Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(68)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/afl/src/libdislocator/libdislocator.so.c

Issue 2662883002: Roll AFL 2.31b:2.38b and switch coverage to use trace-pc-guard. (Closed)
Patch Set: Remove unneeded vuln_samples binaries. Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/afl/src/docs/vuln_samples/unzip-t-mem-corruption.zip ('k') | third_party/afl/src/llvm_mode/README.llvm » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 2
3 american fuzzy lop - dislocator, an abusive allocator 3 american fuzzy lop - dislocator, an abusive allocator
4 ----------------------------------------------------- 4 -----------------------------------------------------
5 5
6 Written and maintained by Michal Zalewski <lcamtuf@google.com> 6 Written and maintained by Michal Zalewski <lcamtuf@google.com>
7 7
8 Copyright 2016 Google Inc. All rights reserved. 8 Copyright 2016 Google Inc. All rights reserved.
9 9
10 Licensed under the Apache License, Version 2.0 (the "License"); 10 Licensed under the Apache License, Version 2.0 (the "License");
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
57 call_depth--; \ 57 call_depth--; \
58 } while (0) 58 } while (0)
59 59
60 /* Macro to count the number of pages needed to store a buffer: */ 60 /* Macro to count the number of pages needed to store a buffer: */
61 61
62 #define PG_COUNT(_l) (((_l) + (PAGE_SIZE - 1)) / PAGE_SIZE) 62 #define PG_COUNT(_l) (((_l) + (PAGE_SIZE - 1)) / PAGE_SIZE)
63 63
64 /* Canary & clobber bytes: */ 64 /* Canary & clobber bytes: */
65 65
66 #define ALLOC_CANARY 0xAACCAACC 66 #define ALLOC_CANARY 0xAACCAACC
67 #define ALLOC_CLOBBER 0x41 67 #define ALLOC_CLOBBER 0xCC
68 68
69 #define PTR_C(_p) (((u32*)(_p))[-1]) 69 #define PTR_C(_p) (((u32*)(_p))[-1])
70 #define PTR_L(_p) (((u32*)(_p))[-2]) 70 #define PTR_L(_p) (((u32*)(_p))[-2])
71 71
72 /* Configurable stuff (use AFL_LD_* to set): */ 72 /* Configurable stuff (use AFL_LD_* to set): */
73 73
74 static u32 max_mem = MAX_ALLOC; /* Max heap usage to permit */ 74 static u32 max_mem = MAX_ALLOC; /* Max heap usage to permit */
75 static u8 alloc_verbose, /* Additional debug messages */ 75 static u8 alloc_verbose, /* Additional debug messages */
76 hard_fail; /* abort() when max_mem exceeded? */ 76 hard_fail; /* abort() when max_mem exceeded? */
77 77
78 static __thread size_t total_mem; /* Currently allocated mem */ 78 static __thread size_t total_mem; /* Currently allocated mem */
79 79
80 static __thread u32 call_depth; /* To avoid recursion via fprintf() */ 80 static __thread u32 call_depth; /* To avoid recursion via fprintf() */
81 81
82 82
83 /* This is the main alloc function. It allocates one page more than necessary, 83 /* This is the main alloc function. It allocates one page more than necessary,
84 sets that tailing page to PROT_NONE, and then increments the return address 84 sets that tailing page to PROT_NONE, and then increments the return address
85 so that it is right-aligned to that boundary. Since it always uses mmap(), 85 so that it is right-aligned to that boundary. Since it always uses mmap(),
86 the returned memory will be zeroed. */ 86 the returned memory will be zeroed. */
87 87
88 static void* __dislocator_alloc(size_t len) { 88 static void* __dislocator_alloc(size_t len) {
89 89
90 void* ret; 90 void* ret;
91 91
92 if (total_mem + len > max_mem) { 92
93 if (total_mem + len > max_mem || total_mem + len < total_mem) {
93 94
94 if (hard_fail) 95 if (hard_fail)
95 FATAL("total allocs exceed %u MB", max_mem / 1024 / 1024); 96 FATAL("total allocs exceed %u MB", max_mem / 1024 / 1024);
96 97
97 DEBUGF("total allocs exceed %u MB, returning NULL", 98 DEBUGF("total allocs exceed %u MB, returning NULL",
98 max_mem / 1024 / 1024); 99 max_mem / 1024 / 1024);
99 100
100 return NULL; 101 return NULL;
101 102
102 } 103 }
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after
248 249
249 max_mem = atoi(tmp) * 1024 * 1024; 250 max_mem = atoi(tmp) * 1024 * 1024;
250 if (!max_mem) FATAL("Bad value for AFL_LD_LIMIT_MB"); 251 if (!max_mem) FATAL("Bad value for AFL_LD_LIMIT_MB");
251 252
252 } 253 }
253 254
254 alloc_verbose = !!getenv("AFL_LD_VERBOSE"); 255 alloc_verbose = !!getenv("AFL_LD_VERBOSE");
255 hard_fail = !!getenv("AFL_LD_HARD_FAIL"); 256 hard_fail = !!getenv("AFL_LD_HARD_FAIL");
256 257
257 } 258 }
OLDNEW
« no previous file with comments | « third_party/afl/src/docs/vuln_samples/unzip-t-mem-corruption.zip ('k') | third_party/afl/src/llvm_mode/README.llvm » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698