1 /*
2 american fuzzy lop++ - globals declarations
3 -------------------------------------------
4
5 Originally written by Michal Zalewski
6
7 Now maintained by Marc Heuse <[email protected]>,
8 Heiko Eißfeldt <[email protected]> and
9 Andrea Fioraldi <[email protected]>
10
11 Copyright 2016, 2017 Google Inc. All rights reserved.
12 Copyright 2019-2024 AFLplusplus Project. All rights reserved.
13
14 Licensed under the Apache License, Version 2.0 (the "License");
15 you may not use this file except in compliance with the License.
16 You may obtain a copy of the License at:
17
18 https://www.apache.org/licenses/LICENSE-2.0
19
20 This is the real deal: the program takes an instrumented binary and
21 attempts a variety of basic fuzzing tricks, paying close attention to
22 how they affect the execution path.
23
24 */
25
26 #include <signal.h>
27 #include <limits.h>
28 #include "afl-fuzz.h"
29 #include "envs.h"
30
31 s8 interesting_8[] = {INTERESTING_8};
32 s16 interesting_16[] = {INTERESTING_8, INTERESTING_16};
33 s32 interesting_32[] = {INTERESTING_8, INTERESTING_16, INTERESTING_32};
34
35 char *power_names[POWER_SCHEDULES_NUM] = {"explore", "mmopt", "exploit",
36 "fast", "coe", "lin",
37 "quad", "rare", "seek"};
38
39 /* Initialize MOpt "globals" for this afl state */
40
init_mopt_globals(afl_state_t * afl)41 static void init_mopt_globals(afl_state_t *afl) {
42
43 MOpt_globals_t *core = &afl->mopt_globals_core;
44 core->finds = afl->core_operator_finds_puppet;
45 core->finds_v2 = afl->core_operator_finds_puppet_v2;
46 core->cycles = afl->core_operator_cycles_puppet;
47 core->cycles_v2 = afl->core_operator_cycles_puppet_v2;
48 core->cycles_v3 = afl->core_operator_cycles_puppet_v3;
49 core->is_pilot_mode = 0;
50 core->pTime = &afl->tmp_core_time;
51 core->period = period_core;
52 core->havoc_stagename = "MOpt-core-havoc";
53 core->splice_stageformat = "MOpt-core-splice %u";
54 core->havoc_stagenameshort = "MOpt_core_havoc";
55 core->splice_stagenameshort = "MOpt_core_splice";
56
57 MOpt_globals_t *pilot = &afl->mopt_globals_pilot;
58 pilot->finds = afl->stage_finds_puppet[0];
59 pilot->finds_v2 = afl->stage_finds_puppet_v2[0];
60 pilot->cycles = afl->stage_cycles_puppet[0];
61 pilot->cycles_v2 = afl->stage_cycles_puppet_v2[0];
62 pilot->cycles_v3 = afl->stage_cycles_puppet_v3[0];
63 pilot->is_pilot_mode = 1;
64 pilot->pTime = &afl->tmp_pilot_time;
65 pilot->period = period_pilot;
66 pilot->havoc_stagename = "MOpt-havoc";
67 pilot->splice_stageformat = "MOpt-splice %u";
68 pilot->havoc_stagenameshort = "MOpt_havoc";
69 pilot->splice_stagenameshort = "MOpt_splice";
70
71 }
72
73 /* A global pointer to all instances is needed (for now) for signals to arrive
74 */
75
76 static list_t afl_states = {.element_prealloc_count = 0};
77
78 /* Initializes an afl_state_t. */
79
afl_state_init(afl_state_t * afl,uint32_t map_size)80 void afl_state_init(afl_state_t *afl, uint32_t map_size) {
81
82 /* thanks to this memset, growing vars like out_buf
83 and out_size are NULL/0 by default. */
84 memset(afl, 0, sizeof(afl_state_t));
85
86 afl->shm.map_size = map_size ? map_size : MAP_SIZE;
87
88 afl->w_init = 0.9;
