1*08b48e0bSAndroid Build Coastguard Worker /*
2*08b48e0bSAndroid Build Coastguard Worker american fuzzy lop++ - globals declarations
3*08b48e0bSAndroid Build Coastguard Worker -------------------------------------------
4*08b48e0bSAndroid Build Coastguard Worker
5*08b48e0bSAndroid Build Coastguard Worker Originally written by Michal Zalewski
6*08b48e0bSAndroid Build Coastguard Worker
7*08b48e0bSAndroid Build Coastguard Worker Now maintained by Marc Heuse <[email protected]>,
8*08b48e0bSAndroid Build Coastguard Worker Heiko Eißfeldt <[email protected]> and
9*08b48e0bSAndroid Build Coastguard Worker Andrea Fioraldi <[email protected]>
10*08b48e0bSAndroid Build Coastguard Worker
11*08b48e0bSAndroid Build Coastguard Worker Copyright 2016, 2017 Google Inc. All rights reserved.
12*08b48e0bSAndroid Build Coastguard Worker Copyright 2019-2024 AFLplusplus Project. All rights reserved.
13*08b48e0bSAndroid Build Coastguard Worker
14*08b48e0bSAndroid Build Coastguard Worker Licensed under the Apache License, Version 2.0 (the "License");
15*08b48e0bSAndroid Build Coastguard Worker you may not use this file except in compliance with the License.
16*08b48e0bSAndroid Build Coastguard Worker You may obtain a copy of the License at:
17*08b48e0bSAndroid Build Coastguard Worker
18*08b48e0bSAndroid Build Coastguard Worker https://www.apache.org/licenses/LICENSE-2.0
19*08b48e0bSAndroid Build Coastguard Worker
20*08b48e0bSAndroid Build Coastguard Worker This is the real deal: the program takes an instrumented binary and
21*08b48e0bSAndroid Build Coastguard Worker attempts a variety of basic fuzzing tricks, paying close attention to
22*08b48e0bSAndroid Build Coastguard Worker how they affect the execution path.
23*08b48e0bSAndroid Build Coastguard Worker
24*08b48e0bSAndroid Build Coastguard Worker */
25*08b48e0bSAndroid Build Coastguard Worker
26*08b48e0bSAndroid Build Coastguard Worker #include <signal.h>
27*08b48e0bSAndroid Build Coastguard Worker #include <limits.h>
28*08b48e0bSAndroid Build Coastguard Worker #include "afl-fuzz.h"
29*08b48e0bSAndroid Build Coastguard Worker #include "envs.h"
30*08b48e0bSAndroid Build Coastguard Worker
31*08b48e0bSAndroid Build Coastguard Worker s8 interesting_8[] = {INTERESTING_8};
32*08b48e0bSAndroid Build Coastguard Worker s16 interesting_16[] = {INTERESTING_8, INTERESTING_16};
33*08b48e0bSAndroid Build Coastguard Worker s32 interesting_32[] = {INTERESTING_8, INTERESTING_16, INTERESTING_32};
34*08b48e0bSAndroid Build Coastguard Worker
35*08b48e0bSAndroid Build Coastguard Worker char *power_names[POWER_SCHEDULES_NUM] = {"explore", "mmopt", "exploit",
36*08b48e0bSAndroid Build Coastguard Worker "fast", "coe", "lin",
37*08b48e0bSAndroid Build Coastguard Worker "quad", "rare", "seek"};
38*08b48e0bSAndroid Build Coastguard Worker
39*08b48e0bSAndroid Build Coastguard Worker /* Initialize MOpt "globals" for this afl state */
40*08b48e0bSAndroid Build Coastguard Worker
init_mopt_globals(afl_state_t * afl)41*08b48e0bSAndroid Build Coastguard Worker static void init_mopt_globals(afl_state_t *afl) {
42*08b48e0bSAndroid Build Coastguard Worker
43*08b48e0bSAndroid Build Coastguard Worker MOpt_globals_t *core = &afl->mopt_globals_core;
44*08b48e0bSAndroid Build Coastguard Worker core->finds = afl->core_operator_finds_puppet;
45*08b48e0bSAndroid Build Coastguard Worker core->finds_v2 = afl->core_operator_finds_puppet_v2;
46*08b48e0bSAndroid Build Coastguard Worker core->cycles = afl->core_operator_cycles_puppet;
47*08b48e0bSAndroid Build Coastguard Worker core->cycles_v2 = afl->core_operator_cycles_puppet_v2;
48*08b48e0bSAndroid Build Coastguard Worker core->cycles_v3 = afl->core_operator_cycles_puppet_v3;
49*08b48e0bSAndroid Build Coastguard Worker core->is_pilot_mode = 0;
50*08b48e0bSAndroid Build Coastguard Worker core->pTime = &afl->tmp_core_time;
51*08b48e0bSAndroid Build Coastguard Worker core->period = period_core;
52*08b48e0bSAndroid Build Coastguard Worker core->havoc_stagename = "MOpt-core-havoc";
53*08b48e0bSAndroid Build Coastguard Worker core->splice_stageformat = "MOpt-core-splice %u";
54*08b48e0bSAndroid Build Coastguard Worker core->havoc_stagenameshort = "MOpt_core_havoc";
55*08b48e0bSAndroid Build Coastguard Worker core->splice_stagenameshort = "MOpt_core_splice";
56*08b48e0bSAndroid Build Coastguard Worker
57*08b48e0bSAndroid Build Coastguard Worker MOpt_globals_t *pilot = &afl->mopt_globals_pilot;
58*08b48e0bSAndroid Build Coastguard Worker pilot->finds = afl->stage_finds_puppet[0];
59*08b48e0bSAndroid Build Coastguard Worker pilot->finds_v2 = afl->stage_finds_puppet_v2[0];
60*08b48e0bSAndroid Build Coastguard Worker pilot->cycles = afl->stage_cycles_puppet[0];
61*08b48e0bSAndroid Build Coastguard Worker pilot->cycles_v2 = afl->stage_cycles_puppet_v2[0];
62*08b48e0bSAndroid Build Coastguard Worker pilot->cycles_v3 = afl->stage_cycles_puppet_v3[0];
63*08b48e0bSAndroid Build Coastguard Worker pilot->is_pilot_mode = 1;
64*08b48e0bSAndroid Build Coastguard Worker pilot->pTime = &afl->tmp_pilot_time;
65*08b48e0bSAndroid Build Coastguard Worker pilot->period = period_pilot;
66*08b48e0bSAndroid Build Coastguard Worker pilot->havoc_stagename = "MOpt-havoc";
67*08b48e0bSAndroid Build Coastguard Worker pilot->splice_stageformat = "MOpt-splice %u";
68*08b48e0bSAndroid Build Coastguard Worker pilot->havoc_stagenameshort = "MOpt_havoc";
69*08b48e0bSAndroid Build Coastguard Worker pilot->splice_stagenameshort = "MOpt_splice";
70*08b48e0bSAndroid Build Coastguard Worker
71*08b48e0bSAndroid Build Coastguard Worker }
72*08b48e0bSAndroid Build Coastguard Worker
73*08b48e0bSAndroid Build Coastguard Worker /* A global pointer to all instances is needed (for now) for signals to arrive
74*08b48e0bSAndroid Build Coastguard Worker */
75*08b48e0bSAndroid Build Coastguard Worker
76*08b48e0bSAndroid Build Coastguard Worker static list_t afl_states = {.element_prealloc_count = 0};
77*08b48e0bSAndroid Build Coastguard Worker
78*08b48e0bSAndroid Build Coastguard Worker /* Initializes an afl_state_t. */
79*08b48e0bSAndroid Build Coastguard Worker
afl_state_init(afl_state_t * afl,uint32_t map_size)80*08b48e0bSAndroid Build Coastguard Worker void afl_state_init(afl_state_t *afl, uint32_t map_size) {
