phq7r92sf
/
google_AFL
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

添加了afl-gcc.c注释以及afl-fuzz.c部分注释

Browse Source 
添加了afl-gcc.c注释以及afl-fuzz.c部分注释
pull/5/head
pjzuvftbk 9 months ago
parent bd3bc5d1aa 3d48adf43c
commit ce6d9c1ce5
3 changed files with 206 additions and 137 deletions
Show Stats Download Patch File Download Diff File

9
src/.vscode/settings.json vendored
Unescape View File

@ -0,0 +1,9 @@
{
"files.associations": {
"*.vue": "vue",
"*.wpy": "vue",
"*.wxml": "html",
"*.wxss": "css",
"string.h": "c"
}
}

3
src/afl-fuzz.c
Unescape View File

@ -7795,15 +7795,18 @@ int main(int argc, char** argv) {
gettimeofday(&tv, &tz);
srandom(tv.tv_sec ^ tv.tv_usec ^ getpid());
// argv 处理
while ((opt = getopt(argc, argv, "+i:o:f:m:b:t:T:dnCB:S:M:x:QV")) > 0)
switch (opt) {
case 'i': /* input dir */
// 初始 corpus 目录
if (in_dir) FATAL("Multiple -i options not supported");
in_dir = optarg;
// 若使用 "-i -",则表示 in-place resume
if (!strcmp(in_dir, "-")) in_place_resume = 1;
break;

