afl-gcc.c comment

9 months ago · 3d48adf43c
parent bd3bc5d1aa
commit 3d48adf43c
3 changed files with 206 additions and 137 deletions
--- a/src/.vscode/settings.json
+++ b/src/.vscode/settings.json
@ -0,0 +1,9 @@
 {
  "files.associations": {
    "*.vue": "vue",
    "*.wpy": "vue",
    "*.wxml": "html",
    "*.wxss": "css",
    "string.h": "c"
  }
 }
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -7795,15 +7795,18 @@ int main(int argc, char** argv) {
  gettimeofday(&tv, &tz);
  srandom(tv.tv_sec ^ tv.tv_usec ^ getpid());
  // argv 处理
  while ((opt = getopt(argc, argv, "+i:o:f:m:b:t:T:dnCB:S:M:x:QV")) > 0)
    switch (opt) {
      case 'i': /* input dir */
        // 初始 corpus 目录
        if (in_dir) FATAL("Multiple -i options not supported");
        in_dir = optarg;
        // 若使用 "-i -"，则表示 in-place resume
        if (!strcmp(in_dir, "-")) in_place_resume = 1;
        break;
--- a/src/afl-gcc.c
+++ b/src/afl-gcc.c
@ -1,42 +1,38 @@
 /*
-  Copyright 2013 Google LLC All rights reserved.
+  Copyright 2013 Google LLC 版权所有，保留所有权利。
-  Licensed under the Apache License, Version 2.0 (the "License");
+  根据 Apache 许可证，版本 2.0（以下简称 "许可证"）进行许可；
-  you may not use this file except in compliance with the License.
+  除非遵守该许可证，否则你不得使用此文件。
-  You may obtain a copy of the License at:
+  你可以在以下网址获取许可副本：
    http://www.apache.org/licenses/LICENSE-2.0
-  Unless required by applicable law or agreed to in writing, software
+  除非适用法律要求或书面同意，依据许可证分发的软件是按“原样”基础提供的，
-  distributed under the License is distributed on an "AS IS" BASIS,
+  不提供任何形式的担保和条件，无论是明示的还是隐性的。
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  请参阅许可证以获取有关权限和限制的具体规定。
  See the License for the specific language governing permissions and
  limitations under the License.
 */
 /*
-   american fuzzy lop - wrapper for GCC and clang
+   American Fuzzy Lop - GCC 和 Clang 的封装器
   ----------------------------------------------
-   Written and maintained by Michal Zalewski <lcamtuf@google.com>
+   作者及维护者：Michal Zalewski <lcamtuf@google.com>
-   This program is a drop-in replacement for GCC or clang. The most common way
+   本程序是 GCC 或 Clang 的直接替代品。使用它的最常见方法
-   of using it is to pass the path to afl-gcc or afl-clang via CC when invoking
+   是在调用 ./configure 时通过 CC 传递 afl-gcc 或 afl-clang 的路径。
   ./configure.
-   (Of course, use CXX and point it to afl-g++ / afl-clang++ for C++ code.)
+   （当然，使用 CXX 并将其指向 afl-g++ / afl-clang++ 用于 C++ 代码。）
-   The wrapper needs to know the path to afl-as (renamed to 'as'). The default
+   封装器需要知道 afl-as 的路径（重命名为 'as'）。默认路径
-   is /usr/local/lib/afl/. A convenient way to specify alternative directories
+   是 /usr/local/lib/afl/。指定备用目录的一个方便方法
-   would be to set AFL_PATH.
+   是设置 AFL_PATH。
-   If AFL_HARDEN is set, the wrapper will compile the target app with various
+   如果设置了 AFL_HARDEN，封装器将在目标应用程序中使用各种
-   hardening options that may help detect memory management issues more
+   加固选项进行编译，这可能有助于更可靠地检测内存管理问题。
-   reliably. You can also specify AFL_USE_ASAN to enable ASAN.
+   你还可以指定 AFL_USE_ASAN 来启用 ASAN。
   If you want to call a non-default compiler as a next step of the chain,
   specify its location via AFL_CC or AFL_CXX.