81*08b48e0bSAndroid Build Coastguard Worker
82*08b48e0bSAndroid Build Coastguard Worker /* thanks to this memset, growing vars like out_buf
83*08b48e0bSAndroid Build Coastguard Worker and out_size are NULL/0 by default. */
84*08b48e0bSAndroid Build Coastguard Worker memset(afl, 0, sizeof(afl_state_t));
85*08b48e0bSAndroid Build Coastguard Worker
86*08b48e0bSAndroid Build Coastguard Worker afl->shm.map_size = map_size ? map_size : MAP_SIZE;
87*08b48e0bSAndroid Build Coastguard Worker
88*08b48e0bSAndroid Build Coastguard Worker afl->w_init = 0.9;
89*08b48e0bSAndroid Build Coastguard Worker afl->w_end = 0.3;
90*08b48e0bSAndroid Build Coastguard Worker afl->g_max = 5000;
91*08b48e0bSAndroid Build Coastguard Worker afl->period_pilot_tmp = 5000.0;
92*08b48e0bSAndroid Build Coastguard Worker afl->schedule = EXPLORE; /* Power schedule (default: EXPLORE)*/
93*08b48e0bSAndroid Build Coastguard Worker afl->havoc_max_mult = HAVOC_MAX_MULT;
94*08b48e0bSAndroid Build Coastguard Worker afl->clear_screen = 1; /* Window resized? */
95*08b48e0bSAndroid Build Coastguard Worker afl->havoc_div = 1; /* Cycle count divisor for havoc */
96*08b48e0bSAndroid Build Coastguard Worker afl->stage_name = "init"; /* Name of the current fuzz stage */
97*08b48e0bSAndroid Build Coastguard Worker afl->splicing_with = -1; /* Splicing with which test case? */
98*08b48e0bSAndroid Build Coastguard Worker afl->cpu_to_bind = -1;
99*08b48e0bSAndroid Build Coastguard Worker afl->havoc_stack_pow2 = HAVOC_STACK_POW2;
100*08b48e0bSAndroid Build Coastguard Worker afl->hang_tmout = EXEC_TIMEOUT;
101*08b48e0bSAndroid Build Coastguard Worker afl->exit_on_time = 0;
102*08b48e0bSAndroid Build Coastguard Worker afl->stats_update_freq = 1;
103*08b48e0bSAndroid Build Coastguard Worker afl->stats_file_update_freq_msecs = STATS_UPDATE_SEC * 1000;
104*08b48e0bSAndroid Build Coastguard Worker afl->stats_avg_exec = 0;
105*08b48e0bSAndroid Build Coastguard Worker afl->skip_deterministic = 1;
106*08b48e0bSAndroid Build Coastguard Worker afl->sync_time = SYNC_TIME;
107*08b48e0bSAndroid Build Coastguard Worker afl->cmplog_lvl = 2;
108*08b48e0bSAndroid Build Coastguard Worker afl->min_length = 1;
109*08b48e0bSAndroid Build Coastguard Worker afl->max_length = MAX_FILE;
110*08b48e0bSAndroid Build Coastguard Worker afl->switch_fuzz_mode = STRATEGY_SWITCH_TIME * 1000;
111*08b48e0bSAndroid Build Coastguard Worker #ifndef NO_SPLICING
112*08b48e0bSAndroid Build Coastguard Worker afl->use_splicing = 1;
113*08b48e0bSAndroid Build Coastguard Worker #endif
114*08b48e0bSAndroid Build Coastguard Worker afl->q_testcase_max_cache_size = TESTCASE_CACHE_SIZE * 1048576UL;
115*08b48e0bSAndroid Build Coastguard Worker afl->q_testcase_max_cache_entries = 64 * 1024;
116*08b48e0bSAndroid Build Coastguard Worker
117*08b48e0bSAndroid Build Coastguard Worker #ifdef HAVE_AFFINITY
118*08b48e0bSAndroid Build Coastguard Worker afl->cpu_aff = -1; /* Selected CPU core */
119*08b48e0bSAndroid Build Coastguard Worker #endif /* HAVE_AFFINITY */
120*08b48e0bSAndroid Build Coastguard Worker
121*08b48e0bSAndroid Build Coastguard Worker afl->virgin_bits = ck_alloc(map_size);
122*08b48e0bSAndroid Build Coastguard Worker afl->virgin_tmout = ck_alloc(map_size);
123*08b48e0bSAndroid Build Coastguard Worker afl->virgin_crash = ck_alloc(map_size);
124*08b48e0bSAndroid Build Coastguard Worker afl->var_bytes = ck_alloc(map_size);
125*08b48e0bSAndroid Build Coastguard Worker afl->top_rated = ck_alloc(map_size * sizeof(void *));
126*08b48e0bSAndroid Build Coastguard Worker afl->clean_trace = ck_alloc(map_size);
127*08b48e0bSAndroid Build Coastguard Worker afl->clean_trace_custom = ck_alloc(map_size);
128*08b48e0bSAndroid Build Coastguard Worker afl->first_trace = ck_alloc(map_size);
129*08b48e0bSAndroid Build Coastguard Worker afl->map_tmp_buf = ck_alloc(map_size);
130*08b48e0bSAndroid Build Coastguard Worker
131*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.use_stdin = 1;
132*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.map_size = map_size;
133*08b48e0bSAndroid Build Coastguard Worker // afl_state_t is not available in forkserver.c
134*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.afl_ptr = (void *)afl;
135*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.add_extra_func = (void (*)(void *, u8 *, u32)) & add_extra;
136*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.exec_tmout = EXEC_TIMEOUT;
137*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.mem_limit = MEM_LIMIT;
138*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.dev_urandom_fd = -1;
139*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.dev_null_fd = -1;
140*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.child_pid = -1;
141*08b48e0bSAndroid Build Coastguard Worker afl->fsrv.out_dir_fd = -1;
142*08b48e0bSAndroid Build Coastguard Worker
143*08b48e0bSAndroid Build Coastguard Worker /* Init SkipDet */
144*08b48e0bSAndroid Build Coastguard Worker afl->skipdet_g =
145*08b48e0bSAndroid Build Coastguard Worker (struct skipdet_global *)ck_alloc(sizeof(struct skipdet_global));
146*08b48e0bSAndroid Build Coastguard Worker afl->skipdet_g->inf_prof =
147*08b48e0bSAndroid Build Coastguard Worker (struct inf_profile *)ck_alloc(sizeof(struct inf_profile));
148*08b48e0bSAndroid Build Coastguard Worker afl->havoc_prof =
149*08b48e0bSAndroid Build Coastguard Worker (struct havoc_profile *)ck_alloc(sizeof(struct havoc_profile));
150*08b48e0bSAndroid Build Coastguard Worker
151*08b48e0bSAndroid Build Coastguard Worker init_mopt_globals(afl);
152*08b48e0bSAndroid Build Coastguard Worker
153*08b48e0bSAndroid Build Coastguard Worker list_append(&afl_states, afl);
154*08b48e0bSAndroid Build Coastguard Worker
155*08b48e0bSAndroid Build Coastguard Worker }
156*08b48e0bSAndroid Build Coastguard Worker
157*08b48e0bSAndroid Build Coastguard Worker /*This sets up the environment variables for afl-fuzz into the afl_state
158*08b48e0bSAndroid Build Coastguard Worker * struct*/
159*08b48e0bSAndroid Build Coastguard Worker
read_afl_environment(afl_state_t * afl,char ** envp)160*08b48e0bSAndroid Build Coastguard Worker void read_afl_environment(afl_state_t *afl, char **envp) {
