Hello community,
here is the log from the commit of package afl for openSUSE:Factory checked in
at 2015-08-12 15:12:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/afl (Old)
and /work/SRC/openSUSE:Factory/.afl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "afl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/afl/afl.changes 2015-08-07 00:24:05.000000000
+0200
+++ /work/SRC/openSUSE:Factory/.afl.new/afl.changes 2015-08-12
15:13:00.000000000 +0200
@@ -1,0 +2,7 @@
+Mon Aug 10 19:49:56 UTC 2015 - astie...@suse.com
+
+- afl 1.86b:
+ * Added support for AFL_SKIP_CRASHES
+ * Removed the hard-fail terminal size check
+
+-------------------------------------------------------------------
Old:
----
afl-1.85b.tgz
New:
----
afl-1.86b.tgz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ afl.spec ++++++
--- /var/tmp/diff_new_pack.J1oWgy/_old 2015-08-12 15:13:01.000000000 +0200
+++ /var/tmp/diff_new_pack.J1oWgy/_new 2015-08-12 15:13:01.000000000 +0200
@@ -17,7 +17,7 @@
Name: afl
-Version: 1.85b
+Version: 1.86b
Release: 0
Summary: American fuzzy lop is a security-oriented fuzzer
License: Apache-2.0
++++++ afl-1.85b.tgz -> afl-1.86b.tgz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.85b/Makefile new/afl-1.86b/Makefile
--- old/afl-1.85b/Makefile 2015-08-01 04:44:56.000000000 +0200
+++ new/afl-1.86b/Makefile 2015-08-09 06:26:31.000000000 +0200
@@ -14,7 +14,7 @@
#
PROGNAME = afl
-VERSION = 1.85b
+VERSION = 1.86b
PREFIX ?= /usr/local
BIN_PATH = $(PREFIX)/bin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.85b/afl-fuzz.c new/afl-1.86b/afl-fuzz.c
--- old/afl-1.85b/afl-fuzz.c 2015-07-04 21:36:50.000000000 +0200
+++ new/afl-1.86b/afl-fuzz.c 2015-08-09 06:34:48.000000000 +0200
@@ -88,6 +88,7 @@
resuming_fuzz, /* Resuming an older fuzzing job? */
timeout_given, /* Specific timeout given? */
not_on_tty, /* stdout is not a tty */
+ term_too_small, /* terminal dimensions too small */
uses_asan, /* Target uses ASAN? */
no_forkserver, /* Disable forkserver? */
crash_mode, /* Crash mode! Yeah! */
@@ -2491,8 +2492,8 @@
static void perform_dry_run(char** argv) {
struct queue_entry* q = queue;
- u32 id = 0;
u32 cal_failures = 0;
+ u8* skip_crashes = getenv("AFL_SKIP_CRASHES");
while (q) {
@@ -2576,6 +2577,13 @@
if (crash_mode) break;
+ if (skip_crashes) {
+ WARNF("Test case results in a crash (skipping)");
+ q->cal_failed = CAL_CHANCES;
+ cal_failures++;
+ break;
+ }
+
if (mem_limit) {
SAYF("\n" cLRD "[-] " cRST
@@ -2660,17 +2668,18 @@
if (q->var_behavior) WARNF("Instrumentation output varies across runs.");
q = q->next;
- id++;
}
if (cal_failures) {
if (cal_failures == queued_paths)
- FATAL("All test cases time out, giving up!");
+ FATAL("All test cases time out%s, giving up!",
+ skip_crashes ? " or crash" : "");
- WARNF("Skipped %u test cases (%0.02f%%) due to timeouts.", cal_failures,
- ((double)cal_failures) * 100 / queued_paths);
+ WARNF("Skipped %u test cases (%0.02f%%) due to timeouts%s.", cal_failures,
+ ((double)cal_failures) * 100 / queued_paths,
+ skip_crashes ? " or crashes" : "");
if (cal_failures * 5 > queued_paths)
WARNF(cLRD "High percentage of rejected test cases, check settings!");
@@ -3605,6 +3614,9 @@
}
+static void check_term_size(void);
+
+
/* A spiffy retro stats screen! This is called every stats_update_freq
execve() calls, plus in several other circumstances. */
@@ -3700,10 +3712,21 @@
SAYF(TERM_CLEAR CURSOR_HIDE);
clear_screen = 0;
+ check_term_size();
+
}
SAYF(TERM_HOME);
+ if (term_too_small) {
+
+ SAYF(cBRI "Your terminal is too small to display the UI.\n"
+ "Please resize terminal window to at least 80x25.\n" cNOR);
+
+ return;
+
+ }
+
/* Let's start by drawing a centered banner. */
banner_len = (crash_mode ? 24 : 22) + strlen(VERSION) + strlen(use_banner);
@@ -3916,7 +3939,7 @@
sprintf(tmp, "%s/%s, %s/%s, %s/%s",
DI(stage_finds[STAGE_FLIP1]), DI(stage_cycles[STAGE_FLIP1]),
- DI(stage_finds[STAGE_FLIP4]), DI(stage_cycles[STAGE_FLIP2]),
+ DI(stage_finds[STAGE_FLIP2]), DI(stage_cycles[STAGE_FLIP2]),
DI(stage_finds[STAGE_FLIP4]), DI(stage_cycles[STAGE_FLIP4]));
}
@@ -6618,9 +6641,9 @@
}
-/* Check terminal dimensions. */
+/* Check if we're on TTY. */
-static void check_terminal(void) {
+static void check_if_tty(void) {
struct winsize ws;
@@ -6634,19 +6657,20 @@
return;
}
- if (ws.ws_row < 25 || ws.ws_col < 80) {
+}
- SAYF("\n" cLRD "[-] " cRST
- "Oops, your terminal window seems to be smaller than 80 x 25
characters.\n"
- " That's not enough for afl-fuzz to correctly draw its fancy ANSI
UI!\n\n"
- " Depending on the terminal software you are using, you should be
able to\n"
- " resize the window by dragging its edges, or to adjust the
dimensions in\n"
- " the settings menu.\n");
+/* Check terminal dimensions after resize. */
- FATAL("Please resize terminal to 80x25 or more");
+static void check_term_size(void) {
- }
+ struct winsize ws;
+
+ term_too_small = 0;
+
+ if (ioctl(1, TIOCGWINSZ, &ws)) return;
+
+ if (ws.ws_row < 25 || ws.ws_col < 80) term_too_small = 1;
}
@@ -7481,7 +7505,7 @@
fix_up_banner(argv[optind]);
- check_terminal();
+ check_if_tty();
get_core_count();
check_crash_handling();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.85b/docs/ChangeLog new/afl-1.86b/docs/ChangeLog
--- old/afl-1.85b/docs/ChangeLog 2015-08-01 04:44:35.000000000 +0200
+++ new/afl-1.86b/docs/ChangeLog 2015-08-09 06:24:23.000000000 +0200
@@ -17,6 +17,18 @@
to get on with the times.