89 afl->w_end = 0.3;
90 afl->g_max = 5000;
91 afl->period_pilot_tmp = 5000.0;
92 afl->schedule = EXPLORE; /* Power schedule (default: EXPLORE)*/
93 afl->havoc_max_mult = HAVOC_MAX_MULT;
94 afl->clear_screen = 1; /* Window resized? */
95 afl->havoc_div = 1; /* Cycle count divisor for havoc */
96 afl->stage_name = "init"; /* Name of the current fuzz stage */
97 afl->splicing_with = -1; /* Splicing with which test case? */
98 afl->cpu_to_bind = -1;
99 afl->havoc_stack_pow2 = HAVOC_STACK_POW2;
100 afl->hang_tmout = EXEC_TIMEOUT;
101 afl->exit_on_time = 0;
102 afl->stats_update_freq = 1;
103 afl->stats_file_update_freq_msecs = STATS_UPDATE_SEC * 1000;
104 afl->stats_avg_exec = 0;
105 afl->skip_deterministic = 1;
106 afl->sync_time = SYNC_TIME;
107 afl->cmplog_lvl = 2;
108 afl->min_length = 1;
109 afl->max_length = MAX_FILE;
110 afl->switch_fuzz_mode = STRATEGY_SWITCH_TIME * 1000;
111 #ifndef NO_SPLICING
112 afl->use_splicing = 1;
113 #endif
114 afl->q_testcase_max_cache_size = TESTCASE_CACHE_SIZE * 1048576UL;
115 afl->q_testcase_max_cache_entries = 64 * 1024;
116
117 #ifdef HAVE_AFFINITY
118 afl->cpu_aff = -1; /* Selected CPU core */
119 #endif /* HAVE_AFFINITY */
120
121 afl->virgin_bits = ck_alloc(map_size);
122 afl->virgin_tmout = ck_alloc(map_size);
123 afl->virgin_crash = ck_alloc(map_size);
124 afl->var_bytes = ck_alloc(map_size);
125 afl->top_rated = ck_alloc(map_size * sizeof(void *));
126 afl->clean_trace = ck_alloc(map_size);
127 afl->clean_trace_custom = ck_alloc(map_size);
128 afl->first_trace = ck_alloc(map_size);
129 afl->map_tmp_buf = ck_alloc(map_size);
130
131 afl->fsrv.use_stdin = 1;
132 afl->fsrv.map_size = map_size;
133 // afl_state_t is not available in forkserver.c
134 afl->fsrv.afl_ptr = (void *)afl;
135 afl->fsrv.add_extra_func = (void (*)(void *, u8 *, u32)) & add_extra;
136 afl->fsrv.exec_tmout = EXEC_TIMEOUT;
137 afl->fsrv.mem_limit = MEM_LIMIT;
138 afl->fsrv.dev_urandom_fd = -1;
139 afl->fsrv.dev_null_fd = -1;
140 afl->fsrv.child_pid = -1;
141 afl->fsrv.out_dir_fd = -1;
142
143 /* Init SkipDet */
144 afl->skipdet_g =
145 (struct skipdet_global *)ck_alloc(sizeof(struct skipdet_global));
146 afl->skipdet_g->inf_prof =
147 (struct inf_profile *)ck_alloc(sizeof(struct inf_profile));
148 afl->havoc_prof =
149 (struct havoc_profile *)ck_alloc(sizeof(struct havoc_profile));
150
151 init_mopt_globals(afl);
152
153 list_append(&afl_states, afl);
154
155 }
156
157 /*This sets up the environment variables for afl-fuzz into the afl_state
158 * struct*/
159
read_afl_environment(afl_state_t * afl,char ** envp)160 void read_afl_environment(afl_state_t *afl, char **envp) {
161
162 int index = 0, issue_detected = 0;
163 char *env;
164 while ((env = envp[index++]) != NULL) {
165
166 if (strncmp(env, "ALF_", 4) == 0) {
167
168 WARNF("Potentially mistyped AFL environment variable: %s", env);
169 issue_detected = 1;
170
171 } else if (strncmp(env, "USE_", 4) == 0) {
172
173 WARNF(
174 "Potentially mistyped AFL environment variable: %s, did you mean "
175 "AFL_%s?",
176 env, env);
177 issue_detected = 1;
178
179 } else if (strncmp(env, "AFL_", 4) == 0) {
180
181 int i = 0, match = 0;