161*08b48e0bSAndroid Build Coastguard Worker
162*08b48e0bSAndroid Build Coastguard Worker int index = 0, issue_detected = 0;
163*08b48e0bSAndroid Build Coastguard Worker char *env;
164*08b48e0bSAndroid Build Coastguard Worker while ((env = envp[index++]) != NULL) {
165*08b48e0bSAndroid Build Coastguard Worker
166*08b48e0bSAndroid Build Coastguard Worker if (strncmp(env, "ALF_", 4) == 0) {
167*08b48e0bSAndroid Build Coastguard Worker
168*08b48e0bSAndroid Build Coastguard Worker WARNF("Potentially mistyped AFL environment variable: %s", env);
169*08b48e0bSAndroid Build Coastguard Worker issue_detected = 1;
170*08b48e0bSAndroid Build Coastguard Worker
171*08b48e0bSAndroid Build Coastguard Worker } else if (strncmp(env, "USE_", 4) == 0) {
172*08b48e0bSAndroid Build Coastguard Worker
173*08b48e0bSAndroid Build Coastguard Worker WARNF(
174*08b48e0bSAndroid Build Coastguard Worker "Potentially mistyped AFL environment variable: %s, did you mean "
175*08b48e0bSAndroid Build Coastguard Worker "AFL_%s?",
176*08b48e0bSAndroid Build Coastguard Worker env, env);
177*08b48e0bSAndroid Build Coastguard Worker issue_detected = 1;
178*08b48e0bSAndroid Build Coastguard Worker
179*08b48e0bSAndroid Build Coastguard Worker } else if (strncmp(env, "AFL_", 4) == 0) {
180*08b48e0bSAndroid Build Coastguard Worker
181*08b48e0bSAndroid Build Coastguard Worker int i = 0, match = 0;
182*08b48e0bSAndroid Build Coastguard Worker while (match == 0 && afl_environment_variables[i] != NULL) {
183*08b48e0bSAndroid Build Coastguard Worker
184*08b48e0bSAndroid Build Coastguard Worker size_t afl_environment_variable_len =
185*08b48e0bSAndroid Build Coastguard Worker strlen(afl_environment_variables[i]);
186*08b48e0bSAndroid Build Coastguard Worker if (strncmp(env, afl_environment_variables[i],
187*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len) == 0 &&
188*08b48e0bSAndroid Build Coastguard Worker env[afl_environment_variable_len] == '=') {
189*08b48e0bSAndroid Build Coastguard Worker
190*08b48e0bSAndroid Build Coastguard Worker match = 1;
191*08b48e0bSAndroid Build Coastguard Worker if (!strncmp(env, "AFL_SKIP_CPUFREQ", afl_environment_variable_len)) {
192*08b48e0bSAndroid Build Coastguard Worker
193*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_skip_cpufreq =
194*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
195*08b48e0bSAndroid Build Coastguard Worker
196*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_EXIT_WHEN_DONE",
197*08b48e0bSAndroid Build Coastguard Worker
198*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
199*08b48e0bSAndroid Build Coastguard Worker
200*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_exit_when_done =
201*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
202*08b48e0bSAndroid Build Coastguard Worker
203*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_EXIT_ON_TIME",
204*08b48e0bSAndroid Build Coastguard Worker
205*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
206*08b48e0bSAndroid Build Coastguard Worker
207*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_exit_on_time =
208*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
209*08b48e0bSAndroid Build Coastguard Worker
210*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_CRASHING_SEEDS_AS_NEW_CRASH",
211*08b48e0bSAndroid Build Coastguard Worker
212*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
213*08b48e0bSAndroid Build Coastguard Worker
214*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_crashing_seeds_as_new_crash =
215*08b48e0bSAndroid Build Coastguard Worker atoi((u8 *)get_afl_env(afl_environment_variables[i]));
216*08b48e0bSAndroid Build Coastguard Worker
217*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_NO_AFFINITY",
218*08b48e0bSAndroid Build Coastguard Worker
219*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
220*08b48e0bSAndroid Build Coastguard Worker
221*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_no_affinity =
222*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
223*08b48e0bSAndroid Build Coastguard Worker
224*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_NO_WARN_INSTABILITY",
225*08b48e0bSAndroid Build Coastguard Worker
226*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
227*08b48e0bSAndroid Build Coastguard Worker
228*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_no_warn_instability =
229*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
230*08b48e0bSAndroid Build Coastguard Worker
231*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_TRY_AFFINITY",
232*08b48e0bSAndroid Build Coastguard Worker
233*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
234*08b48e0bSAndroid Build Coastguard Worker
235*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_try_affinity =
236*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
237*08b48e0bSAndroid Build Coastguard Worker
238*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_SKIP_CRASHES",
239*08b48e0bSAndroid Build Coastguard Worker
240*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
241*08b48e0bSAndroid Build Coastguard Worker
242*08b48e0bSAndroid Build Coastguard Worker // we should mark this obsolete in a few versions
243*08b48e0bSAndroid Build Coastguard Worker
244*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_HANG_TMOUT",
245*08b48e0bSAndroid Build Coastguard Worker
246*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
247*08b48e0bSAndroid Build Coastguard Worker
248*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_hang_tmout =
249*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
250*08b48e0bSAndroid Build Coastguard Worker
251*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_KEEP_TIMEOUTS",
252*08b48e0bSAndroid Build Coastguard Worker
253*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
254*08b48e0bSAndroid Build Coastguard Worker
255*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_keep_timeouts =
256*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
257*08b48e0bSAndroid Build Coastguard Worker
258*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_SKIP_BIN_CHECK",
259*08b48e0bSAndroid Build Coastguard Worker
260*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
