AFLplusplus/src/afl-showmap.c

*08b48e0bSAndroid Build Coastguard Worker/*
*08b48e0bSAndroid Build Coastguard Worker   american fuzzy lop++ - map display utility
*08b48e0bSAndroid Build Coastguard Worker   ------------------------------------------
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker   Originally written by Michal Zalewski
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker   Forkserver design by Jann Horn <[email protected]>
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker   Now maintained by Marc Heuse <[email protected]>,
*08b48e0bSAndroid Build Coastguard Worker                        Heiko Eißfeldt <[email protected]> and
*08b48e0bSAndroid Build Coastguard Worker                        Andrea Fioraldi <[email protected]> and
*08b48e0bSAndroid Build Coastguard Worker                        Dominik Maier <[email protected]>
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker   Copyright 2016, 2017 Google Inc. All rights reserved.
*08b48e0bSAndroid Build Coastguard Worker   Copyright 2019-2024 AFLplusplus Project. All rights reserved.
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker   Licensed under the Apache License, Version 2.0 (the "License");
*08b48e0bSAndroid Build Coastguard Worker   you may not use this file except in compliance with the License.
*08b48e0bSAndroid Build Coastguard Worker   You may obtain a copy of the License at:
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker     https://www.apache.org/licenses/LICENSE-2.0
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker   A very simple tool that runs the targeted binary and displays
*08b48e0bSAndroid Build Coastguard Worker   the contents of the trace bitmap in a human-readable form. Useful in
*08b48e0bSAndroid Build Coastguard Worker   scripts to eliminate redundant inputs and perform other checks.
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker   Exit code is 2 if the target program crashes; 1 if it times out or
*08b48e0bSAndroid Build Coastguard Worker   there is a problem executing it; or 0 if execution is successful.
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#define AFL_MAIN
*08b48e0bSAndroid Build Coastguard Worker#define AFL_SHOWMAP
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#include "config.h"
*08b48e0bSAndroid Build Coastguard Worker#include "afl-fuzz.h"
*08b48e0bSAndroid Build Coastguard Worker#include "types.h"
*08b48e0bSAndroid Build Coastguard Worker#include "debug.h"
*08b48e0bSAndroid Build Coastguard Worker#include "alloc-inl.h"
*08b48e0bSAndroid Build Coastguard Worker#include "hash.h"
*08b48e0bSAndroid Build Coastguard Worker#include "sharedmem.h"
*08b48e0bSAndroid Build Coastguard Worker#include "forkserver.h"
*08b48e0bSAndroid Build Coastguard Worker#include "common.h"
*08b48e0bSAndroid Build Coastguard Worker#include "hash.h"
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#include <stdio.h>
*08b48e0bSAndroid Build Coastguard Worker#include <unistd.h>
*08b48e0bSAndroid Build Coastguard Worker#include <stdlib.h>
*08b48e0bSAndroid Build Coastguard Worker#include <string.h>
*08b48e0bSAndroid Build Coastguard Worker#include <time.h>
*08b48e0bSAndroid Build Coastguard Worker#include <errno.h>
*08b48e0bSAndroid Build Coastguard Worker#include <signal.h>
*08b48e0bSAndroid Build Coastguard Worker#include <dirent.h>
*08b48e0bSAndroid Build Coastguard Worker#include <fcntl.h>
*08b48e0bSAndroid Build Coastguard Worker#include <limits.h>
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#include <dirent.h>
*08b48e0bSAndroid Build Coastguard Worker#include <sys/wait.h>
*08b48e0bSAndroid Build Coastguard Worker#include <sys/time.h>
*08b48e0bSAndroid Build Coastguard Worker#ifndef USEMMAP
*08b48e0bSAndroid Build Coastguard Worker  #include <sys/shm.h>
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker#include <sys/stat.h>
*08b48e0bSAndroid Build Coastguard Worker#include <sys/types.h>
*08b48e0bSAndroid Build Coastguard Worker#include <sys/resource.h>
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic afl_state_t *afl;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic char *stdin_file;               /* stdin file                        */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic u8 *in_dir = NULL,              /* input folder                      */
*08b48e0bSAndroid Build Coastguard Worker    *out_file = NULL,                  /* output file or directory          */
*08b48e0bSAndroid Build Coastguard Worker        *at_file = NULL,               /* Substitution string for @@        */
*08b48e0bSAndroid Build Coastguard Worker            *in_filelist = NULL;       /* input file list                   */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic u8 outfile[PATH_MAX];
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic u8 *in_data,                    /* Input data                        */
