From 3d48adf43ccb0659557a40733071ca7c55c34cef Mon Sep 17 00:00:00 2001 From: Satori5ama <1242330740@qq.com> Date: Mon, 16 Dec 2024 20:05:50 +0800 Subject: [PATCH] afl-gcc.c comment --- src/.vscode/settings.json | 9 ++ src/afl-fuzz.c | 3 + src/afl-gcc.c | 331 ++++++++++++++++++++++---------------- 3 files changed, 206 insertions(+), 137 deletions(-) create mode 100644 src/.vscode/settings.json diff --git a/src/.vscode/settings.json b/src/.vscode/settings.json new file mode 100644 index 0000000..471970e --- /dev/null +++ b/src/.vscode/settings.json @@ -0,0 +1,9 @@ +{ + "files.associations": { + "*.vue": "vue", + "*.wpy": "vue", + "*.wxml": "html", + "*.wxss": "css", + "string.h": "c" + } +} \ No newline at end of file diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 46a216c..338d251 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -7795,15 +7795,18 @@ int main(int argc, char** argv) { gettimeofday(&tv, &tz); srandom(tv.tv_sec ^ tv.tv_usec ^ getpid()); + // argv 处理 while ((opt = getopt(argc, argv, "+i:o:f:m:b:t:T:dnCB:S:M:x:QV")) > 0) switch (opt) { case 'i': /* input dir */ + // 初始 corpus 目录 if (in_dir) FATAL("Multiple -i options not supported"); in_dir = optarg; + // 若使用 "-i -",则表示 in-place resume if (!strcmp(in_dir, "-")) in_place_resume = 1; break; diff --git a/src/afl-gcc.c b/src/afl-gcc.c index f0e4d85..2e6dffc 100644 --- a/src/afl-gcc.c +++ b/src/afl-gcc.c @@ -1,42 +1,38 @@ /* - Copyright 2013 Google LLC All rights reserved. + Copyright 2013 Google LLC 版权所有,保留所有权利。 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at: + 根据 Apache 许可证,版本 2.0(以下简称 "许可证")进行许可; + 除非遵守该许可证,否则你不得使用此文件。 + 你可以在以下网址获取许可副本: http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. + 除非适用法律要求或书面同意,依据许可证分发的软件是按“原样”基础提供的, + 不提供任何形式的担保和条件,无论是明示的还是隐性的。 + 请参阅许可证以获取有关权限和限制的具体规定。 */ /* - american fuzzy lop - wrapper for GCC and clang + American Fuzzy Lop - GCC 和 Clang 的封装器 ---------------------------------------------- - Written and maintained by Michal Zalewski + 作者及维护者:Michal Zalewski - This program is a drop-in replacement for GCC or clang. The most common way - of using it is to pass the path to afl-gcc or afl-clang via CC when invoking - ./configure. + 本程序是 GCC 或 Clang 的直接替代品。使用它的最常见方法 + 是在调用 ./configure 时通过 CC 传递 afl-gcc 或 afl-clang 的路径。 - (Of course, use CXX and point it to afl-g++ / afl-clang++ for C++ code.) + (当然,使用 CXX 并将其指向 afl-g++ / afl-clang++ 用于 C++ 代码。) - The wrapper needs to know the path to afl-as (renamed to 'as'). The default - is /usr/local/lib/afl/. A convenient way to specify alternative directories - would be to set AFL_PATH. + 封装器需要知道 afl-as 的路径(重命名为 'as')。默认路径 + 是 /usr/local/lib/afl/。指定备用目录的一个方便方法 + 是设置 AFL_PATH。 - If AFL_HARDEN is set, the wrapper will compile the target app with various - hardening options that may help detect memory management issues more - reliably. You can also specify AFL_USE_ASAN to enable ASAN. - - If you want to call a non-default compiler as a next step of the chain, - specify its location via AFL_CC or AFL_CXX. + 如果设置了 AFL_HARDEN,封装器将在目标应用程序中使用各种 + 加固选项进行编译,这可能有助于更可靠地检测内存管理问题。 + 你还可以指定 AFL_USE_ASAN 来启用 ASAN。 + 如果你想在链的下一步调用非默认编译器, + 通过 AFL_CC 或 AFL_CXX 指定其位置。 */ #define AFL_MAIN @@ -51,38 +47,40 @@ #include #include -static u8* as_path; /* Path to the AFL 'as' wrapper */ -static u8** cc_params; /* Parameters passed to the real CC */ -static u32 cc_par_cnt = 1; /* Param count, including argv0 */ -static u8 be_quiet, /* Quiet mode */ - clang_mode; /* Invoked as afl-clang*? */ - +static u8 *as_path; /*AFL“as”包装器的路径*/ +static u8 **cc_params; /*传递给真实CC的参数*/ +static u32 cc_par_cnt = 1; /*参数计数,包括argv0*/ +static u8 be_quiet, /*静音模式*/ + clang_mode; /*被称为afl clang模式**/ -/* Try to find our "fake" GNU assembler in AFL_PATH or at the location derived - from argv[0]. If that fails, abort. */ +/* 尝试在 AFL_PATH 或从 argv[0] 派生的位置找到我们的“假”GNU 汇编器。 + 如果失败,则中止。 */ -static void find_as(u8* argv0) { +static void find_as(u8 *argv0) +{ u8 *afl_path = getenv("AFL_PATH"); u8 *slash, *tmp; - if (afl_path) { + if (afl_path) + { tmp = alloc_printf("%s/as", afl_path); - if (!access(tmp, X_OK)) { + if (!access(tmp, X_OK)) + { as_path = afl_path; ck_free(tmp); return; } ck_free(tmp); - } slash = strrchr(argv0, '/'); - if (slash) { + if (slash) + { u8 *dir; @@ -92,7 +90,8 @@ static void find_as(u8* argv0) { tmp = alloc_printf("%s/afl-as", dir); - if (!access(tmp, X_OK)) { + if (!access(tmp, X_OK)) + { as_path = dir; ck_free(tmp); return; @@ -100,22 +99,21 @@ static void find_as(u8* argv0) { ck_free(tmp); ck_free(dir); - } - if (!access(AFL_PATH "/as", X_OK)) { + if (!access(AFL_PATH "/as", X_OK)) + { as_path = AFL_PATH; return; } FATAL("Unable to find AFL wrapper binary for 'as'. Please set AFL_PATH"); - } +/*将argv复制到cc_params,进行必要的编辑*/ -/* Copy argv to cc_params, making the necessary edits. */ - -static void edit_params(u32 argc, char** argv) { +static void edit_params(u32 argc, char **argv) +{ u8 fortify_set = 0, asan_set = 0; u8 *name; @@ -124,40 +122,57 @@ static void edit_params(u32 argc, char** argv) { u8 m32_set = 0; #endif - cc_params = ck_alloc((argc + 128) * sizeof(u8*)); - - name = strrchr(argv[0], '/'); - if (!name) name = argv[0]; else name++; - - if (!strncmp(name, "afl-clang", 9)) { - - clang_mode = 1; - - setenv(CLANG_ENV_VAR, "1", 1); - - if (!strcmp(name, "afl-clang++")) { - u8* alt_cxx = getenv("AFL_CXX"); - cc_params[0] = alt_cxx ? alt_cxx : (u8*)"clang++"; - } else { - u8* alt_cc = getenv("AFL_CC"); - cc_params[0] = alt_cc ? alt_cc : (u8*)"clang"; + /******************************************************************************** + * 该段代码负责配置编译器参数,判断使用的编译器以及设置环境变量。 + * 如果使用的是 afl-clang,则根据环境变量确定使用的 C 或 C++ 编译器。 + ********************************************************************************/ + + cc_params = ck_alloc((argc + 128) * sizeof(u8 *)); + + name = strrchr(argv[0], '/'); + if (!name) + name = argv[0]; + else + name++; + + if (!strncmp(name, "afl-clang", 9)) + { + + clang_mode = 1; + + setenv(CLANG_ENV_VAR, "1", 1); + + if (!strcmp(name, "afl-clang++")) + { + u8 *alt_cxx = getenv("AFL_CXX"); + cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"clang++"; + } + else + { + u8 *alt_cc = getenv("AFL_CC"); + cc_params[0] = alt_cc ? alt_cc : (u8 *)"clang"; + } } + else + { - } else { - - /* With GCJ and Eclipse installed, you can actually compile Java! The - instrumentation will work (amazingly). Alas, unhandled exceptions do - not call abort(), so afl-fuzz would need to be modified to equate - non-zero exit codes with crash conditions when working with Java - binaries. Meh. */ + /*安装了GCJ和Eclipse后,您实际上可以编译Java!这个 +仪器将工作(令人惊讶)。