261*08b48e0bSAndroid Build Coastguard Worker
262*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_skip_bin_check =
263*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
264*08b48e0bSAndroid Build Coastguard Worker
265*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_DUMB_FORKSRV",
266*08b48e0bSAndroid Build Coastguard Worker
267*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
268*08b48e0bSAndroid Build Coastguard Worker
269*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_dumb_forksrv =
270*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
271*08b48e0bSAndroid Build Coastguard Worker
272*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_IMPORT_FIRST",
273*08b48e0bSAndroid Build Coastguard Worker
274*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
275*08b48e0bSAndroid Build Coastguard Worker
276*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_import_first =
277*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
278*08b48e0bSAndroid Build Coastguard Worker
279*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_FINAL_SYNC",
280*08b48e0bSAndroid Build Coastguard Worker
281*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
282*08b48e0bSAndroid Build Coastguard Worker
283*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_final_sync =
284*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
285*08b48e0bSAndroid Build Coastguard Worker
286*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_ONLY",
287*08b48e0bSAndroid Build Coastguard Worker
288*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
289*08b48e0bSAndroid Build Coastguard Worker
290*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_custom_mutator_only =
291*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
292*08b48e0bSAndroid Build Coastguard Worker
293*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_CMPLOG_ONLY_NEW",
294*08b48e0bSAndroid Build Coastguard Worker
295*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
296*08b48e0bSAndroid Build Coastguard Worker
297*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_cmplog_only_new =
298*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
299*08b48e0bSAndroid Build Coastguard Worker
300*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_NO_STARTUP_CALIBRATION",
301*08b48e0bSAndroid Build Coastguard Worker
302*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
303*08b48e0bSAndroid Build Coastguard Worker
304*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_no_startup_calibration =
305*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
306*08b48e0bSAndroid Build Coastguard Worker
307*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_NO_UI", afl_environment_variable_len)) {
308*08b48e0bSAndroid Build Coastguard Worker
309*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_no_ui =
310*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
311*08b48e0bSAndroid Build Coastguard Worker
312*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_FORCE_UI",
313*08b48e0bSAndroid Build Coastguard Worker
314*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
315*08b48e0bSAndroid Build Coastguard Worker
316*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_force_ui =
317*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
318*08b48e0bSAndroid Build Coastguard Worker
319*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_IGNORE_PROBLEMS",
320*08b48e0bSAndroid Build Coastguard Worker
321*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
322*08b48e0bSAndroid Build Coastguard Worker
323*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_ignore_problems =
324*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
325*08b48e0bSAndroid Build Coastguard Worker
326*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_IGNORE_SEED_PROBLEMS",
327*08b48e0bSAndroid Build Coastguard Worker
328*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
329*08b48e0bSAndroid Build Coastguard Worker
330*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_ignore_seed_problems =
331*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
332*08b48e0bSAndroid Build Coastguard Worker
333*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_IGNORE_TIMEOUTS",
334*08b48e0bSAndroid Build Coastguard Worker
335*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
336*08b48e0bSAndroid Build Coastguard Worker
337*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_ignore_timeouts =
338*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
339*08b48e0bSAndroid Build Coastguard Worker
340*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES",
341*08b48e0bSAndroid Build Coastguard Worker
342*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
343*08b48e0bSAndroid Build Coastguard Worker
344*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_i_dont_care_about_missing_crashes =
345*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
346*08b48e0bSAndroid Build Coastguard Worker
347*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_BENCH_JUST_ONE",
348*08b48e0bSAndroid Build Coastguard Worker
349*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
350*08b48e0bSAndroid Build Coastguard Worker
351*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_bench_just_one =
352*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
353*08b48e0bSAndroid Build Coastguard Worker
354*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_BENCH_UNTIL_CRASH",
355*08b48e0bSAndroid Build Coastguard Worker
356*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
357*08b48e0bSAndroid Build Coastguard Worker
358*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_bench_until_crash =
359*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
360*08b48e0bSAndroid Build Coastguard Worker
361*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_DEBUG_CHILD",
362*08b48e0bSAndroid Build Coastguard Worker
363*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len) ||
364*08b48e0bSAndroid Build Coastguard Worker !strncmp(env, "AFL_DEBUG_CHILD_OUTPUT",
365*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
366*08b48e0bSAndroid Build Coastguard Worker