*08b48e0bSAndroid Build Coastguard Worker    *coverage_map;                     /* Coverage map                      */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic u64 total;                      /* tuple content information         */
*08b48e0bSAndroid Build Coastguard Workerstatic u32 tcnt, highest;              /* tuple content information         */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic u32 in_len;                     /* Input data length                 */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic u32 map_size = MAP_SIZE, timed_out = 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic bool quiet_mode,                /* Hide non-essential messages?      */
*08b48e0bSAndroid Build Coastguard Worker    edges_only,                        /* Ignore hit counts?                */
*08b48e0bSAndroid Build Coastguard Worker    raw_instr_output,                  /* Do not apply AFL filters          */
*08b48e0bSAndroid Build Coastguard Worker    cmin_mode,                         /* Generate output in afl-cmin mode? */
*08b48e0bSAndroid Build Coastguard Worker    binary_mode,                       /* Write output as a binary map      */
*08b48e0bSAndroid Build Coastguard Worker    keep_cores,                        /* Allow coredumps?                  */
*08b48e0bSAndroid Build Coastguard Worker    remove_shm = true,                 /* remove shmem?                     */
*08b48e0bSAndroid Build Coastguard Worker    collect_coverage,                  /* collect coverage                  */
*08b48e0bSAndroid Build Coastguard Worker    have_coverage,                     /* have coverage?                    */
*08b48e0bSAndroid Build Coastguard Worker    no_classify,                       /* do not classify counts            */
*08b48e0bSAndroid Build Coastguard Worker    debug,                             /* debug mode                        */
*08b48e0bSAndroid Build Coastguard Worker    print_filenames,                   /* print the current filename        */
*08b48e0bSAndroid Build Coastguard Worker    wait_for_gdb;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic volatile u8 stop_soon,          /* Ctrl-C pressed?                   */
*08b48e0bSAndroid Build Coastguard Worker    child_crashed;                     /* Child crashed?                    */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic sharedmem_t       shm;
*08b48e0bSAndroid Build Coastguard Workerstatic afl_forkserver_t *fsrv;
*08b48e0bSAndroid Build Coastguard Workerstatic sharedmem_t      *shm_fuzz;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Classify tuple counts. Instead of mapping to individual bits, as in
*08b48e0bSAndroid Build Coastguard Worker   afl-fuzz.c, we map to more user-friendly numbers between 1 and 8. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic const u8 count_class_human[256] = {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    [0] = 0,          [1] = 1,        [2] = 2,         [3] = 3,
*08b48e0bSAndroid Build Coastguard Worker    [4 ... 7] = 4,    [8 ... 15] = 5, [16 ... 31] = 6, [32 ... 127] = 7,
*08b48e0bSAndroid Build Coastguard Worker    [128 ... 255] = 8
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker};
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic const u8 count_class_binary[256] = {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    [0] = 0,
*08b48e0bSAndroid Build Coastguard Worker    [1] = 1,
*08b48e0bSAndroid Build Coastguard Worker    [2] = 2,
*08b48e0bSAndroid Build Coastguard Worker    [3] = 4,
*08b48e0bSAndroid Build Coastguard Worker    [4 ... 7] = 8,
*08b48e0bSAndroid Build Coastguard Worker    [8 ... 15] = 16,
*08b48e0bSAndroid Build Coastguard Worker    [16 ... 31] = 32,
*08b48e0bSAndroid Build Coastguard Worker    [32 ... 127] = 64,
*08b48e0bSAndroid Build Coastguard Worker    [128 ... 255] = 128
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker};
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void kill_child() {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  timed_out = 1;
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->child_pid > 0) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    kill(fsrv->child_pid, fsrv->child_kill_signal);
*08b48e0bSAndroid Build Coastguard Worker    fsrv->child_pid = -1;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* dummy functions */
*08b48e0bSAndroid Build Coastguard Workeru32 write_to_testcase(afl_state_t *afl, void **mem, u32 a, u32 b) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  (void)afl;
*08b48e0bSAndroid Build Coastguard Worker  (void)mem;
*08b48e0bSAndroid Build Coastguard Worker  return a + b;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workervoid show_stats(afl_state_t *afl) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  (void)afl;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workervoid update_bitmap_score(afl_state_t *afl, struct queue_entry *q) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  (void)afl;
