Hello community, here is the log from the commit of package afl for openSUSE:Factory checked in at 2016-05-05 08:12:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/afl (Old) and /work/SRC/openSUSE:Factory/.afl.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "afl" Changes: -------- --- /work/SRC/openSUSE:Factory/afl/afl.changes 2016-04-28 16:57:13.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.afl.new/afl.changes 2016-05-05 08:12:46.000000000 +0200 @@ -1,0 +2,9 @@ +Mon May 2 11:02:02 UTC 2016 - astie...@suse.com + +- afl 2.11b: + - Fixed a minor typo in instrumented_cmp + - Added a missing size check for deterministic insertion steps. + - Made an improvement to afl-gotcpu when -Z not used. + - Fixed a typo in post_library_png.so.c in experimental/ + +------------------------------------------------------------------- Old: ---- afl-2.10b.tgz New: ---- afl-2.11b.tgz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ afl.spec ++++++ --- /var/tmp/diff_new_pack.xmdDHW/_old 2016-05-05 08:12:47.000000000 +0200 +++ /var/tmp/diff_new_pack.xmdDHW/_new 2016-05-05 08:12:47.000000000 +0200 @@ -17,7 +17,7 @@ Name: afl -Version: 2.10b +Version: 2.11b Release: 0 Summary: American fuzzy lop is a security-oriented fuzzer License: Apache-2.0 ++++++ afl-2.10b.tgz -> afl-2.11b.tgz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-2.10b/Makefile new/afl-2.11b/Makefile --- old/afl-2.10b/Makefile 2016-03-31 05:06:26.000000000 +0200 +++ new/afl-2.11b/Makefile 2016-04-27 20:55:27.000000000 +0200 @@ -14,7 +14,7 @@ # PROGNAME = afl -VERSION = 2.10b +VERSION = 2.11b PREFIX ?= /usr/local BIN_PATH = $(PREFIX)/bin diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-2.10b/afl-fuzz.c new/afl-2.11b/afl-fuzz.c --- old/afl-2.10b/afl-fuzz.c 2016-03-31 05:02:35.000000000 +0200 +++ new/afl-2.11b/afl-fuzz.c 2016-04-08 20:37:29.000000000 +0200 @@ -5750,6 +5750,11 @@ for (j = 0; j < extras_cnt; j++) { + if (len + extras[j].len > MAX_FILE) { + stage_max--; + continue; + } + /* Insert token */ memcpy(ex_tmp + i, extras[j].data, extras[j].len); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-2.10b/afl-gotcpu.c new/afl-2.11b/afl-gotcpu.c --- old/afl-2.10b/afl-gotcpu.c 2016-03-08 08:09:26.000000000 +0100 +++ new/afl-2.11b/afl-gotcpu.c 2016-04-28 00:31:44.000000000 +0200 @@ -37,6 +37,7 @@ #include <sys/time.h> #include <sys/times.h> #include <sys/resource.h> +#include <sys/wait.h> #include "types.h" #include "debug.h" @@ -125,41 +126,57 @@ SAYF(cCYA "afl-gotcpu " cBRI VERSION cRST " by <lcam...@google.com>\n"); ACTF("Measuring per-core preemption rate (this will take %0.02f sec)...", - ((double)CTEST_CORE_TRG_MS) * cpu_cnt / 1000); + ((double)CTEST_CORE_TRG_MS) / 1000); for (i = 0; i < cpu_cnt; i++) { - cpu_set_t c; - u32 util_perc; + s32 fr = fork(); - CPU_ZERO(&c); - CPU_SET(i, &c); + if (fr < 0) PFATAL("fork failed"); - if (sched_setaffinity(0, sizeof(c), &c)) - PFATAL("sched_setaffinity failed"); + if (!fr) { - util_perc = measure_preemption(CTEST_CORE_TRG_MS); + cpu_set_t c; + u32 util_perc; - if (util_perc < 105) { + CPU_ZERO(&c); + CPU_SET(i, &c); - SAYF(" Core #%u: " cLGN "AVAILABLE\n" cRST, i); - maybe_cpus++; - idle_cpus++; + if (sched_setaffinity(0, sizeof(c), &c)) + PFATAL("sched_setaffinity failed"); - } else if (util_perc < 130) { + util_perc = measure_preemption(CTEST_CORE_TRG_MS); - SAYF(" Core #%u: " cYEL "CAUTION " cRST "(%u%%)\n", i, util_perc); - maybe_cpus++; + if (util_perc < 110) { - } else { + SAYF(" Core #%u: " cLGN "AVAILABLE\n" cRST, i); + exit(0); + + } else if (util_perc < 250) { + + SAYF(" Core #%u: " cYEL "CAUTION " cRST "(%u%%)\n", i, util_perc); + exit(1); + + } SAYF(" Core #%u: " cLRD "OVERBOOKED " cRST "(%u%%)\n" cRST, i, util_perc); + exit(2); } } + for (i = 0; i < cpu_cnt; i++) { + + int ret; + if (waitpid(-1, &ret, 0) < 0) PFATAL("waitpid failed"); + + if (WEXITSTATUS(ret) == 0) idle_cpus++; + if (WEXITSTATUS(ret) <= 1) maybe_cpus++; + + } + SAYF(cGRA "\n>>> "); if (idle_cpus) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-2.10b/docs/ChangeLog new/afl-2.11b/docs/ChangeLog --- old/afl-2.10b/docs/ChangeLog 2016-03-31 05:06:13.000000000 +0200 +++ new/afl-2.11b/docs/ChangeLog 2016-04-27 22:44:07.000000000 +0200 @@ -17,6 +17,19 @@ to get on with the times. -------------- +Version 2.11b: +-------------- + + - Fixed a minor typo in instrumented_cmp, spotted by Hanno Eissfeldt. + + - Added a missing size check for deterministic insertion steps. + + - Made an improvement to afl-gotcpu when -Z not used. + + - Fixed a typo in post_library_png.so.c in experimental/. Spotted by Kostya + Serebryany. + +-------------- Version 2.10b: -------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-2.10b/docs/parallel_fuzzing.txt new/afl-2.11b/docs/parallel_fuzzing.txt --- old/afl-2.10b/docs/parallel_fuzzing.txt 2015-07-29 06:54:11.000000000 +0200 +++ new/afl-2.11b/docs/parallel_fuzzing.txt 2016-04-23 08:54:06.000000000 +0200 @@ -52,10 +52,10 @@ its own fuzzing when they are deemed interesting enough. The only difference between the -M and -S modes is that the master instance -will still perform deterministic checks; while the slaves will proceed straight -to random tweaks. If you don't want to do deterministic fuzzing at all, it's OK -to run all instances with -S. With very slow or complex targets, or when running -heavily parallelized jobs, this is usually a good plan. +will still perform deterministic checks; while the secondary instances will +proceed straight to random tweaks. If you don't want to do deterministic +fuzzing at all, it's OK to run all instances with -S. With very slow or complex +targets, or when running heavily parallelized jobs, this is usually a good plan. You can monitor the progress of your jobs from the command line with the provided afl-whatsup tool. When the instances are no longer finding new paths, @@ -160,11 +160,11 @@ monitor the overall fuzzing progress and decide when to stop. In this mode, the most important signal is just that no new paths are being found for a longer while. If you do not have a master instance, just pick any -single slave and go by that. +single secondary instance to watch and go by that. You can also rely on that instance's output directory to collect the synthesized corpus that covers all the noteworthy paths discovered anywhere -within the fleet. The slave (-S) instances do not require any special +within the fleet. Secondary (-S) instances do not require any special monitoring, other than just making sure that they are up. Keep in mind that crashing inputs are *not* automatically propagated to the diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-2.10b/experimental/instrumented_cmp/instrumented_cmp.c new/afl-2.11b/experimental/instrumented_cmp/instrumented_cmp.c --- old/afl-2.10b/experimental/instrumented_cmp/instrumented_cmp.c 2015-02-27 16:40:36.000000000 +0100 +++ new/afl-2.11b/experimental/instrumented_cmp/instrumented_cmp.c 2016-04-01 16:22:59.000000000 +0200 @@ -1,6 +1,6 @@ /* - A simple proof-of-concept for instrumented strcpy() or memcpy(). + A simple proof-of-concept for instrumented strcmp() or memcmp(). Normally, afl-fuzz will have difficulty ever reaching the code behind something like: @@ -9,7 +9,7 @@ This is because the strcmp() operation is completely opaque to the tool. A simple and non-invasive workaround that doesn't require complex code - analysis is to replace strcpy(), memcpy(), and equivalents with + analysis is to replace strcmp(), memcmp(), and equivalents with inlined, non-optimized code. I am still evaluating the value of doing this, but for time being, here's diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/afl-2.10b/experimental/post_library/post_library_png.so.c new/afl-2.11b/experimental/post_library/post_library_png.so.c --- old/afl-2.10b/experimental/post_library/post_library_png.so.c 2015-03-04 09:29:09.000000000 +0100 +++ new/afl-2.11b/experimental/post_library/post_library_png.so.c 2016-04-27 22:43:27.000000000 +0200 @@ -67,7 +67,7 @@ /* Chunk checksum is calculated for chunk ID (dword) and the actual payload. */ - real_cksum = ntohl(crc32(0, in_buf + pos + 4, chunk_len + 4)); + real_cksum = htonl(crc32(0, in_buf + pos + 4, chunk_len + 4)); /* The in-file checksum is the last dword past the chunk data. */