367*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_debug_child =
368*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
369*08b48e0bSAndroid Build Coastguard Worker
370*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_AUTORESUME",
371*08b48e0bSAndroid Build Coastguard Worker
372*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
373*08b48e0bSAndroid Build Coastguard Worker
374*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_autoresume =
375*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
376*08b48e0bSAndroid Build Coastguard Worker
377*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_PERSISTENT_RECORD",
378*08b48e0bSAndroid Build Coastguard Worker
379*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
380*08b48e0bSAndroid Build Coastguard Worker
381*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_persistent_record =
382*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]);
383*08b48e0bSAndroid Build Coastguard Worker
384*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_CYCLE_SCHEDULES",
385*08b48e0bSAndroid Build Coastguard Worker
386*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
387*08b48e0bSAndroid Build Coastguard Worker
388*08b48e0bSAndroid Build Coastguard Worker afl->cycle_schedules = afl->afl_env.afl_cycle_schedules =
389*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
390*08b48e0bSAndroid Build Coastguard Worker
391*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_EXIT_ON_SEED_ISSUES",
392*08b48e0bSAndroid Build Coastguard Worker
393*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
394*08b48e0bSAndroid Build Coastguard Worker
395*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_exit_on_seed_issues =
396*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
397*08b48e0bSAndroid Build Coastguard Worker
398*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_EXPAND_HAVOC_NOW",
399*08b48e0bSAndroid Build Coastguard Worker
400*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
401*08b48e0bSAndroid Build Coastguard Worker
402*08b48e0bSAndroid Build Coastguard Worker afl->expand_havoc = afl->afl_env.afl_expand_havoc =
403*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
404*08b48e0bSAndroid Build Coastguard Worker
405*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_CAL_FAST",
406*08b48e0bSAndroid Build Coastguard Worker
407*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
408*08b48e0bSAndroid Build Coastguard Worker
409*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_cal_fast =
410*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
411*08b48e0bSAndroid Build Coastguard Worker
412*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_FAST_CAL",
413*08b48e0bSAndroid Build Coastguard Worker
414*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
415*08b48e0bSAndroid Build Coastguard Worker
416*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_cal_fast =
417*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
418*08b48e0bSAndroid Build Coastguard Worker
419*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_STATSD",
420*08b48e0bSAndroid Build Coastguard Worker
421*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
422*08b48e0bSAndroid Build Coastguard Worker
423*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_statsd =
424*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
425*08b48e0bSAndroid Build Coastguard Worker
426*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_POST_PROCESS_KEEP_ORIGINAL",
427*08b48e0bSAndroid Build Coastguard Worker
428*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
429*08b48e0bSAndroid Build Coastguard Worker
430*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_post_process_keep_original =
431*08b48e0bSAndroid Build Coastguard Worker get_afl_env(afl_environment_variables[i]) ? 1 : 0;
432*08b48e0bSAndroid Build Coastguard Worker
433*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_TMPDIR",
434*08b48e0bSAndroid Build Coastguard Worker
435*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
436*08b48e0bSAndroid Build Coastguard Worker
437*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_tmpdir =
438*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
439*08b48e0bSAndroid Build Coastguard Worker
440*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_LIBRARY",
441*08b48e0bSAndroid Build Coastguard Worker
442*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
443*08b48e0bSAndroid Build Coastguard Worker
444*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_custom_mutator_library =
445*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
446*08b48e0bSAndroid Build Coastguard Worker
447*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_PYTHON_MODULE",
448*08b48e0bSAndroid Build Coastguard Worker
449*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
450*08b48e0bSAndroid Build Coastguard Worker
451*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_python_module =
452*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
453*08b48e0bSAndroid Build Coastguard Worker
454*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_PATH", afl_environment_variable_len)) {
455*08b48e0bSAndroid Build Coastguard Worker
456*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_path =
457*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
458*08b48e0bSAndroid Build Coastguard Worker
459*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_PRELOAD",
460*08b48e0bSAndroid Build Coastguard Worker
461*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
462*08b48e0bSAndroid Build Coastguard Worker
463*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_preload =
464*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
465*08b48e0bSAndroid Build Coastguard Worker
466*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_MAX_DET_EXTRAS",
467*08b48e0bSAndroid Build Coastguard Worker
468*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
469*08b48e0bSAndroid Build Coastguard Worker
470*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_max_det_extras =
471*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
472*08b48e0bSAndroid Build Coastguard Worker