唉,未处理的异常确实如此 +不调用abort(),因此需要修改afl-fuzz以使其相等 +使用Java时具有崩溃条件的非零退出代码 +二进制文件。嗯*/ #ifdef __APPLE__ - if (!strcmp(name, "afl-g++")) cc_params[0] = getenv("AFL_CXX"); - else if (!strcmp(name, "afl-gcj")) cc_params[0] = getenv("AFL_GCJ"); - else cc_params[0] = getenv("AFL_CC"); + if (!strcmp(name, "afl-g++")) + cc_params[0] = getenv("AFL_CXX"); + else if (!strcmp(name, "afl-gcj")) + cc_params[0] = getenv("AFL_GCJ"); + else + cc_params[0] = getenv("AFL_CC"); - if (!cc_params[0]) { + if (!cc_params[0]) + { SAYF("\n" cLRD "[-] " cRST "On Apple systems, 'gcc' is usually just a wrapper for clang. Please use the\n" @@ -165,53 +180,77 @@ static void edit_params(u32 argc, char** argv) { " set AFL_CC or AFL_CXX to specify the correct path to that compiler.\n"); FATAL("AFL_CC or AFL_CXX required on MacOS X"); - } #else - if (!strcmp(name, "afl-g++")) { - u8* alt_cxx = getenv("AFL_CXX"); - cc_params[0] = alt_cxx ? alt_cxx : (u8*)"g++"; - } else if (!strcmp(name, "afl-gcj")) { - u8* alt_cc = getenv("AFL_GCJ"); - cc_params[0] = alt_cc ? alt_cc : (u8*)"gcj"; - } else { - u8* alt_cc = getenv("AFL_CC"); - cc_params[0] = alt_cc ? alt_cc : (u8*)"gcc"; + if (!strcmp(name, "afl-g++")) + { + u8 *alt_cxx = getenv("AFL_CXX"); + cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"g++"; + } + else if (!strcmp(name, "afl-gcj")) + { + u8 *alt_cc = getenv("AFL_GCJ"); + cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcj"; + } + else + { + u8 *alt_cc = getenv("AFL_CC"); + cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcc"; } #endif /* __APPLE__ */ - } - while (--argc) { - u8* cur = *(++argv); - - if (!strncmp(cur, "-B", 2)) { - - if (!be_quiet) WARNF("-B is already set, overriding"); - - if (!cur[2] && argc > 1) { argc--; argv++; } + // 处理命令行参数的循环 + while (--argc) + { + u8 *cur = *(++argv); + + // 检查是否设置了-B选项 + if (!strncmp(cur, "-B", 2)) + { + + // 如果未静默,发出警告 + if (!be_quiet) + WARNF("-B is already set, overriding"); + + // 如果-B后面没有参数且还有剩余参数,则跳过当前参数 + if (!cur[2] && argc > 1) + { + argc--; + argv++; + } continue; - } - if (!strcmp(cur, "-integrated-as")) continue; + // 忽略-included-as选项 + if (!strcmp(cur, "-integrated-as")) + continue; - if (!strcmp(cur, "-pipe")) continue; + // 忽略-pipe选项 + if (!strcmp(cur, "-pipe")) + continue; +/ * + * 该段代码用于处理编译器参数设置,包括支持地址和内存消毒功能的相关配置。 + * 根据环境变量和输入参数,启用或禁用特定的功能选项。 + * 代码还处理与FORTIFY_SOURCE和ASAN/MSAN的互斥关系。 + * / #if defined(__FreeBSD__) && defined(__x86_64__) - if (!strcmp(cur, "-m32")) m32_set = 1; + if (!strcmp(cur, "-m32")) + m32_set = 1; #endif if (!strcmp(cur, "-fsanitize=address") || - !strcmp(cur, "-fsanitize=memory")) asan_set = 1; + !strcmp(cur, "-fsanitize=memory")) + asan_set = 1; - if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1; + if (strstr(cur, "FORTIFY_SOURCE")) + fortify_set = 1; cc_params[cc_par_cnt++] = cur; - } cc_params[cc_par_cnt++] = "-B"; @@ -220,22 +259,24 @@ static void edit_params(u32 argc, char** argv) { if (clang_mode) cc_params[cc_par_cnt++] = "-no-integrated-as"; - if (getenv("AFL_HARDEN")) { + if (getenv("AFL_HARDEN")) + { cc_params[cc_par_cnt++] = "-fstack-protector-all"; if (!fortify_set) cc_params[cc_par_cnt++] = "-D_FORTIFY_SOURCE=2"; - } - if (asan_set) { + if (asan_set) + { - /* Pass this on to afl-as to adjust map density. */ + /*将此传递给afl以调整贴图密度*/ setenv("AFL_USE_ASAN", "1", 1); - - } else if (getenv("AFL_USE_ASAN")) { + } + else