182 while (match == 0 && afl_environment_variables[i] != NULL) {
183
184 size_t afl_environment_variable_len =
185 strlen(afl_environment_variables[i]);
186 if (strncmp(env, afl_environment_variables[i],
187 afl_environment_variable_len) == 0 &&
188 env[afl_environment_variable_len] == '=') {
189
190 match = 1;
191 if (!strncmp(env, "AFL_SKIP_CPUFREQ", afl_environment_variable_len)) {
192
193 afl->afl_env.afl_skip_cpufreq =
194 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
195
196 } else if (!strncmp(env, "AFL_EXIT_WHEN_DONE",
197
198 afl_environment_variable_len)) {
199
200 afl->afl_env.afl_exit_when_done =
201 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
202
203 } else if (!strncmp(env, "AFL_EXIT_ON_TIME",
204
205 afl_environment_variable_len)) {
206
207 afl->afl_env.afl_exit_on_time =
208 (u8 *)get_afl_env(afl_environment_variables[i]);
209
210 } else if (!strncmp(env, "AFL_CRASHING_SEEDS_AS_NEW_CRASH",
211
212 afl_environment_variable_len)) {
213
214 afl->afl_env.afl_crashing_seeds_as_new_crash =
215 atoi((u8 *)get_afl_env(afl_environment_variables[i]));
216
217 } else if (!strncmp(env, "AFL_NO_AFFINITY",
218
219 afl_environment_variable_len)) {
220
221 afl->afl_env.afl_no_affinity =
222 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
223
224 } else if (!strncmp(env, "AFL_NO_WARN_INSTABILITY",
225
226 afl_environment_variable_len)) {
227
228 afl->afl_env.afl_no_warn_instability =
229 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
230
231 } else if (!strncmp(env, "AFL_TRY_AFFINITY",
232
233 afl_environment_variable_len)) {
234
235 afl->afl_env.afl_try_affinity =
236 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
237
238 } else if (!strncmp(env, "AFL_SKIP_CRASHES",
239
240 afl_environment_variable_len)) {
241
242 // we should mark this obsolete in a few versions
243
244 } else if (!strncmp(env, "AFL_HANG_TMOUT",
245
246 afl_environment_variable_len)) {
247
248 afl->afl_env.afl_hang_tmout =
249 (u8 *)get_afl_env(afl_environment_variables[i]);
250
251 } else if (!strncmp(env, "AFL_KEEP_TIMEOUTS",
252
253 afl_environment_variable_len)) {
254
255 afl->afl_env.afl_keep_timeouts =
256 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
257
258 } else if (!strncmp(env, "AFL_SKIP_BIN_CHECK",
259
260 afl_environment_variable_len)) {
261
262 afl->afl_env.afl_skip_bin_check =
263 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
264
265 } else if (!strncmp(env, "AFL_DUMB_FORKSRV",
266
267 afl_environment_variable_len)) {
268
269 afl->afl_env.afl_dumb_forksrv =
270 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
271
272 } else if (!strncmp(env, "AFL_IMPORT_FIRST",
273
274 afl_environment_variable_len)) {
275
276 afl->afl_env.afl_import_first =
277 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
278
279 } else if (!strncmp(env, "AFL_FINAL_SYNC",
280
281 afl_environment_variable_len)) {
282
283 afl->afl_env.afl_final_sync =
284 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
285
286 } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_ONLY",
287
288 afl_environment_variable_len)) {
289
290 afl->afl_env.afl_custom_mutator_only =