331
src/afl-gcc.c
Unescape View File

@ -1,42 +1,38 @@
/*
Copyright 2013 Google LLC All rights reserved.
Copyright 2013 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at:
Apache 2.0 "许可证"
使
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
/*
american fuzzy lop - wrapper for GCC and clang
American Fuzzy Lop - GCC Clang
----------------------------------------------
Written and maintained by Michal Zalewski <lcamtuf@google.com>
Michal Zalewski <lcamtuf@google.com>
This program is a drop-in replacement for GCC or clang. The most common way
of using it is to pass the path to afl-gcc or afl-clang via CC when invoking
./configure.
GCC Clang 使
./configure CC afl-gcc afl-clang
(Of course, use CXX and point it to afl-g++ / afl-clang++ for C++ code.)
使 CXX afl-g++ / afl-clang++ C++
The wrapper needs to know the path to afl-as (renamed to 'as'). The default
is /usr/local/lib/afl/. A convenient way to specify alternative directories
would be to set AFL_PATH.
afl-as 'as'
/usr/local/lib/afl/便
AFL_PATH
If AFL_HARDEN is set, the wrapper will compile the target app with various
hardening options that may help detect memory management issues more
reliably. You can also specify AFL_USE_ASAN to enable ASAN.
If you want to call a non-default compiler as a next step of the chain,
specify its location via AFL_CC or AFL_CXX.
AFL_HARDEN使
AFL_USE_ASAN ASAN
AFL_CC AFL_CXX
*/
#define AFL_MAIN
@ -51,38 +47,40 @@
#include <stdlib.h>
#include <string.h>
static u8* as_path; /* Path to the AFL 'as' wrapper */
static u8** cc_params; /* Parameters passed to the real CC */
static u32 cc_par_cnt = 1; /* Param count, including argv0 */
static u8 be_quiet, /* Quiet mode */
clang_mode; /* Invoked as afl-clang*? */
static u8 *as_path; /*AFL“as”包装器的路径*/
static u8 **cc_params; /*传递给真实CC的参数*/
static u32 cc_par_cnt = 1; /*参数计数包括argv0*/
static u8 be_quiet, /*静音模式*/
clang_mode; /*被称为afl clang模式**/
/* Try to find our "fake" GNU assembler in AFL_PATH or at the location derived
from argv[0]. If that fails, abort. */
/* 尝试在 AFL_PATH 或从 argv[0] 派生的位置找到我们的“假”GNU 汇编器。
*/
static void find_as(u8* argv0) {
static void find_as(u8 *argv0)
{
u8 *afl_path = getenv("AFL_PATH");
u8 *slash, *tmp;
if (afl_path) {
if (afl_path)
{
tmp = alloc_printf("%s/as", afl_path);
if (!access(tmp, X_OK)) {
if (!access(tmp, X_OK))
{
as_path = afl_path;
ck_free(tmp);
return;
}
ck_free(tmp);
}
slash = strrchr(argv0, '/');
if (slash) {
if (slash)
{
u8 *dir;
@ -92,7 +90,8 @@ static void find_as(u8* argv0) {
tmp = alloc_printf("%s/afl-as", dir);
if (!access(tmp, X_OK)) {
if (!access(tmp, X_OK))
{
as_path = dir;
ck_free(tmp);
return;
@ -100,22 +99,21 @@ static void find_as(u8* argv0) {
ck_free(tmp);
ck_free(dir);
}
if (!access(AFL_PATH "/as", X_OK)) {
if (!access(AFL_PATH "/as", X_OK))
{
as_path = AFL_PATH;
return;
}
FATAL("Unable to find AFL wrapper binary for 'as'. Please set AFL_PATH");
}
/*将argv复制到cc_params进行必要的编辑*/
/* Copy argv to cc_params, making the necessary edits. */
static void edit_params(u32 argc, char** argv) {
static void edit_params(u32 argc, char **argv)
{
u8 fortify_set = 0, asan_set = 0;
u8 *name;
@ -124,40 +122,57 @@ static void edit_params(u32 argc, char** argv) {
u8 m32_set = 0;
#endif
cc_params = ck_alloc((argc + 128) * sizeof(u8*));
name = strrchr(argv[0], '/');
if (!name) name = argv[0]; else name++;
if (!strncmp(name, "afl-clang", 9)) {
clang_mode = 1;
setenv(CLANG_ENV_VAR, "1", 1);
if (!strcmp(name, "afl-clang++")) {
u8* alt_cxx = getenv("AFL_CXX");
cc_params[0] = alt_cxx ? alt_cxx : (u8*)"clang++";
} else {
u8* alt_cc = getenv("AFL_CC");
cc_params[0] = alt_cc ? alt_cc : (u8*)"clang";
