Hello community,
here is the log from the commit of package afl for openSUSE:Factory checked in
at 2016-05-05 08:12:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/afl (Old)
and /work/SRC/openSUSE:Factory/.afl.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "afl"
Changes:
--------
--- /work/SRC/openSUSE:Factory/afl/afl.changes 2016-04-28 16:57:13.000000000
+0200
+++ /work/SRC/openSUSE:Factory/.afl.new/afl.changes 2016-05-05
08:12:46.000000000 +0200
@@ -1,0 +2,9 @@
+Mon May 2 11:02:02 UTC 2016 - astie...@suse.com
+
+- afl 2.11b:
+ - Fixed a minor typo in instrumented_cmp
+ - Added a missing size check for deterministic insertion steps.
+ - Made an improvement to afl-gotcpu when -Z not used.
+ - Fixed a typo in post_library_png.so.c in experimental/
+
+-------------------------------------------------------------------
Old:
----
afl-2.10b.tgz
New:
----
afl-2.11b.tgz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ afl.spec ++++++
--- /var/tmp/diff_new_pack.xmdDHW/_old 2016-05-05 08:12:47.000000000 +0200
+++ /var/tmp/diff_new_pack.xmdDHW/_new 2016-05-05 08:12:47.000000000 +0200
@@ -17,7 +17,7 @@
Name: afl
-Version: 2.10b
+Version: 2.11b
Release: 0
Summary: American fuzzy lop is a security-oriented fuzzer
License: Apache-2.0
++++++ afl-2.10b.tgz -> afl-2.11b.tgz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-2.10b/Makefile new/afl-2.11b/Makefile
--- old/afl-2.10b/Makefile 2016-03-31 05:06:26.000000000 +0200
+++ new/afl-2.11b/Makefile 2016-04-27 20:55:27.000000000 +0200
@@ -14,7 +14,7 @@
#
PROGNAME = afl
-VERSION = 2.10b
+VERSION = 2.11b
PREFIX ?= /usr/local
BIN_PATH = $(PREFIX)/bin
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-2.10b/afl-fuzz.c new/afl-2.11b/afl-fuzz.c
--- old/afl-2.10b/afl-fuzz.c 2016-03-31 05:02:35.000000000 +0200
+++ new/afl-2.11b/afl-fuzz.c 2016-04-08 20:37:29.000000000 +0200
@@ -5750,6 +5750,11 @@
for (j = 0; j < extras_cnt; j++) {
+ if (len + extras[j].len > MAX_FILE) {
+ stage_max--;
+ continue;
+ }
+
/* Insert token */
memcpy(ex_tmp + i, extras[j].data, extras[j].len);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-2.10b/afl-gotcpu.c new/afl-2.11b/afl-gotcpu.c
--- old/afl-2.10b/afl-gotcpu.c 2016-03-08 08:09:26.000000000 +0100
+++ new/afl-2.11b/afl-gotcpu.c 2016-04-28 00:31:44.000000000 +0200
@@ -37,6 +37,7 @@
#include <sys/time.h>
#include <sys/times.h>
#include <sys/resource.h>
+#include <sys/wait.h>
#include "types.h"
#include "debug.h"
@@ -125,41 +126,57 @@
SAYF(cCYA "afl-gotcpu " cBRI VERSION cRST " by <lcam...@google.com>\n");
ACTF("Measuring per-core preemption rate (this will take %0.02f sec)...",
- ((double)CTEST_CORE_TRG_MS) * cpu_cnt / 1000);
+ ((double)CTEST_CORE_TRG_MS) / 1000);
for (i = 0; i < cpu_cnt; i++) {
- cpu_set_t c;
- u32 util_perc;
+ s32 fr = fork();
- CPU_ZERO(&c);
- CPU_SET(i, &c);
+ if (fr < 0) PFATAL("fork failed");
- if (sched_setaffinity(0, sizeof(c), &c))
- PFATAL("sched_setaffinity failed");
+ if (!fr) {
- util_perc = measure_preemption(CTEST_CORE_TRG_MS);
+ cpu_set_t c;
+ u32 util_perc;
- if (util_perc < 105) {
+ CPU_ZERO(&c);
+ CPU_SET(i, &c);
- SAYF(" Core #%u: " cLGN "AVAILABLE\n" cRST, i);
- maybe_cpus++;
- idle_cpus++;
+ if (sched_setaffinity(0, sizeof(c), &c))
+ PFATAL("sched_setaffinity failed");
- } else if (util_perc < 130) {
+ util_perc = measure_preemption(CTEST_CORE_TRG_MS);
- SAYF(" Core #%u: " cYEL "CAUTION " cRST "(%u%%)\n", i, util_perc);
- maybe_cpus++;
+ if (util_perc < 110) {
- } else {
+ SAYF(" Core #%u: " cLGN "AVAILABLE\n" cRST, i);
+ exit(0);
+
+ } else if (util_perc < 250) {
+
+ SAYF(" Core #%u: " cYEL "CAUTION " cRST "(%u%%)\n", i, util_perc);
+ exit(1);
+
+ }
SAYF(" Core #%u: " cLRD "OVERBOOKED " cRST "(%u%%)\n" cRST, i,
util_perc);
+ exit(2);
}
}
+ for (i = 0; i < cpu_cnt; i++) {
+
+ int ret;
+ if (waitpid(-1, &ret, 0) < 0) PFATAL("waitpid failed");
+
+ if (WEXITSTATUS(ret) == 0) idle_cpus++;
+ if (WEXITSTATUS(ret) <= 1) maybe_cpus++;
+
+ }
+
SAYF(cGRA "\n>>> ");
if (idle_cpus) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-2.10b/docs/ChangeLog new/afl-2.11b/docs/ChangeLog
--- old/afl-2.10b/docs/ChangeLog 2016-03-31 05:06:13.000000000 +0200
+++ new/afl-2.11b/docs/ChangeLog 2016-04-27 22:44:07.000000000 +0200
@@ -17,6 +17,19 @@
to get on with the times.