   如果你想在链的下一步调用非默认编译器，
   通过 AFL_CC 或 AFL_CXX 指定其位置。
 */
 #define AFL_MAIN
@ -51,38 +47,40 @@
 #include <stdlib.h>
 #include <string.h>
-static u8*  as_path;                /* Path to the AFL 'as' wrapper      */
+static u8 *as_path;        /*AFL“as”包装器的路径*/
-static u8** cc_params;              /* Parameters passed to the real CC  */
+static u8 **cc_params;     /*传递给真实CC的参数*/
-static u32  cc_par_cnt = 1;         /* Param count, including argv0      */
+static u32 cc_par_cnt = 1; /*参数计数，包括argv0*/
-static u8   be_quiet,               /* Quiet mode                        */
+static u8 be_quiet,        /*静音模式*/
-            clang_mode;             /* Invoked as afl-clang*?            */
+    clang_mode;            /*被称为afl clang模式**/
-/* Try to find our "fake" GNU assembler in AFL_PATH or at the location derived
+/* 尝试在 AFL_PATH 或从 argv[0] 派生的位置找到我们的“假”GNU 汇编器。
-   from argv[0]. If that fails, abort. */
+   如果失败，则中止。 */
-static void find_as(u8* argv0) {
+static void find_as(u8 *argv0)
 {
  u8 *afl_path = getenv("AFL_PATH");
  u8 *slash, *tmp;
-  if (afl_path) {
+  if (afl_path)
  {
    tmp = alloc_printf("%s/as", afl_path);
-    if (!access(tmp, X_OK)) {
+    if (!access(tmp, X_OK))
    {
      as_path = afl_path;
      ck_free(tmp);
      return;
    }
    ck_free(tmp);
  }
  slash = strrchr(argv0, '/');
-  if (slash) {
+  if (slash)
  {
    u8 *dir;
@ -92,7 +90,8 @@ static void find_as(u8* argv0) {
    tmp = alloc_printf("%s/afl-as", dir);
-    if (!access(tmp, X_OK)) {
+    if (!access(tmp, X_OK))
    {
      as_path = dir;
      ck_free(tmp);
      return;
@ -100,22 +99,21 @@ static void find_as(u8* argv0) {
    ck_free(tmp);
    ck_free(dir);
  }
-  if (!access(AFL_PATH "/as", X_OK)) {
+  if (!access(AFL_PATH "/as", X_OK))
  {
    as_path = AFL_PATH;
    return;
  }
  FATAL("Unable to find AFL wrapper binary for 'as'. Please set AFL_PATH");
 }
 /*将argv复制到cc_params，进行必要的编辑*/
-/* Copy argv to cc_params, making the necessary edits. */
+static void edit_params(u32 argc, char **argv)
-
+{
 static void edit_params(u32 argc, char** argv) {
  u8 fortify_set = 0, asan_set = 0;
  u8 *name;
@ -124,40 +122,57 @@ static void edit_params(u32 argc, char** argv) {
  u8 m32_set = 0;
 #endif
-  cc_params = ck_alloc((argc + 128) * sizeof(u8*));
+  /********************************************************************************
-
+   * 该段代码负责配置编译器参数，判断使用的编译器以及设置环境变量。
-  name = strrchr(argv[0], '/');
+   * 如果使用的是 afl-clang，则根据环境变量确定使用的 C 或 C++ 编译器。
-  if (!name) name = argv[0]; else name++;
+   ********************************************************************************/
-
+  
-  if (!strncmp(name, "afl-clang", 9)) {
+    cc_params = ck_alloc((argc + 128) * sizeof(u8 *));
-
+  
-    clang_mode = 1;
+    name = strrchr(argv[0], '/');
-
+    if (!name)
-    setenv(CLANG_ENV_VAR, "1", 1);
+      name = argv[0];
-
+    else
-    if (!strcmp(name, "afl-clang++")) {
+      name++;
-      u8* alt_cxx = getenv("AFL_CXX");
+  
-      cc_params[0] = alt_cxx ? alt_cxx : (u8*)"clang++";
+    if (!strncmp(name, "afl-clang", 9))
-    } else {
+    {
-      u8* alt_cc = getenv("AFL_CC");
+  
-      cc_params[0] = alt_cc ? alt_cc : (u8*)"clang";
+      clang_mode = 1;
      setenv(CLANG_ENV_VAR, "1", 1);
      if (!strcmp(name, "afl-clang++"))
      {
        u8 *alt_cxx = getenv("AFL_CXX");
        cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"clang++";
      }
      else
      {
        u8 *alt_cc = getenv("AFL_CC");
        cc_params[0] = alt_cc ? alt_cc : (u8 *)"clang";
      }
    }
  else
  {
-  } else {
+    /*安装了GCJ和Eclipse后，您实际上可以编译Java！这个
-
+仪器将工作（令人惊讶）。唉，未处理的异常确实如此
-    /* With GCJ and Eclipse installed, you can actually compile Java! The
+不调用abort（），因此需要修改afl-fuzz以使其相等
-       instrumentation will work (amazingly). Alas, unhandled exceptions do
+使用Java时具有崩溃条件的非零退出代码