/********************************************************************************
* 使
* 使 afl-clang使 C C++
********************************************************************************/
cc_params = ck_alloc((argc + 128) * sizeof(u8 *));
name = strrchr(argv[0], '/');
if (!name)
name = argv[0];
else
name++;
if (!strncmp(name, "afl-clang", 9))
{
clang_mode = 1;
setenv(CLANG_ENV_VAR, "1", 1);
if (!strcmp(name, "afl-clang++"))
{
u8 *alt_cxx = getenv("AFL_CXX");
cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"clang++";
}
else
{
u8 *alt_cc = getenv("AFL_CC");
cc_params[0] = alt_cc ? alt_cc : (u8 *)"clang";
}
}
else
{
} else {
/* With GCJ and Eclipse installed, you can actually compile Java! The
instrumentation will work (amazingly). Alas, unhandled exceptions do
not call abort(), so afl-fuzz would need to be modified to equate
non-zero exit codes with crash conditions when working with Java
binaries. Meh. */
/*安装了GCJ和Eclipse后您实际上可以编译Java这个
abortafl-fuzz使
使Java退
*/
#ifdef __APPLE__
if (!strcmp(name, "afl-g++")) cc_params[0] = getenv("AFL_CXX");
else if (!strcmp(name, "afl-gcj")) cc_params[0] = getenv("AFL_GCJ");
else cc_params[0] = getenv("AFL_CC");
if (!strcmp(name, "afl-g++"))
cc_params[0] = getenv("AFL_CXX");
else if (!strcmp(name, "afl-gcj"))
cc_params[0] = getenv("AFL_GCJ");
else
cc_params[0] = getenv("AFL_CC");
if (!cc_params[0]) {
if (!cc_params[0])
{
SAYF("\n" cLRD "[-] " cRST
"On Apple systems, 'gcc' is usually just a wrapper for clang. Please use the\n"
@ -165,53 +180,77 @@ static void edit_params(u32 argc, char** argv) {
" set AFL_CC or AFL_CXX to specify the correct path to that compiler.\n");
FATAL("AFL_CC or AFL_CXX required on MacOS X");
}
#else
if (!strcmp(name, "afl-g++")) {
u8* alt_cxx = getenv("AFL_CXX");
cc_params[0] = alt_cxx ? alt_cxx : (u8*)"g++";
} else if (!strcmp(name, "afl-gcj")) {
u8* alt_cc = getenv("AFL_GCJ");
cc_params[0] = alt_cc ? alt_cc : (u8*)"gcj";
} else {
u8* alt_cc = getenv("AFL_CC");
cc_params[0] = alt_cc ? alt_cc : (u8*)"gcc";
if (!strcmp(name, "afl-g++"))
{
u8 *alt_cxx = getenv("AFL_CXX");
cc_params[0] = alt_cxx ? alt_cxx : (u8 *)"g++";
}
else if (!strcmp(name, "afl-gcj"))
{
u8 *alt_cc = getenv("AFL_GCJ");
cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcj";
}
else
{
u8 *alt_cc = getenv("AFL_CC");
cc_params[0] = alt_cc ? alt_cc : (u8 *)"gcc";
}
#endif /* __APPLE__ */
}
while (--argc) {
u8* cur = *(++argv);
if (!strncmp(cur, "-B", 2)) {
if (!be_quiet) WARNF("-B is already set, overriding");
if (!cur[2] && argc > 1) { argc--; argv++; }
// 处理命令行参数的循环
while (--argc)
{
u8 *cur = *(++argv);
// 检查是否设置了-B选项
if (!strncmp(cur, "-B", 2))
{
// 如果未静默,发出警告
if (!be_quiet)
WARNF("-B is already set, overriding");
// 如果-B后面没有参数且还有剩余参数则跳过当前参数
if (!cur[2] && argc > 1)
{
argc--;
argv++;
}
continue;
}
if (!strcmp(cur, "-integrated-as")) continue;
// 忽略-included-as选项
if (!strcmp(cur, "-integrated-as"))
continue;
if (!strcmp(cur, "-pipe")) continue;
// 忽略-pipe选项
if (!strcmp(cur, "-pipe"))
continue;
/ *
*
*
* FORTIFY_SOURCEASAN/MSAN
* /
#if defined(__FreeBSD__) && defined(__x86_64__)
if (!strcmp(cur, "-m32")) m32_set = 1;
if (!strcmp(cur, "-m32"))
m32_set = 1;
#endif
if (!strcmp(cur, "-fsanitize=address") ||
!strcmp(cur, "-fsanitize=memory")) asan_set = 1;
!strcmp(cur, "-fsanitize=memory"))
asan_set = 1;
if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1;
if (strstr(cur, "FORTIFY_SOURCE"))
fortify_set = 1;
cc_params[cc_par_cnt++] = cur;
}
cc_params[cc_par_cnt++] = "-B";
@ -220,22 +259,24 @@ static void edit_params(u32 argc, char** argv) {
if (clang_mode)
cc_params[cc_par_cnt++] = "-no-integrated-as";
if (getenv("AFL_HARDEN")) {
if (getenv("AFL_HARDEN"))
{