291 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
292
293 } else if (!strncmp(env, "AFL_CMPLOG_ONLY_NEW",
294
295 afl_environment_variable_len)) {
296
297 afl->afl_env.afl_cmplog_only_new =
298 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
299
300 } else if (!strncmp(env, "AFL_NO_STARTUP_CALIBRATION",
301
302 afl_environment_variable_len)) {
303
304 afl->afl_env.afl_no_startup_calibration =
305 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
306
307 } else if (!strncmp(env, "AFL_NO_UI", afl_environment_variable_len)) {
308
309 afl->afl_env.afl_no_ui =
310 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
311
312 } else if (!strncmp(env, "AFL_FORCE_UI",
313
314 afl_environment_variable_len)) {
315
316 afl->afl_env.afl_force_ui =
317 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
318
319 } else if (!strncmp(env, "AFL_IGNORE_PROBLEMS",
320
321 afl_environment_variable_len)) {
322
323 afl->afl_env.afl_ignore_problems =
324 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
325
326 } else if (!strncmp(env, "AFL_IGNORE_SEED_PROBLEMS",
327
328 afl_environment_variable_len)) {
329
330 afl->afl_env.afl_ignore_seed_problems =
331 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
332
333 } else if (!strncmp(env, "AFL_IGNORE_TIMEOUTS",
334
335 afl_environment_variable_len)) {
336
337 afl->afl_env.afl_ignore_timeouts =
338 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
339
340 } else if (!strncmp(env, "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES",
341
342 afl_environment_variable_len)) {
343
344 afl->afl_env.afl_i_dont_care_about_missing_crashes =
345 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
346
347 } else if (!strncmp(env, "AFL_BENCH_JUST_ONE",
348
349 afl_environment_variable_len)) {
350
351 afl->afl_env.afl_bench_just_one =
352 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
353
354 } else if (!strncmp(env, "AFL_BENCH_UNTIL_CRASH",
355
356 afl_environment_variable_len)) {
357
358 afl->afl_env.afl_bench_until_crash =
359 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
360
361 } else if (!strncmp(env, "AFL_DEBUG_CHILD",
362
363 afl_environment_variable_len) ||
364 !strncmp(env, "AFL_DEBUG_CHILD_OUTPUT",
365 afl_environment_variable_len)) {
366
367 afl->afl_env.afl_debug_child =
368 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
369
370 } else if (!strncmp(env, "AFL_AUTORESUME",
371
372 afl_environment_variable_len)) {
373
374 afl->afl_env.afl_autoresume =
375 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
376
377 } else if (!strncmp(env, "AFL_PERSISTENT_RECORD",
378
379 afl_environment_variable_len)) {
380
381 afl->afl_env.afl_persistent_record =
382 get_afl_env(afl_environment_variables[i]);
383
384 } else if (!strncmp(env, "AFL_CYCLE_SCHEDULES",
385
386 afl_environment_variable_len)) {
387
388 afl->cycle_schedules = afl->afl_env.afl_cycle_schedules =
389 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
390
391 } else if (!strncmp(env, "AFL_EXIT_ON_SEED_ISSUES",
392
393 afl_environment_variable_len)) {
394
395 afl->afl_env.afl_exit_on_seed_issues =
396 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