--------------
+Version 1.86b:
+--------------
+
+ - Added support for AFL_SKIP_CRASHES, which is a very hackish solution to
+ the problem of resuming sessions with intermittently crashing inputs.
+
+ - Removed the hard-fail terminal size check, replaced with a dynamic
+ warning shown in place of the UI. Based on feedback from Christian Holler.
+
+ - Fixed a minor typo in show_stats. Spotted by Dingbao Xie.
+
+--------------
Version 1.85b:
--------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.85b/docs/README new/afl-1.86b/docs/README
--- old/afl-1.85b/docs/README 2015-08-01 04:44:49.000000000 +0200
+++ new/afl-1.86b/docs/README 2015-08-09 06:09:32.000000000 +0200
@@ -427,6 +427,7 @@
Keegan McAllister Kostya Serebryany
Richo Healey Martijn Bogaard
rc0r Jonathan Foote
+ Christian Holler
Thank you!
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.85b/docs/env_variables.txt
new/afl-1.86b/docs/env_variables.txt
--- old/afl-1.85b/docs/env_variables.txt 2015-06-11 08:42:08.000000000
+0200
+++ new/afl-1.86b/docs/env_variables.txt 2015-08-09 06:26:17.000000000
+0200
@@ -107,6 +107,11 @@
normally indicated by the cycle counter in the UI turning green. May be
convenient for some types of automated jobs.
+ - AFL_SKIP_CRASHES causes AFL to tolerate crashing files in the input
+ queue. This can help with rare situations where a program crashes only
+ intermittently, but it's not really recommended under normal operating
+ conditions.
+
- When developing custom instrumentation on top of afl-fuzz, you can use
AFL_SKIP_BIN_CHECK to inhibit the checks for non-instrumented binaries
and shell scripts; and AFL_DUMB_FORKSRV in conjunction with the -n
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.85b/docs/notes_for_asan.txt
new/afl-1.86b/docs/notes_for_asan.txt
--- old/afl-1.85b/docs/notes_for_asan.txt 2015-04-17 02:19:08.000000000
+0200
+++ new/afl-1.86b/docs/notes_for_asan.txt 2015-08-07 17:16:17.000000000
+0200
@@ -109,3 +109,16 @@
emulation, so please do not try to use them with the -Q option; QEMU doesn't
seem to appreciate the shadow VM trick used by these tools, and will likely
just allocate all your physical memory, then crash.
+
+4) What about UBSAN?
+--------------------
+
+Some folks expressed interest in fuzzing with UBSAN. This isn't officially
+supported, because many installations of UBSAN don't offer a consistent way
+to abort() on fault conditions or to terminate with a distinctive exit code.
+
+That said, some versions of the library can be binary-patched to address this
+issue, while newer releases support explicit compile-time flags - see this
+mailing list thread for tips:
+
+ https://groups.google.com/forum/#!topic/afl-users/GyeSBJt4M38
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-1.85b/docs/sister_projects.txt
new/afl-1.86b/docs/sister_projects.txt
--- old/afl-1.85b/docs/sister_projects.txt 2015-07-27 07:34:57.000000000
+0200
+++ new/afl-1.86b/docs/sister_projects.txt 2015-08-06 19:35:02.000000000
+0200
@@ -21,7 +21,7 @@
Go-fuzz (Dmitry Vyukov)
-----------------------
- AFL-style guided fuzzing approach for Go targets:
+ AFL-inspired guided fuzzing approach for Go targets:
https://github.com/dvyukov/go-fuzz
@@ -154,6 +154,13 @@
Narrow-purpose or experimental:
-------------------------------
+Pause and resume scripts (Ben Nagy)
+-----------------------------------
+
+ Simple automation to suspend and resume groups of fuzzing jobs.
+
+ https://gist.github.com/bnagy/8f0eb29eb125653f73fd
+
Static binary-only instrumentation (Aleksandar Nikolich)
--------------------------------------------------------