473*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_FORKSRV_INIT_TMOUT",
474*08b48e0bSAndroid Build Coastguard Worker
475*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
476*08b48e0bSAndroid Build Coastguard Worker
477*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_forksrv_init_tmout =
478*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
479*08b48e0bSAndroid Build Coastguard Worker
480*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_TESTCACHE_SIZE",
481*08b48e0bSAndroid Build Coastguard Worker
482*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
483*08b48e0bSAndroid Build Coastguard Worker
484*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_testcache_size =
485*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
486*08b48e0bSAndroid Build Coastguard Worker
487*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_TESTCACHE_ENTRIES",
488*08b48e0bSAndroid Build Coastguard Worker
489*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
490*08b48e0bSAndroid Build Coastguard Worker
491*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_testcache_entries =
492*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
493*08b48e0bSAndroid Build Coastguard Worker
494*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_STATSD_HOST",
495*08b48e0bSAndroid Build Coastguard Worker
496*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
497*08b48e0bSAndroid Build Coastguard Worker
498*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_statsd_host =
499*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
500*08b48e0bSAndroid Build Coastguard Worker
501*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_STATSD_PORT",
502*08b48e0bSAndroid Build Coastguard Worker
503*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
504*08b48e0bSAndroid Build Coastguard Worker
505*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_statsd_port =
506*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
507*08b48e0bSAndroid Build Coastguard Worker
508*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_STATSD_TAGS_FLAVOR",
509*08b48e0bSAndroid Build Coastguard Worker
510*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
511*08b48e0bSAndroid Build Coastguard Worker
512*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_statsd_tags_flavor =
513*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
514*08b48e0bSAndroid Build Coastguard Worker
515*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_CRASH_EXITCODE",
516*08b48e0bSAndroid Build Coastguard Worker
517*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
518*08b48e0bSAndroid Build Coastguard Worker
519*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_crash_exitcode =
520*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
521*08b48e0bSAndroid Build Coastguard Worker
522*08b48e0bSAndroid Build Coastguard Worker #if defined USE_COLOR && !defined ALWAYS_COLORED
523*08b48e0bSAndroid Build Coastguard Worker
524*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_NO_COLOR",
525*08b48e0bSAndroid Build Coastguard Worker
526*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
527*08b48e0bSAndroid Build Coastguard Worker
528*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_statsd_tags_flavor =
529*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
530*08b48e0bSAndroid Build Coastguard Worker
531*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_NO_COLOUR",
532*08b48e0bSAndroid Build Coastguard Worker
533*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
534*08b48e0bSAndroid Build Coastguard Worker
535*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_statsd_tags_flavor =
536*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
537*08b48e0bSAndroid Build Coastguard Worker #endif
538*08b48e0bSAndroid Build Coastguard Worker
539*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_KILL_SIGNAL",
540*08b48e0bSAndroid Build Coastguard Worker
541*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
542*08b48e0bSAndroid Build Coastguard Worker
543*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_child_kill_signal =
544*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
545*08b48e0bSAndroid Build Coastguard Worker
546*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_FORK_SERVER_KILL_SIGNAL",
547*08b48e0bSAndroid Build Coastguard Worker
548*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
549*08b48e0bSAndroid Build Coastguard Worker
550*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_fsrv_kill_signal =
551*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
552*08b48e0bSAndroid Build Coastguard Worker
553*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_TARGET_ENV",
554*08b48e0bSAndroid Build Coastguard Worker
555*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
556*08b48e0bSAndroid Build Coastguard Worker
557*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_target_env =
558*08b48e0bSAndroid Build Coastguard Worker (u8 *)get_afl_env(afl_environment_variables[i]);
559*08b48e0bSAndroid Build Coastguard Worker
560*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_INPUT_LEN_MIN",
561*08b48e0bSAndroid Build Coastguard Worker
562*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
563*08b48e0bSAndroid Build Coastguard Worker
564*08b48e0bSAndroid Build Coastguard Worker afl->min_length =
565*08b48e0bSAndroid Build Coastguard Worker atoi((u8 *)get_afl_env(afl_environment_variables[i]));
566*08b48e0bSAndroid Build Coastguard Worker
567*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_INPUT_LEN_MAX",
568*08b48e0bSAndroid Build Coastguard Worker
569*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
570*08b48e0bSAndroid Build Coastguard Worker
571*08b48e0bSAndroid Build Coastguard Worker afl->max_length =
572*08b48e0bSAndroid Build Coastguard Worker atoi((u8 *)get_afl_env(afl_environment_variables[i]));
573*08b48e0bSAndroid Build Coastguard Worker
574*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_PIZZA_MODE",
575*08b48e0bSAndroid Build Coastguard Worker
576*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
577*08b48e0bSAndroid Build Coastguard Worker
578*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_pizza_mode =