if (getenv("AFL_USE_ASAN")) + { if (getenv("AFL_USE_MSAN")) FATAL("ASAN and MSAN are mutually exclusive"); @@ -245,8 +286,9 @@ static void edit_params(u32 argc, char** argv) { cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; cc_params[cc_par_cnt++] = "-fsanitize=address"; - - } else if (getenv("AFL_USE_MSAN")) { + } + else if (getenv("AFL_USE_MSAN")) + { if (getenv("AFL_USE_ASAN")) FATAL("ASAN and MSAN are mutually exclusive"); @@ -256,24 +298,29 @@ static void edit_params(u32 argc, char** argv) { cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE"; cc_params[cc_par_cnt++] = "-fsanitize=memory"; - - } +/******************************************************************************** + * 该代码段用于配置编译器选项,特别是在非优化模式下。 + * 主要用于模糊测试工具AFL的编译设置。 + * + * 文件名: d:\code\google_AFL\src\afl-gcc.c + ********************************************************************************/ - if (!getenv("AFL_DONT_OPTIMIZE")) { + if (!getenv("AFL_DONT_OPTIMIZE")) + { #if defined(__FreeBSD__) && defined(__x86_64__) - /* On 64-bit FreeBSD systems, clang -g -m32 is broken, but -m32 itself - works OK. This has nothing to do with us, but let's avoid triggering - that bug. */ + /*在64位FreeBSD系统上,clang-g-m32已损坏,但-m32本身 +工作正常。这与我们无关,但让我们避免触发 +这个bug*/ if (!clang_mode || !m32_set) cc_params[cc_par_cnt++] = "-g"; #else - cc_params[cc_par_cnt++] = "-g"; + cc_params[cc_par_cnt++] = "-g"; #endif @@ -285,37 +332,45 @@ static void edit_params(u32 argc, char** argv) { cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1"; cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1"; - } - - if (getenv("AFL_NO_BUILTIN")) { - - cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-memcmp"; - cc_params[cc_par_cnt++] = "-fno-builtin-strstr"; - cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr"; - - } - + /*********************************************** + * 函数:根据环境变量设置编译器参数 + * 功能:如果环境变量"AFL_NO_BUILTIN"存在, + * 添加禁用内置字符串和内存比较函数的编译器参数。 + ***********************************************/ + if (getenv("AFL_NO_BUILTIN")) + { + + cc_params[cc_par_cnt++] = "-fno-builtin-strcmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-strncmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-memcmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-strstr"; + cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr"; + } cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp"; + cc_params[cc_par_cnt++] = "-fno-builtin-memcmp"; cc_params[cc_par_cnt] = NULL; - } - /* Main entry point */ -int main(int argc, char** argv) { +// 主函数,程序的入口点 +int main(int argc, char **argv) +{ - if (isatty(2) && !getenv("AFL_QUIET")) { + // 检查标准错误输出是否为终端,以及环境变量是否开启安静模式 + if (isatty(2) && !getenv("AFL_QUIET")) + { SAYF(cCYA "afl-cc " cBRI VERSION cRST " by \n"); + } + else + be_quiet = 1; - } else be_quiet = 1; - - if (argc < 2) { + // 检查传入的参数数量是否少于2 + if (argc < 2) + { SAYF("\n" "This is a helper application for afl-fuzz. It serves as a drop-in replacement\n" @@ -330,17 +385,19 @@ int main(int argc, char** argv) { BIN_PATH, BIN_PATH); exit(1); - } + // 查找汇编器 find_as(argv[0]); + // 编辑参数 edit_params(argc, argv); - execvp(cc_params[0], (char**)cc_params); + // 执行编译器,并传递参数 + execvp(cc_params[0], (char **)cc_params); + // 如果执行失败,输出错误信息 FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]); return 0; - }