-       not call abort(), so afl-fuzz would need to be modified to equate
+二进制文件。嗯*/
       non-zero exit codes with crash conditions when working with Java
       binaries. Meh. */
 #ifdef __APPLE__
-    if (!strcmp(name, "afl-g++")) cc_params[0] = getenv("AFL_CXX");
+    if (!strcmp(name, "afl-g++"))
-    else if (!strcmp(name, "afl-gcj")) cc_params[0] = getenv("AFL_GCJ");
+      cc_params[0] = getenv("AFL_CXX");
-    else cc_params[0] = getenv("AFL_CC");
+    else if (!strcmp(name, "afl-gcj"))
      cc_params[0] = getenv("AFL_GCJ");
    else
      cc_params[0] = getenv("AFL_CC");
-    if (!cc_params[0]) {
+    if (!cc_params[0])
    {
      SAYF("\n" cLRD "[-] " cRST
           "On Apple systems, 'gcc' is usually just a wrapper for clang. Please use the\n"
@ -165,53 +180,77 @@ static void edit_params(u32 argc, char** argv) {
           "    set AFL_CC or AFL_CXX to specify the correct path to that compiler.\n");
      FATAL("AFL_CC or AFL_CXX required on MacOS X");
    }
 #else
-    if (!strcmp(name, "afl-g++")) {
+    if (!strcmp(name, "afl-g++"))
-      u8* alt_cxx = getenv("AFL_CXX");
+    {
-      cc_params[0] = alt_cxx ? alt_cxx : (u8*)"g++";
+      u8 *alt_cxx = getenv("AFL_CXX");
-    } else if (!strcmp(name, "afl-gcj")) {
+      cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"g++";
-      u8* alt_cc = getenv("AFL_GCJ");
+    }
-      cc_params[0] = alt_cc ? alt_cc : (u8*)"gcj";
+    else if (!strcmp(name, "afl-gcj"))
-    } else {
+    {
-      u8* alt_cc = getenv("AFL_CC");
+      u8 *alt_cc = getenv("AFL_GCJ");
-      cc_params[0] = alt_cc ? alt_cc : (u8*)"gcc";
+      cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcj";
    }
    else
    {
      u8 *alt_cc = getenv("AFL_CC");
      cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcc";
    }
 #endif /* __APPLE__ */
  }
-  while (--argc) {
+  // 处理命令行参数的循环
-    u8* cur = *(++argv);
+  while (--argc)
-
+  {
-    if (!strncmp(cur, "-B", 2)) {
+    u8 *cur = *(++argv);
-
+
-      if (!be_quiet) WARNF("-B is already set, overriding");
+    // 检查是否设置了-B选项
-
+    if (!strncmp(cur, "-B", 2))
-      if (!cur[2] && argc > 1) { argc--; argv++; }
+    {
      // 如果未静默，发出警告
      if (!be_quiet)
        WARNF("-B is already set, overriding");
      // 如果-B后面没有参数且还有剩余参数，则跳过当前参数
      if (!cur[2] && argc > 1)
      {
        argc--;
        argv++;
      }
      continue;
    }
-    if (!strcmp(cur, "-integrated-as")) continue;
+    // 忽略-included-as选项
    if (!strcmp(cur, "-integrated-as"))
      continue;
-    if (!strcmp(cur, "-pipe")) continue;
+    // 忽略-pipe选项
    if (!strcmp(cur, "-pipe"))
      continue;
 / * 
 * 该段代码用于处理编译器参数设置，包括支持地址和内存消毒功能的相关配置。
 * 根据环境变量和输入参数，启用或禁用特定的功能选项。
 * 代码还处理与FORTIFY_SOURCE和ASAN/MSAN的互斥关系。
 * /
 #if defined(__FreeBSD__) && defined(__x86_64__)
-    if (!strcmp(cur, "-m32")) m32_set = 1;
+    if (!strcmp(cur, "-m32"))
      m32_set = 1;
 #endif
    if (!strcmp(cur, "-fsanitize=address") ||
-        !strcmp(cur, "-fsanitize=memory")) asan_set = 1;
+        !strcmp(cur, "-fsanitize=memory"))
      asan_set = 1;
-    if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1;
+    if (strstr(cur, "FORTIFY_SOURCE"))
      fortify_set = 1;
    cc_params[cc_par_cnt++] = cur;
  }
  cc_params[cc_par_cnt++] = "-B";
@ -220,22 +259,24 @@ static void edit_params(u32 argc, char** argv) {
  if (clang_mode)
    cc_params[cc_par_cnt++] = "-no-integrated-as";
-  if (getenv("AFL_HARDEN")) {
+  if (getenv("AFL_HARDEN"))
  {
    cc_params[cc_par_cnt++] = "-fstack-protector-all";
    if (!fortify_set)
      cc_params[cc_par_cnt++] = "-D_FORTIFY_SOURCE=2";
  }
-  if (asan_set) {
+  if (asan_set)
  {
-    /* Pass this on to afl-as to adjust map density. */
+    /*将此传递给afl以调整贴图密度*/
    setenv("AFL_USE_ASAN", "1", 1);
-
+  }
-  } else if (getenv("AFL_USE_ASAN")) {