--------------
+Version 2.11b:
+--------------
+
+ - Fixed a minor typo in instrumented_cmp, spotted by Hanno Eissfeldt.
+
+ - Added a missing size check for deterministic insertion steps.
+
+ - Made an improvement to afl-gotcpu when -Z not used.
+
+ - Fixed a typo in post_library_png.so.c in experimental/. Spotted by Kostya
+ Serebryany.
+
+--------------
Version 2.10b:
--------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/afl-2.10b/docs/parallel_fuzzing.txt
new/afl-2.11b/docs/parallel_fuzzing.txt
--- old/afl-2.10b/docs/parallel_fuzzing.txt 2015-07-29 06:54:11.000000000
+0200
+++ new/afl-2.11b/docs/parallel_fuzzing.txt 2016-04-23 08:54:06.000000000
+0200
@@ -52,10 +52,10 @@
its own fuzzing when they are deemed interesting enough.
The only difference between the -M and -S modes is that the master instance
-will still perform deterministic checks; while the slaves will proceed straight
-to random tweaks. If you don't want to do deterministic fuzzing at all, it's OK
-to run all instances with -S. With very slow or complex targets, or when
running
-heavily parallelized jobs, this is usually a good plan.
+will still perform deterministic checks; while the secondary instances will
+proceed straight to random tweaks. If you don't want to do deterministic
+fuzzing at all, it's OK to run all instances with -S. With very slow or complex
+targets, or when running heavily parallelized jobs, this is usually a good
plan.
You can monitor the progress of your jobs from the command line with the
provided afl-whatsup tool. When the instances are no longer finding new paths,
@@ -160,11 +160,11 @@
monitor the overall fuzzing progress and decide when to stop. In this
mode, the most important signal is just that no new paths are being found
for a longer while. If you do not have a master instance, just pick any
-single slave and go by that.
+single secondary instance to watch and go by that.
You can also rely on that instance's output directory to collect the
synthesized corpus that covers all the noteworthy paths discovered anywhere
-within the fleet. The slave (-S) instances do not require any special
+within the fleet. Secondary (-S) instances do not require any special
monitoring, other than just making sure that they are up.
Keep in mind that crashing inputs are *not* automatically propagated to the
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/afl-2.10b/experimental/instrumented_cmp/instrumented_cmp.c
new/afl-2.11b/experimental/instrumented_cmp/instrumented_cmp.c
--- old/afl-2.10b/experimental/instrumented_cmp/instrumented_cmp.c
2015-02-27 16:40:36.000000000 +0100
+++ new/afl-2.11b/experimental/instrumented_cmp/instrumented_cmp.c
2016-04-01 16:22:59.000000000 +0200
@@ -1,6 +1,6 @@
/*
- A simple proof-of-concept for instrumented strcpy() or memcpy().
+ A simple proof-of-concept for instrumented strcmp() or memcmp().
Normally, afl-fuzz will have difficulty ever reaching the code behind
something like:
@@ -9,7 +9,7 @@
This is because the strcmp() operation is completely opaque to the tool.
A simple and non-invasive workaround that doesn't require complex code
- analysis is to replace strcpy(), memcpy(), and equivalents with
+ analysis is to replace strcmp(), memcmp(), and equivalents with
inlined, non-optimized code.
I am still evaluating the value of doing this, but for time being, here's
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/afl-2.10b/experimental/post_library/post_library_png.so.c
new/afl-2.11b/experimental/post_library/post_library_png.so.c
--- old/afl-2.10b/experimental/post_library/post_library_png.so.c
2015-03-04 09:29:09.000000000 +0100
+++ new/afl-2.11b/experimental/post_library/post_library_png.so.c
2016-04-27 22:43:27.000000000 +0200
@@ -67,7 +67,7 @@
/* Chunk checksum is calculated for chunk ID (dword) and the actual
payload. */
- real_cksum = ntohl(crc32(0, in_buf + pos + 4, chunk_len + 4));
+ real_cksum = htonl(crc32(0, in_buf + pos + 4, chunk_len + 4));
/* The in-file checksum is the last dword past the chunk data. */