397
398 } else if (!strncmp(env, "AFL_EXPAND_HAVOC_NOW",
399
400 afl_environment_variable_len)) {
401
402 afl->expand_havoc = afl->afl_env.afl_expand_havoc =
403 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
404
405 } else if (!strncmp(env, "AFL_CAL_FAST",
406
407 afl_environment_variable_len)) {
408
409 afl->afl_env.afl_cal_fast =
410 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
411
412 } else if (!strncmp(env, "AFL_FAST_CAL",
413
414 afl_environment_variable_len)) {
415
416 afl->afl_env.afl_cal_fast =
417 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
418
419 } else if (!strncmp(env, "AFL_STATSD",
420
421 afl_environment_variable_len)) {
422
423 afl->afl_env.afl_statsd =
424 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
425
426 } else if (!strncmp(env, "AFL_POST_PROCESS_KEEP_ORIGINAL",
427
428 afl_environment_variable_len)) {
429
430 afl->afl_env.afl_post_process_keep_original =
431 get_afl_env(afl_environment_variables[i]) ? 1 : 0;
432
433 } else if (!strncmp(env, "AFL_TMPDIR",
434
435 afl_environment_variable_len)) {
436
437 afl->afl_env.afl_tmpdir =
438 (u8 *)get_afl_env(afl_environment_variables[i]);
439
440 } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_LIBRARY",
441
442 afl_environment_variable_len)) {
443
444 afl->afl_env.afl_custom_mutator_library =
445 (u8 *)get_afl_env(afl_environment_variables[i]);
446
447 } else if (!strncmp(env, "AFL_PYTHON_MODULE",
448
449 afl_environment_variable_len)) {
450
451 afl->afl_env.afl_python_module =
452 (u8 *)get_afl_env(afl_environment_variables[i]);
453
454 } else if (!strncmp(env, "AFL_PATH", afl_environment_variable_len)) {
455
456 afl->afl_env.afl_path =
457 (u8 *)get_afl_env(afl_environment_variables[i]);
458
459 } else if (!strncmp(env, "AFL_PRELOAD",
460
461 afl_environment_variable_len)) {
462
463 afl->afl_env.afl_preload =
464 (u8 *)get_afl_env(afl_environment_variables[i]);
465
466 } else if (!strncmp(env, "AFL_MAX_DET_EXTRAS",
467
468 afl_environment_variable_len)) {
469
470 afl->afl_env.afl_max_det_extras =
471 (u8 *)get_afl_env(afl_environment_variables[i]);
472
473 } else if (!strncmp(env, "AFL_FORKSRV_INIT_TMOUT",
474
475 afl_environment_variable_len)) {
476
477 afl->afl_env.afl_forksrv_init_tmout =
478 (u8 *)get_afl_env(afl_environment_variables[i]);
479
480 } else if (!strncmp(env, "AFL_TESTCACHE_SIZE",
481
482 afl_environment_variable_len)) {
483
484 afl->afl_env.afl_testcache_size =
485 (u8 *)get_afl_env(afl_environment_variables[i]);
486
487 } else if (!strncmp(env, "AFL_TESTCACHE_ENTRIES",
488
489 afl_environment_variable_len)) {
490
491 afl->afl_env.afl_testcache_entries =
492 (u8 *)get_afl_env(afl_environment_variables[i]);
493
494 } else if (!strncmp(env, "AFL_STATSD_HOST",
495
496 afl_environment_variable_len)) {
497
498 afl->afl_env.afl_statsd_host =
499 (u8 *)get_afl_env(afl_environment_variables[i]);
500
501 } else if (!strncmp(env, "AFL_STATSD_PORT",
502
503 afl_environment_variable_len)) {
504
505 afl->afl_env.afl_statsd_port =
506 (u8 *)get_afl_env(afl_environment_variables[i]);
507
508 } else if (!strncmp(env, "AFL_STATSD_TAGS_FLAVOR",
509
510 afl_environment_variable_len)) {