+  else if (getenv("AFL_USE_ASAN"))
  {
    if (getenv("AFL_USE_MSAN"))
      FATAL("ASAN and MSAN are mutually exclusive");
@ -245,8 +286,9 @@ static void edit_params(u32 argc, char** argv) {
    cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
    cc_params[cc_par_cnt++] = "-fsanitize=address";
-
+  }
-  } else if (getenv("AFL_USE_MSAN")) {
+  else if (getenv("AFL_USE_MSAN"))
  {
    if (getenv("AFL_USE_ASAN"))
      FATAL("ASAN and MSAN are mutually exclusive");
@ -256,24 +298,29 @@ static void edit_params(u32 argc, char** argv) {
    cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
    cc_params[cc_par_cnt++] = "-fsanitize=memory";
  }
 /********************************************************************************
 * 该代码段用于配置编译器选项，特别是在非优化模式下。
 * 主要用于模糊测试工具AFL的编译设置。
 * 
 * 文件名: d:\code\google_AFL\src\afl-gcc.c
 ********************************************************************************/
-  if (!getenv("AFL_DONT_OPTIMIZE")) {
+  if (!getenv("AFL_DONT_OPTIMIZE"))
  {
 #if defined(__FreeBSD__) && defined(__x86_64__)
-    /* On 64-bit FreeBSD systems, clang -g -m32 is broken, but -m32 itself
+    /*在64位FreeBSD系统上，clang-g-m32已损坏，但-m32本身
-       works OK. This has nothing to do with us, but let's avoid triggering
+工作正常。这与我们无关，但让我们避免触发
-       that bug. */
+这个bug*/
    if (!clang_mode || !m32_set)
      cc_params[cc_par_cnt++] = "-g";
 #else
-      cc_params[cc_par_cnt++] = "-g";
+    cc_params[cc_par_cnt++] = "-g";
 #endif
@ -285,37 +332,45 @@ static void edit_params(u32 argc, char** argv) {
    cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1";
    cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1";
  }
-
+  /***********************************************
-  if (getenv("AFL_NO_BUILTIN")) {
+   * 函数：根据环境变量设置编译器参数
-
+   * 功能：如果环境变量"AFL_NO_BUILTIN"存在， 
-    cc_params[cc_par_cnt++] = "-fno-builtin-strcmp";
+   *      添加禁用内置字符串和内存比较函数的编译器参数。
-    cc_params[cc_par_cnt++] = "-fno-builtin-strncmp";
+   ***********************************************/
-    cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp";
+    if (getenv("AFL_NO_BUILTIN"))
-    cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp";
+    {
-    cc_params[cc_par_cnt++] = "-fno-builtin-memcmp";
+   
-    cc_params[cc_par_cnt++] = "-fno-builtin-strstr";
+      cc_params[cc_par_cnt++] = "-fno-builtin-strcmp";
-    cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr";
+      cc_params[cc_par_cnt++] = "-fno-builtin-strncmp";
-
+      cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp";
-  }
+      cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp";
-
+      cc_params[cc_par_cnt++] = "-fno-builtin-memcmp";
      cc_params[cc_par_cnt++] = "-fno-builtin-strstr";
      cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr";
    }      cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp";
      cc_params[cc_par_cnt++] = "-fno-builtin-memcmp";
  cc_params[cc_par_cnt] = NULL;
 }
 /* Main entry point */
-int main(int argc, char** argv) {
+// 主函数，程序的入口点
 int main(int argc, char **argv)
 {
-  if (isatty(2) && !getenv("AFL_QUIET")) {
+  // 检查标准错误输出是否为终端，以及环境变量是否开启安静模式
  if (isatty(2) && !getenv("AFL_QUIET"))
  {
    SAYF(cCYA "afl-cc " cBRI VERSION cRST " by <lcamtuf@google.com>\n");
  }
  else
    be_quiet = 1;
-  } else be_quiet = 1;
+  // 检查传入的参数数量是否少于2
-
+  if (argc < 2)
-  if (argc < 2) {
+  {
    SAYF("\n"
         "This is a helper application for afl-fuzz. It serves as a drop-in replacement\n"
@ -330,17 +385,19 @@ int main(int argc, char** argv) {
         BIN_PATH, BIN_PATH);
    exit(1);
  }
  // 查找汇编器
  find_as(argv[0]);
  // 编辑参数
  edit_params(argc, argv);
-  execvp(cc_params[0], (char**)cc_params);
+  // 执行编译器，并传递参数
  execvp(cc_params[0], (char **)cc_params);
  // 如果执行失败，输出错误信息
  FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]);
  return 0;
 }