afl-cc: Don't offer __AFL_INIT() etc. in GCC/CLANG modes #1698
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
instrumentation/README.persistent_mode.md documents in the section about
deferred forkserver initialization:
> With the location selected, add this code in the appropriate spot:
>
> ```c
> #ifdef __AFL_HAVE_MANUAL_CONTROL
> __AFL_INIT();
> #endif
> ```
>
> You don't need the #ifdef guards, but including them ensures that the program
> will keep working normally when compiled with a tool other than afl-clang-fast/
> afl-clang-lto/afl-gcc-fast.
>
> Finally, recompile the program with afl-clang-fast/afl-clang-lto/afl-gcc-fast
> (afl-gcc or afl-clang will *not* generate a deferred-initialization binary) -
> and you should be all set!
This strongly implies that you can compile a program that uses __AFL_INIT()
under an `#ifdef __AFL_HAVE_MANUAL_CONTROL` guard with afl-gcc/-clang.
However, this currently fails:
$ cat example.c
#include <stdio.h>
int main(void) {
#ifdef __AFL_HAVE_MANUAL_CONTROL
__AFL_INIT();
#endif
puts("Hello");
}
$ afl-gcc example.c -o example
afl-cc++4.06a by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: GCC-GCC
[!] WARNING: You are using outdated instrumentation, install LLVM and/or gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast instead!
afl-as++4.06a by Michal Zalewski
[+] Instrumented 1 locations (64-bit, non-hardened mode, ratio 100%).
/usr/bin/ld: /tmp/ccuJHcpt.o: in function `main':
/home/jn/dev/fuzz/AFLplusplus/example.c:5: undefined reference to `__afl_manual_init'
collect2: error: ld returned 1 exit status
The issue here is an inconsistency in afl-gcc (i.e. afl-cc operating in GCC mode):
- afl-cc defines __AFL_HAVE_MANUAL_CONTROL and __AFL_INIT unconditionally
- __AFL_INIT relies on __afl_manual_init, which is defined in afl-compiler-rt.o
- afl-cc doesn't link afl-compiler-rt in GCC or CLANG mode
Since afl-gcc/-clang is documented as not supporting deferred forkserver
initialization, this patch omits the definitions of __AFL_HAVE_MANUAL_CONTROL
and related macros in GCC/CLANG mode.
This restores the ability to compile a deferred-forkserver program under
afl-gcc, if it can also be compiled under gcc.
[ In case someone reads this an feels adventurous enough (as I did) to
think about enabling deferred forkserver under afl-gcc: Whether the
deferred forkserver actually works can be verified by placing a
usleep(100000) or similar at the start of main (before __AFL_INIT()),
and watching the execution speed. It doesn't work. ]
Member
|
looks good thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
instrumentation/README.persistent_mode.md documents in the section about deferred forkserver initialization:
This strongly implies that you can compile a program that uses __AFL_INIT() under an
#ifdef __AFL_HAVE_MANUAL_CONTROLguard with afl-gcc/-clang.However, this currently fails:
$ cat example.c
#include <stdio.h>
int main(void) {
#ifdef __AFL_HAVE_MANUAL_CONTROL
__AFL_INIT();
#endif
}
$ afl-gcc example.c -o example
afl-cc++4.06a by Michal Zalewski, Laszlo Szekeres, Marc Heuse - mode: GCC-GCC
[!] WARNING: You are using outdated instrumentation, install LLVM and/or gcc-plugin and use afl-clang-fast/afl-clang-lto/afl-gcc-fast instead!
afl-as++4.06a by Michal Zalewski
[+] Instrumented 1 locations (64-bit, non-hardened mode, ratio 100%).
/usr/bin/ld: /tmp/ccuJHcpt.o: in function
main': /home/jn/dev/fuzz/AFLplusplus/example.c:5: undefined reference to__afl_manual_init'collect2: error: ld returned 1 exit status
The issue here is an inconsistency in afl-gcc (i.e. afl-cc operating in GCC mode):
Since afl-gcc/-clang is documented as not supporting deferred forkserver initialization, this patch omits the definitions of __AFL_HAVE_MANUAL_CONTROL and related macros in GCC/CLANG mode.
This restores the ability to compile a deferred-forkserver program under afl-gcc, if it can also be compiled under gcc.
[ In case someone reads this an feels adventurous enough (as I did) to
think about enabling deferred forkserver under afl-gcc: Whether the
deferred forkserver actually works can be verified by placing a
usleep(100000) or similar at the start of main (before __AFL_INIT()),
and watching the execution speed. It doesn't work. ]