Android PR integration
diff --git a/afl-whatsup b/afl-whatsup
index 2666d20..01f28aa 100755
--- a/afl-whatsup
+++ b/afl-whatsup
@@ -61,7 +61,7 @@
CUR_TIME=`date +%s`
-TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1
+TMP=`mktemp -t .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || TMP=`mktemp -p /data/local/tmp .afl-whatsup-XXXXXXXX` || exit 1
ALIVE_CNT=0
DEAD_CNT=0
diff --git a/docs/ChangeLog b/docs/ChangeLog
index c488c61..d7963d4 100644
--- a/docs/ChangeLog
+++ b/docs/ChangeLog
@@ -27,6 +27,7 @@
- ripped regex.dictionary from Google afl PR
- qemu and unicorn download scripts now try to download until the full
download succeeded. f*ckin travis fails downloading 40% of the time!
+ - added the few Android stuff we didnt have already from Google afl repository
- removed unnecessary warnings
- added the radamsa stage
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 342205d..8717519 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -552,7 +552,7 @@
u32 count_bits(u8*);
u32 count_bytes(u8*);
u32 count_non_255_bytes(u8*);
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
void simplify_trace(u64*);
void classify_counts(u64*);
#else
diff --git a/include/android-ashmem.h b/include/android-ashmem.h
index f4d3173..984df4d 100644
--- a/include/android-ashmem.h
+++ b/include/android-ashmem.h
@@ -63,7 +63,7 @@
}
static inline int shmget(key_t __key, size_t __size, int __shmflg) {
-
+ (void) __shmflg;
int fd, ret;
char ourkey[11];
@@ -86,7 +86,7 @@
}
static inline void *shmat(int __shmid, const void *__shmaddr, int __shmflg) {
-
+ (void) __shmflg;
int size;
void *ptr;
diff --git a/include/config.h b/include/config.h
index 144d381..9c90155 100644
--- a/include/config.h
+++ b/include/config.h
@@ -52,13 +52,18 @@
#define EXEC_TM_ROUND 20
+/* 64bit arch MACRO */
+#if (defined (__x86_64__) || defined (__arm64__) || defined (__aarch64__))
+#define WORD_SIZE_64 1
+#endif
+
/* Default memory limit for child process (MB): */
-#ifndef __x86_64__
+#ifndef WORD_SIZE_64
#define MEM_LIMIT 25
#else
#define MEM_LIMIT 50
-#endif /* ^!__x86_64__ */
+#endif /* ^!WORD_SIZE_64 */
/* Default memory limit when running in QEMU mode (MB): */
diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
index b224349..b245cef 100644
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@@ -205,6 +205,7 @@
u8* cur = *(++argv);
if (!strcmp(cur, "-m32")) bit_mode = 32;
+ if (!strcmp(cur, "armv7a-linux-androideabi")) bit_mode = 32;
if (!strcmp(cur, "-m64")) bit_mode = 64;
if (!strcmp(cur, "-x")) x_set = 1;
diff --git a/src/afl-as.c b/src/afl-as.c
index 312ae0a..a0ebb2e 100644
--- a/src/afl-as.c
+++ b/src/afl-as.c
@@ -71,7 +71,7 @@
instrumentation for whichever mode we were compiled with. This is not
perfect, but should do the trick for almost all use cases. */
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
static u8 use_64bit = 1;
@@ -83,7 +83,7 @@
#error "Sorry, 32-bit Apple platforms are not supported."
