_LLVM_LTO_CTX", "AFL_LLVM_LTO_CALLER_DEPTH",
-    "AFL_LLVM_LTO_CTX_DEPTH", "AFL_LLVM_CALLER_DEPTH", "AFL_LLVM_CTX_DEPTH",
-    "AFL_LLVM_CTX_K", "AFL_LLVM_DICT2FILE", "AFL_LLVM_DICT2FILE_NO_MAIN",
-    "AFL_LLVM_DOCUMENT_IDS", "AFL_LLVM_INSTRIM_LOOPHEAD", "AFL_LLVM_INSTRUMENT",
+    "AFL_IJON_HISTORY_LIMIT", "AFL_INPUT_PLACEHOLDER", "AFL_INPUT_LEN_MIN",
+    "AFL_INPUT_LEN_MAX", "AFL_INST_LIBS", "AFL_INST_RATIO", "AFL_KEEP_TIMEOUTS",
+    "AFL_KILL_SIGNAL", "AFL_FORK_SERVER_KILL_SIGNAL", "AFL_KEEP_TRACES",
+    "AFL_KEEP_ASSEMBLY", "AFL_LD_HARD_FAIL", "AFL_LD_LIMIT_MB",
+    "AFL_LD_NO_CALLOC_OVER", "AFL_LD_PASSTHROUGH", "AFL_REAL_LD",
+    "AFL_LD_PRELOAD", "AFL_LD_VERBOSE", "AFL_LLVM_ALLOWLIST",
+    "AFL_LLVM_DENYLIST", "AFL_LLVM_BLOCKLIST", "AFL_CMPLOG", "AFL_LLVM_CMPLOG",
+    "AFL_GCC_CMPLOG", "AFL_LLVM_INSTRIM", "AFL_LLVM_CALLER", "AFL_LLVM_CTX",
+    "AFL_LLVM_NO_ERROR", "AFL_LLVM_LTO_CALLER", "AFL_LLVM_LTO_CTX",
+    "AFL_LLVM_LTO_CALLER_DEPTH", "AFL_LLVM_LTO_CTX_DEPTH",
+    "AFL_LLVM_CALLER_DEPTH", "AFL_LLVM_CTX_DEPTH", "AFL_LLVM_CTX_K",
+    "AFL_LLVM_DICT2FILE", "AFL_LLVM_DICT2FILE_NO_MAIN", "AFL_LLVM_DOCUMENT_IDS",
+    "AFL_LLVM_INSTRIM_LOOPHEAD", "AFL_LLVM_INSTRUMENT",
     "AFL_LLVM_LTO_AUTODICTIONARY", "AFL_LLVM_AUTODICTIONARY",
     "AFL_LLVM_SKIPSINGLEBLOCK", "AFL_LLVM_IJON",
     // Marker: ADD_TO_INJECTIONS

include/forkserver.h

@@ -275,6 +275,9 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
 void              afl_fsrv_killall(void);
 void              afl_fsrv_deinit(afl_forkserver_t *fsrv);
 void              afl_fsrv_kill(afl_forkserver_t *fsrv);
+void              afl_fsrv_resize_mapsize(afl_forkserver_t *fsrv, void *shm_p,
+                                          char **use_argv, u32 map_size,
+                                          volatile u8 *stop_soon, bool unicorn_mode);
 
 #ifdef __linux__
 void nyx_load_target_hash(afl_forkserver_t *fsrv);