511
512 afl->afl_env.afl_statsd_tags_flavor =
513 (u8 *)get_afl_env(afl_environment_variables[i]);
514
515 } else if (!strncmp(env, "AFL_CRASH_EXITCODE",
516
517 afl_environment_variable_len)) {
518
519 afl->afl_env.afl_crash_exitcode =
520 (u8 *)get_afl_env(afl_environment_variables[i]);
521
522 #if defined USE_COLOR && !defined ALWAYS_COLORED
523
524 } else if (!strncmp(env, "AFL_NO_COLOR",
525
526 afl_environment_variable_len)) {
527
528 afl->afl_env.afl_statsd_tags_flavor =
529 (u8 *)get_afl_env(afl_environment_variables[i]);
530
531 } else if (!strncmp(env, "AFL_NO_COLOUR",
532
533 afl_environment_variable_len)) {
534
535 afl->afl_env.afl_statsd_tags_flavor =
536 (u8 *)get_afl_env(afl_environment_variables[i]);
537 #endif
538
539 } else if (!strncmp(env, "AFL_KILL_SIGNAL",
540
541 afl_environment_variable_len)) {
542
543 afl->afl_env.afl_child_kill_signal =
544 (u8 *)get_afl_env(afl_environment_variables[i]);
545
546 } else if (!strncmp(env, "AFL_FORK_SERVER_KILL_SIGNAL",
547
548 afl_environment_variable_len)) {
549
550 afl->afl_env.afl_fsrv_kill_signal =
551 (u8 *)get_afl_env(afl_environment_variables[i]);
552
553 } else if (!strncmp(env, "AFL_TARGET_ENV",
554
555 afl_environment_variable_len)) {
556
557 afl->afl_env.afl_target_env =
558 (u8 *)get_afl_env(afl_environment_variables[i]);
559
560 } else if (!strncmp(env, "AFL_INPUT_LEN_MIN",
561
562 afl_environment_variable_len)) {
563
564 afl->min_length =
565 atoi((u8 *)get_afl_env(afl_environment_variables[i]));
566
567 } else if (!strncmp(env, "AFL_INPUT_LEN_MAX",
568
569 afl_environment_variable_len)) {
570
571 afl->max_length =
572 atoi((u8 *)get_afl_env(afl_environment_variables[i]));
573
574 } else if (!strncmp(env, "AFL_PIZZA_MODE",
575
576 afl_environment_variable_len)) {
577
578 afl->afl_env.afl_pizza_mode =
579 atoi((u8 *)get_afl_env(afl_environment_variables[i]));
580
581 } else if (!strncmp(env, "AFL_NO_CRASH_README",
582
583 afl_environment_variable_len)) {
584
585 afl->afl_env.afl_no_crash_readme =
586 atoi((u8 *)get_afl_env(afl_environment_variables[i]));
587
588 } else if (!strncmp(env, "AFL_SYNC_TIME",
589
590 afl_environment_variable_len)) {
591
592 int time = atoi((u8 *)get_afl_env(afl_environment_variables[i]));
593 if (time > 0) {
594
595 afl->sync_time = time * (60 * 1000LL);
596
597 } else {
598
599 WARNF(
600 "incorrect value for AFL_SYNC_TIME environment variable, "
601 "used default value %lld instead.",
602 afl->sync_time / 60 / 1000);
603
604 }
605
606 } else if (!strncmp(env, "AFL_FUZZER_STATS_UPDATE_INTERVAL",
607
608 afl_environment_variable_len)) {
609
610 u64 stats_update_freq_sec =
611 strtoull(get_afl_env(afl_environment_variables[i]), NULL, 0);
612 if (stats_update_freq_sec >= UINT_MAX ||
613 0 == stats_update_freq_sec) {
614
615 WARNF(
616 "Incorrect value given to AFL_FUZZER_STATS_UPDATE_INTERVAL, "
617 "using default of %d seconds\n",
618 STATS_UPDATE_SEC);
619
620 } else {
621
622 afl->stats_file_update_freq_msecs = stats_update_freq_sec * 1000;
623
624 }
625
626 }
627
628 } else {
629
630 i++;
631
632 }
633
634 }
635
636 i = 0;
637 while (match == 0 && afl_environment_variables[i] != NULL) {