cc_params[cc_par_cnt++] = "-fstack-protector-all";
if (!fortify_set)
cc_params[cc_par_cnt++] = "-D_FORTIFY_SOURCE=2";
}
if (asan_set) {
if (asan_set)
{
/* Pass this on to afl-as to adjust map density. */
/*将此传递给afl以调整贴图密度*/
setenv("AFL_USE_ASAN", "1", 1);
} else if (getenv("AFL_USE_ASAN")) {
}
else if (getenv("AFL_USE_ASAN"))
{
if (getenv("AFL_USE_MSAN"))
FATAL("ASAN and MSAN are mutually exclusive");
@ -245,8 +286,9 @@ static void edit_params(u32 argc, char** argv) {
cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
cc_params[cc_par_cnt++] = "-fsanitize=address";
} else if (getenv("AFL_USE_MSAN")) {
}
else if (getenv("AFL_USE_MSAN"))
{
if (getenv("AFL_USE_ASAN"))
FATAL("ASAN and MSAN are mutually exclusive");
@ -256,24 +298,29 @@ static void edit_params(u32 argc, char** argv) {
cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
cc_params[cc_par_cnt++] = "-fsanitize=memory";
}
/********************************************************************************
*
* AFL
*
* : d:\code\google_AFL\src\afl-gcc.c
********************************************************************************/
if (!getenv("AFL_DONT_OPTIMIZE")) {
if (!getenv("AFL_DONT_OPTIMIZE"))
{
#if defined(__FreeBSD__) && defined(__x86_64__)
/* On 64-bit FreeBSD systems, clang -g -m32 is broken, but -m32 itself
works OK. This has nothing to do with us, but let's avoid triggering
that bug. */
/*在64位FreeBSD系统上clang-g-m32已损坏但-m32本身
bug*/
if (!clang_mode || !m32_set)
cc_params[cc_par_cnt++] = "-g";
#else
cc_params[cc_par_cnt++] = "-g";
cc_params[cc_par_cnt++] = "-g";
#endif
@ -285,37 +332,45 @@ static void edit_params(u32 argc, char** argv) {
cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1";
cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1";
}
if (getenv("AFL_NO_BUILTIN")) {
cc_params[cc_par_cnt++] = "-fno-builtin-strcmp";
cc_params[cc_par_cnt++] = "-fno-builtin-strncmp";
cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp";
cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp";
cc_params[cc_par_cnt++] = "-fno-builtin-memcmp";
cc_params[cc_par_cnt++] = "-fno-builtin-strstr";
cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr";
}
/***********************************************
*
* "AFL_NO_BUILTIN"
*
***********************************************/
if (getenv("AFL_NO_BUILTIN"))
{
cc_params[cc_par_cnt++] = "-fno-builtin-strcmp";
cc_params[cc_par_cnt++] = "-fno-builtin-strncmp";
cc_params[cc_par_cnt++] = "-fno-builtin-strcasecmp";
cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp";
cc_params[cc_par_cnt++] = "-fno-builtin-memcmp";
cc_params[cc_par_cnt++] = "-fno-builtin-strstr";
cc_params[cc_par_cnt++] = "-fno-builtin-strcasestr";
} cc_params[cc_par_cnt++] = "-fno-builtin-strncasecmp";
cc_params[cc_par_cnt++] = "-fno-builtin-memcmp";
cc_params[cc_par_cnt] = NULL;
}
/* Main entry point */
int main(int argc, char** argv) {
// 主函数,程序的入口点
int main(int argc, char **argv)
{
if (isatty(2) && !getenv("AFL_QUIET")) {
// 检查标准错误输出是否为终端,以及环境变量是否开启安静模式
if (isatty(2) && !getenv("AFL_QUIET"))
{
SAYF(cCYA "afl-cc " cBRI VERSION cRST " by <lcamtuf@google.com>\n");
}
else
be_quiet = 1;
} else be_quiet = 1;
if (argc < 2) {
// 检查传入的参数数量是否少于2
if (argc < 2)
{
SAYF("\n"
"This is a helper application for afl-fuzz. It serves as a drop-in replacement\n"
@ -330,17 +385,19 @@ int main(int argc, char** argv) {
BIN_PATH, BIN_PATH);
exit(1);
}
// 查找汇编器
find_as(argv[0]);
// 编辑参数
edit_params(argc, argv);
execvp(cc_params[0], (char**)cc_params);
// 执行编译器,并传递参数
execvp(cc_params[0], (char **)cc_params);
// 如果执行失败,输出错误信息
FATAL("Oops, failed to execute '%s' - check your PATH", cc_params[0]);
return 0;
}

Write Preview
Loading…
Cancel
Save