579*08b48e0bSAndroid Build Coastguard Worker atoi((u8 *)get_afl_env(afl_environment_variables[i]));
580*08b48e0bSAndroid Build Coastguard Worker
581*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_NO_CRASH_README",
582*08b48e0bSAndroid Build Coastguard Worker
583*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
584*08b48e0bSAndroid Build Coastguard Worker
585*08b48e0bSAndroid Build Coastguard Worker afl->afl_env.afl_no_crash_readme =
586*08b48e0bSAndroid Build Coastguard Worker atoi((u8 *)get_afl_env(afl_environment_variables[i]));
587*08b48e0bSAndroid Build Coastguard Worker
588*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_SYNC_TIME",
589*08b48e0bSAndroid Build Coastguard Worker
590*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
591*08b48e0bSAndroid Build Coastguard Worker
592*08b48e0bSAndroid Build Coastguard Worker int time = atoi((u8 *)get_afl_env(afl_environment_variables[i]));
593*08b48e0bSAndroid Build Coastguard Worker if (time > 0) {
594*08b48e0bSAndroid Build Coastguard Worker
595*08b48e0bSAndroid Build Coastguard Worker afl->sync_time = time * (60 * 1000LL);
596*08b48e0bSAndroid Build Coastguard Worker
597*08b48e0bSAndroid Build Coastguard Worker } else {
598*08b48e0bSAndroid Build Coastguard Worker
599*08b48e0bSAndroid Build Coastguard Worker WARNF(
600*08b48e0bSAndroid Build Coastguard Worker "incorrect value for AFL_SYNC_TIME environment variable, "
601*08b48e0bSAndroid Build Coastguard Worker "used default value %lld instead.",
602*08b48e0bSAndroid Build Coastguard Worker afl->sync_time / 60 / 1000);
603*08b48e0bSAndroid Build Coastguard Worker
604*08b48e0bSAndroid Build Coastguard Worker }
605*08b48e0bSAndroid Build Coastguard Worker
606*08b48e0bSAndroid Build Coastguard Worker } else if (!strncmp(env, "AFL_FUZZER_STATS_UPDATE_INTERVAL",
607*08b48e0bSAndroid Build Coastguard Worker
608*08b48e0bSAndroid Build Coastguard Worker afl_environment_variable_len)) {
609*08b48e0bSAndroid Build Coastguard Worker
610*08b48e0bSAndroid Build Coastguard Worker u64 stats_update_freq_sec =
611*08b48e0bSAndroid Build Coastguard Worker strtoull(get_afl_env(afl_environment_variables[i]), NULL, 0);
612*08b48e0bSAndroid Build Coastguard Worker if (stats_update_freq_sec >= UINT_MAX ||
613*08b48e0bSAndroid Build Coastguard Worker 0 == stats_update_freq_sec) {
614*08b48e0bSAndroid Build Coastguard Worker
615*08b48e0bSAndroid Build Coastguard Worker WARNF(
616*08b48e0bSAndroid Build Coastguard Worker "Incorrect value given to AFL_FUZZER_STATS_UPDATE_INTERVAL, "
617*08b48e0bSAndroid Build Coastguard Worker "using default of %d seconds\n",
618*08b48e0bSAndroid Build Coastguard Worker STATS_UPDATE_SEC);
619*08b48e0bSAndroid Build Coastguard Worker
620*08b48e0bSAndroid Build Coastguard Worker } else {
621*08b48e0bSAndroid Build Coastguard Worker
622*08b48e0bSAndroid Build Coastguard Worker afl->stats_file_update_freq_msecs = stats_update_freq_sec * 1000;
623*08b48e0bSAndroid Build Coastguard Worker
624*08b48e0bSAndroid Build Coastguard Worker }
625*08b48e0bSAndroid Build Coastguard Worker
626*08b48e0bSAndroid Build Coastguard Worker }
627*08b48e0bSAndroid Build Coastguard Worker
628*08b48e0bSAndroid Build Coastguard Worker } else {
629*08b48e0bSAndroid Build Coastguard Worker
630*08b48e0bSAndroid Build Coastguard Worker i++;
631*08b48e0bSAndroid Build Coastguard Worker
632*08b48e0bSAndroid Build Coastguard Worker }
633*08b48e0bSAndroid Build Coastguard Worker
634*08b48e0bSAndroid Build Coastguard Worker }
635*08b48e0bSAndroid Build Coastguard Worker
636*08b48e0bSAndroid Build Coastguard Worker i = 0;
637*08b48e0bSAndroid Build Coastguard Worker while (match == 0 && afl_environment_variables[i] != NULL) {
638*08b48e0bSAndroid Build Coastguard Worker
639*08b48e0bSAndroid Build Coastguard Worker if (strncmp(env, afl_environment_variables[i],
640*08b48e0bSAndroid Build Coastguard Worker strlen(afl_environment_variables[i])) == 0 &&
641*08b48e0bSAndroid Build Coastguard Worker env[strlen(afl_environment_variables[i])] == '=') {
642*08b48e0bSAndroid Build Coastguard Worker
643*08b48e0bSAndroid Build Coastguard Worker match = 1;
644*08b48e0bSAndroid Build Coastguard Worker
645*08b48e0bSAndroid Build Coastguard Worker } else {
646*08b48e0bSAndroid Build Coastguard Worker
647*08b48e0bSAndroid Build Coastguard Worker i++;
648*08b48e0bSAndroid Build Coastguard Worker
649*08b48e0bSAndroid Build Coastguard Worker }
650*08b48e0bSAndroid Build Coastguard Worker
651*08b48e0bSAndroid Build Coastguard Worker }
652*08b48e0bSAndroid Build Coastguard Worker
653*08b48e0bSAndroid Build Coastguard Worker i = 0;
654*08b48e0bSAndroid Build Coastguard Worker while (match == 0 && afl_environment_deprecated[i] != NULL) {
655*08b48e0bSAndroid Build Coastguard Worker
656*08b48e0bSAndroid Build Coastguard Worker if (strncmp(env, afl_environment_deprecated[i],
657*08b48e0bSAndroid Build Coastguard Worker strlen(afl_environment_deprecated[i])) == 0 &&
658*08b48e0bSAndroid Build Coastguard Worker env[strlen(afl_environment_deprecated[i])] == '=') {
659*08b48e0bSAndroid Build Coastguard Worker
660*08b48e0bSAndroid Build Coastguard Worker match = 1;
661*08b48e0bSAndroid Build Coastguard Worker
662*08b48e0bSAndroid Build Coastguard Worker WARNF("AFL environment variable %s is deprecated!",
663*08b48e0bSAndroid Build Coastguard Worker afl_environment_deprecated[i]);
664*08b48e0bSAndroid Build Coastguard Worker issue_detected = 1;
665*08b48e0bSAndroid Build Coastguard Worker
666*08b48e0bSAndroid Build Coastguard Worker } else {
667*08b48e0bSAndroid Build Coastguard Worker
668*08b48e0bSAndroid Build Coastguard Worker i++;
669*08b48e0bSAndroid Build Coastguard Worker
670*08b48e0bSAndroid Build Coastguard Worker }
671*08b48e0bSAndroid Build Coastguard Worker
672*08b48e0bSAndroid Build Coastguard Worker }
673*08b48e0bSAndroid Build Coastguard Worker
674*08b48e0bSAndroid Build Coastguard Worker if (match == 0) {
675*08b48e0bSAndroid Build Coastguard Worker
676*08b48e0bSAndroid Build Coastguard Worker WARNF("Mistyped AFL environment variable: %s", env);
677*08b48e0bSAndroid Build Coastguard Worker issue_detected = 1;
678*08b48e0bSAndroid Build Coastguard Worker