638
639 if (strncmp(env, afl_environment_variables[i],
640 strlen(afl_environment_variables[i])) == 0 &&
641 env[strlen(afl_environment_variables[i])] == '=') {
642
643 match = 1;
644
645 } else {
646
647 i++;
648
649 }
650
651 }
652
653 i = 0;
654 while (match == 0 && afl_environment_deprecated[i] != NULL) {
655
656 if (strncmp(env, afl_environment_deprecated[i],
657 strlen(afl_environment_deprecated[i])) == 0 &&
658 env[strlen(afl_environment_deprecated[i])] == '=') {
659
660 match = 1;
661
662 WARNF("AFL environment variable %s is deprecated!",
663 afl_environment_deprecated[i]);
664 issue_detected = 1;
665
666 } else {
667
668 i++;
669
670 }
671
672 }
673
674 if (match == 0) {
675
676 WARNF("Mistyped AFL environment variable: %s", env);
677 issue_detected = 1;
678
679 print_suggested_envs(env);
680
681 }
682
683 }
684
685 }
686
687 if (afl->afl_env.afl_pizza_mode > 0) {
688
689 afl->pizza_is_served = 1;
690
691 } else if (afl->afl_env.afl_pizza_mode < 0) {
692
693 OKF("Pizza easter egg mode is now disabled.");
694
695 }
696
697 if (issue_detected) { sleep(2); }
698
699 }
700
701 /* Removes this afl_state instance and frees it. */
702
afl_state_deinit(afl_state_t * afl)703 void afl_state_deinit(afl_state_t *afl) {
704
705 if (afl->in_place_resume) { ck_free(afl->in_dir); }
706 if (afl->sync_id) { ck_free(afl->out_dir); }
707 if (afl->pass_stats) { ck_free(afl->pass_stats); }
708 if (afl->orig_cmp_map) { ck_free(afl->orig_cmp_map); }
709 if (afl->cmplog_binary) { ck_free(afl->cmplog_binary); }
710
711 afl_free(afl->queue_buf);
712 afl_free(afl->out_buf);
713 afl_free(afl->out_scratch_buf);
714 afl_free(afl->eff_buf);
715 afl_free(afl->in_buf);
716 afl_free(afl->in_scratch_buf);
717 afl_free(afl->ex_buf);
718
719 ck_free(afl->virgin_bits);
720 ck_free(afl->virgin_tmout);
721 ck_free(afl->virgin_crash);
722 ck_free(afl->var_bytes);
723 ck_free(afl->top_rated);
724 ck_free(afl->clean_trace);
725 ck_free(afl->clean_trace_custom);
726 ck_free(afl->first_trace);
727 ck_free(afl->map_tmp_buf);
728
729 list_remove(&afl_states, afl);
730
731 }
732
afl_states_stop(void)733 void afl_states_stop(void) {
734
735 /* We may be inside a signal handler.
736 Set flags first, send kill signals to child proceses later. */
737 LIST_FOREACH(&afl_states, afl_state_t, {
738
739 el->stop_soon = 1;
740
741 });
742
743 LIST_FOREACH(&afl_states, afl_state_t, {
744
745 /* NOTE: We need to make sure that the parent (the forkserver) reap the
746 * child (see below). */
747 if (el->fsrv.child_pid > 0)
748 kill(el->fsrv.child_pid, el->fsrv.child_kill_signal);
749 if (el->fsrv.fsrv_pid > 0) {
750
751 kill(el->fsrv.fsrv_pid, el->fsrv.fsrv_kill_signal);
752 /* Make sure the forkserver does not end up as zombie. */
753 waitpid(el->fsrv.fsrv_pid, NULL, 0);
754
755 }
756
757 });
758
759 }
760
afl_states_clear_screen(void)761 void afl_states_clear_screen(void) {
762
763 LIST_FOREACH(&afl_states, afl_state_t, { el->clear_screen = 1; });
764
765 }
766
afl_states_request_skip(void)767 void afl_states_request_skip(void) {
768
769 LIST_FOREACH(&afl_states, afl_state_t, { el->skip_requested = 1; });
770
771 }
772
773