#endif /* __APPLE__ */
-#endif /* ^__x86_64__ */
+#endif /* ^WORD_SIZE_64 */
/* Examine and modify parameters to pass to 'as'. Note that the file name
is always the last parameter passed by GCC, so we exploit this property
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index 2287662..5d629cc 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -73,7 +73,7 @@
u8 has_new_bits(u8* virgin_map) {
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
u64* current = (u64*)trace_bits;
u64* virgin = (u64*)virgin_map;
@@ -87,7 +87,7 @@
u32 i = (MAP_SIZE >> 2);
-#endif /* ^__x86_64__ */
+#endif /* ^WORD_SIZE_64 */
u8 ret = 0;
@@ -107,7 +107,7 @@
/* Looks like we have not found any new bytes yet; see if any non-zero
bytes in current[] are pristine in virgin[]. */
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
if ((cur[0] && vir[0] == 0xff) || (cur[1] && vir[1] == 0xff) ||
(cur[2] && vir[2] == 0xff) || (cur[3] && vir[3] == 0xff) ||
@@ -125,7 +125,7 @@
else
ret = 1;
-#endif /* ^__x86_64__ */
+#endif /* ^WORD_SIZE_64 */
}
@@ -244,7 +244,7 @@
};
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
void simplify_trace(u64* mem) {
@@ -306,7 +306,7 @@
}
-#endif /* ^__x86_64__ */
+#endif /* ^WORD_SIZE_64 */
/* Destructively classify execution counts in a trace. This is used as a
preprocessing step for any newly acquired traces. Called on every exec,
@@ -339,7 +339,7 @@
}
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
void classify_counts(u64* mem) {
@@ -391,7 +391,7 @@
}
-#endif /* ^__x86_64__ */
+#endif /* ^WORD_SIZE_64 */
/* Compact trace bytes into a smaller bitmap. We effectively just drop the
count information here. This is called only sporadically, for some
@@ -595,11 +595,11 @@
if (!dumb_mode) {
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
simplify_trace((u64*)trace_bits);
#else
simplify_trace((u32*)trace_bits);
-#endif /* ^__x86_64__ */
+#endif /* ^WORD_SIZE_64 */
if (!has_new_bits(virgin_tmout)) return keeping;
@@ -658,11 +658,11 @@
if (!dumb_mode) {
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
simplify_trace((u64*)trace_bits);
#else
simplify_trace((u32*)trace_bits);
-#endif /* ^__x86_64__ */
+#endif /* ^WORD_SIZE_64 */
if (!has_new_bits(virgin_crash)) return keeping;
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index e12b06e..c5035b6 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -221,11 +221,11 @@
tb4 = *(u32*)trace_bits;
-#ifdef __x86_64__
+#ifdef WORD_SIZE_64
classify_counts((u64*)trace_bits);
#else
classify_counts((u32*)trace_bits);
-#endif /* ^__x86_64__ */
+#endif /* ^WORD_SIZE_64 */
prev_timed_out = child_timed_out;
diff --git a/src/afl-gcc.c b/src/afl-gcc.c
index e0706a5..9663b75 100644
--- a/src/afl-gcc.c
+++ b/src/afl-gcc.c
@@ -121,7 +121,7 @@
u8 fortify_set = 0, asan_set = 0;
u8* name;
-#if defined(__FreeBSD__) && defined(__x86_64__)
+#if defined(__FreeBSD__) && defined(WORD_SIZE_64)
u8 m32_set = 0;
#endif
@@ -228,7 +228,7 @@
if (!strcmp(cur, "-pipe")) continue;
-#if defined(__FreeBSD__) && defined(__x86_64__)
+#if defined(__FreeBSD__) && defined(WORD_SIZE_64)
if (!strcmp(cur, "-m32")) m32_set = 1;
#endif
@@ -288,7 +288,7 @@
if (!getenv("AFL_DONT_OPTIMIZE")) {
-#if defined(__FreeBSD__) && defined(__x86_64__)
+#if defined(__FreeBSD__) && defined(WORD_SIZE_64)
/* On 64-bit FreeBSD systems, clang -g -m32 is broken, but -m32 itself
works OK. This has nothing to do with us, but let's avoid triggering
diff --git a/src/afl-gotcpu.c b/src/afl-gotcpu.c
index fe5d035..e09f098 100644
--- a/src/afl-gotcpu.c
+++ b/src/afl-gotcpu.c
@@ -204,7 +204,7 @@
#if defined(__linux__)
if (sched_setaffinity(0, sizeof(c), &c))
- PFATAL("sched_setaffinity failed");
+ PFATAL("sched_setaffinity failed for cpu %d", i);
#endif
util_perc = measure_preemption(CTEST_CORE_TRG_MS);