679*08b48e0bSAndroid Build Coastguard Worker print_suggested_envs(env);
680*08b48e0bSAndroid Build Coastguard Worker
681*08b48e0bSAndroid Build Coastguard Worker }
682*08b48e0bSAndroid Build Coastguard Worker
683*08b48e0bSAndroid Build Coastguard Worker }
684*08b48e0bSAndroid Build Coastguard Worker
685*08b48e0bSAndroid Build Coastguard Worker }
686*08b48e0bSAndroid Build Coastguard Worker
687*08b48e0bSAndroid Build Coastguard Worker if (afl->afl_env.afl_pizza_mode > 0) {
688*08b48e0bSAndroid Build Coastguard Worker
689*08b48e0bSAndroid Build Coastguard Worker afl->pizza_is_served = 1;
690*08b48e0bSAndroid Build Coastguard Worker
691*08b48e0bSAndroid Build Coastguard Worker } else if (afl->afl_env.afl_pizza_mode < 0) {
692*08b48e0bSAndroid Build Coastguard Worker
693*08b48e0bSAndroid Build Coastguard Worker OKF("Pizza easter egg mode is now disabled.");
694*08b48e0bSAndroid Build Coastguard Worker
695*08b48e0bSAndroid Build Coastguard Worker }
696*08b48e0bSAndroid Build Coastguard Worker
697*08b48e0bSAndroid Build Coastguard Worker if (issue_detected) { sleep(2); }
698*08b48e0bSAndroid Build Coastguard Worker
699*08b48e0bSAndroid Build Coastguard Worker }
700*08b48e0bSAndroid Build Coastguard Worker
701*08b48e0bSAndroid Build Coastguard Worker /* Removes this afl_state instance and frees it. */
702*08b48e0bSAndroid Build Coastguard Worker
afl_state_deinit(afl_state_t * afl)703*08b48e0bSAndroid Build Coastguard Worker void afl_state_deinit(afl_state_t *afl) {
704*08b48e0bSAndroid Build Coastguard Worker
705*08b48e0bSAndroid Build Coastguard Worker if (afl->in_place_resume) { ck_free(afl->in_dir); }
706*08b48e0bSAndroid Build Coastguard Worker if (afl->sync_id) { ck_free(afl->out_dir); }
707*08b48e0bSAndroid Build Coastguard Worker if (afl->pass_stats) { ck_free(afl->pass_stats); }
708*08b48e0bSAndroid Build Coastguard Worker if (afl->orig_cmp_map) { ck_free(afl->orig_cmp_map); }
709*08b48e0bSAndroid Build Coastguard Worker if (afl->cmplog_binary) { ck_free(afl->cmplog_binary); }
710*08b48e0bSAndroid Build Coastguard Worker
711*08b48e0bSAndroid Build Coastguard Worker afl_free(afl->queue_buf);
712*08b48e0bSAndroid Build Coastguard Worker afl_free(afl->out_buf);
713*08b48e0bSAndroid Build Coastguard Worker afl_free(afl->out_scratch_buf);
714*08b48e0bSAndroid Build Coastguard Worker afl_free(afl->eff_buf);
715*08b48e0bSAndroid Build Coastguard Worker afl_free(afl->in_buf);
716*08b48e0bSAndroid Build Coastguard Worker afl_free(afl->in_scratch_buf);
717*08b48e0bSAndroid Build Coastguard Worker afl_free(afl->ex_buf);
718*08b48e0bSAndroid Build Coastguard Worker
719*08b48e0bSAndroid Build Coastguard Worker ck_free(afl->virgin_bits);
720*08b48e0bSAndroid Build Coastguard Worker ck_free(afl->virgin_tmout);
721*08b48e0bSAndroid Build Coastguard Worker ck_free(afl->virgin_crash);
722*08b48e0bSAndroid Build Coastguard Worker ck_free(afl->var_bytes);
723*08b48e0bSAndroid Build Coastguard Worker ck_free(afl->top_rated);
724*08b48e0bSAndroid Build Coastguard Worker ck_free(afl->clean_trace);
725*08b48e0bSAndroid Build Coastguard Worker ck_free(afl->clean_trace_custom);
726*08b48e0bSAndroid Build Coastguard Worker ck_free(afl->first_trace);
727*08b48e0bSAndroid Build Coastguard Worker ck_free(afl->map_tmp_buf);
728*08b48e0bSAndroid Build Coastguard Worker
729*08b48e0bSAndroid Build Coastguard Worker list_remove(&afl_states, afl);
730*08b48e0bSAndroid Build Coastguard Worker
731*08b48e0bSAndroid Build Coastguard Worker }
732*08b48e0bSAndroid Build Coastguard Worker
afl_states_stop(void)733*08b48e0bSAndroid Build Coastguard Worker void afl_states_stop(void) {
734*08b48e0bSAndroid Build Coastguard Worker
735*08b48e0bSAndroid Build Coastguard Worker /* We may be inside a signal handler.
736*08b48e0bSAndroid Build Coastguard Worker Set flags first, send kill signals to child proceses later. */
737*08b48e0bSAndroid Build Coastguard Worker LIST_FOREACH(&afl_states, afl_state_t, {
738*08b48e0bSAndroid Build Coastguard Worker
739*08b48e0bSAndroid Build Coastguard Worker el->stop_soon = 1;
740*08b48e0bSAndroid Build Coastguard Worker
741*08b48e0bSAndroid Build Coastguard Worker });
742*08b48e0bSAndroid Build Coastguard Worker
743*08b48e0bSAndroid Build Coastguard Worker LIST_FOREACH(&afl_states, afl_state_t, {
744*08b48e0bSAndroid Build Coastguard Worker
745*08b48e0bSAndroid Build Coastguard Worker /* NOTE: We need to make sure that the parent (the forkserver) reap the
746*08b48e0bSAndroid Build Coastguard Worker * child (see below). */
747*08b48e0bSAndroid Build Coastguard Worker if (el->fsrv.child_pid > 0)
748*08b48e0bSAndroid Build Coastguard Worker kill(el->fsrv.child_pid, el->fsrv.child_kill_signal);
749*08b48e0bSAndroid Build Coastguard Worker if (el->fsrv.fsrv_pid > 0) {
750*08b48e0bSAndroid Build Coastguard Worker
751*08b48e0bSAndroid Build Coastguard Worker kill(el->fsrv.fsrv_pid, el->fsrv.fsrv_kill_signal);
752*08b48e0bSAndroid Build Coastguard Worker /* Make sure the forkserver does not end up as zombie. */
753*08b48e0bSAndroid Build Coastguard Worker waitpid(el->fsrv.fsrv_pid, NULL, 0);
754*08b48e0bSAndroid Build Coastguard Worker
755*08b48e0bSAndroid Build Coastguard Worker }
756*08b48e0bSAndroid Build Coastguard Worker
757*08b48e0bSAndroid Build Coastguard Worker });
758*08b48e0bSAndroid Build Coastguard Worker
759*08b48e0bSAndroid Build Coastguard Worker }
760*08b48e0bSAndroid Build Coastguard Worker
afl_states_clear_screen(void)761*08b48e0bSAndroid Build Coastguard Worker void afl_states_clear_screen(void) {
762*08b48e0bSAndroid Build Coastguard Worker
763*08b48e0bSAndroid Build Coastguard Worker LIST_FOREACH(&afl_states, afl_state_t, { el->clear_screen = 1; });
764*08b48e0bSAndroid Build Coastguard Worker
765*08b48e0bSAndroid Build Coastguard Worker }
766*08b48e0bSAndroid Build Coastguard Worker
afl_states_request_skip(void)767*08b48e0bSAndroid Build Coastguard Worker void afl_states_request_skip(void) {
768*08b48e0bSAndroid Build Coastguard Worker
769*08b48e0bSAndroid Build Coastguard Worker LIST_FOREACH(&afl_states, afl_state_t, { el->skip_requested = 1; });
770*08b48e0bSAndroid Build Coastguard Worker
771*08b48e0bSAndroid Build Coastguard Worker }
772*08b48e0bSAndroid Build Coastguard Worker
773