*08b48e0bSAndroid Build Coastguard Worker  (void)q;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerfsrv_run_result_t fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv,
*08b48e0bSAndroid Build Coastguard Worker                                  u32 i) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  (void)afl;
*08b48e0bSAndroid Build Coastguard Worker  (void)fsrv;
*08b48e0bSAndroid Build Coastguard Worker  (void)i;
*08b48e0bSAndroid Build Coastguard Worker  return 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workervoid classify_counts(afl_forkserver_t *fsrv) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  u8       *mem = fsrv->trace_bits;
*08b48e0bSAndroid Build Coastguard Worker  const u8 *map = binary_mode ? count_class_binary : count_class_human;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  u32 i = map_size;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (edges_only) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    while (i--) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (*mem) { *mem = 1; }
*08b48e0bSAndroid Build Coastguard Worker      mem++;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else if (!raw_instr_output) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    while (i--) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      *mem = map[*mem];
*08b48e0bSAndroid Build Coastguard Worker      mem++;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv,
*08b48e0bSAndroid Build Coastguard Worker                                 sharedmem_t      *shm_fuzz) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  afl_shm_deinit(shm_fuzz);
*08b48e0bSAndroid Build Coastguard Worker  fsrv->support_shmem_fuzz = 0;
*08b48e0bSAndroid Build Coastguard Worker  fsrv->shmem_fuzz_len = NULL;
*08b48e0bSAndroid Build Coastguard Worker  fsrv->shmem_fuzz = NULL;
*08b48e0bSAndroid Build Coastguard Worker  ck_free(shm_fuzz);
*08b48e0bSAndroid Build Coastguard Worker  return NULL;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Get rid of temp files (atexit handler). */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void at_exit_handler(void) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (stdin_file) { unlink(stdin_file); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (remove_shm) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (shm.map) afl_shm_deinit(&shm);
*08b48e0bSAndroid Build Coastguard Worker    if (fsrv->use_shmem_fuzz) deinit_shmem(fsrv, shm_fuzz);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  afl_fsrv_killall();
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Analyze results. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void analyze_results(afl_forkserver_t *fsrv) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  u32 i;
*08b48e0bSAndroid Build Coastguard Worker  for (i = 0; i < map_size; i++) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (fsrv->trace_bits[i]) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      total += fsrv->trace_bits[i];
*08b48e0bSAndroid Build Coastguard Worker      if (fsrv->trace_bits[i] > highest) highest = fsrv->trace_bits[i];
*08b48e0bSAndroid Build Coastguard Worker      // if (!coverage_map[i]) { coverage_map[i] = 1; }
*08b48e0bSAndroid Build Coastguard Worker      coverage_map[i] |= fsrv->trace_bits[i];
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Write results. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  s32 fd;
*08b48e0bSAndroid Build Coastguard Worker  u32 i, ret = 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  u8 cco = !!getenv("AFL_CMIN_CRASHES_ONLY"),
*08b48e0bSAndroid Build Coastguard Worker     caa = !!getenv("AFL_CMIN_ALLOW_ANY");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!outfile || !*outfile) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    FATAL("Output filename not set (Bug in AFL++?)");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (cmin_mode &&
*08b48e0bSAndroid Build Coastguard Worker      (fsrv->last_run_timed_out || (!caa && child_crashed != cco))) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (strcmp(outfile, "-")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      // create empty file to prevent error messages in afl-cmin
*08b48e0bSAndroid Build Coastguard Worker      fd = open(outfile, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
*08b48e0bSAndroid Build Coastguard Worker      close(fd);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    return ret;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!strncmp(outfile, "/dev/", 5)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fd = open(outfile, O_WRONLY);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (fd < 0) { PFATAL("Unable to open '%s'", out_file); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else if (!strcmp(outfile, "-")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fd = dup(1);
*08b48e0bSAndroid Build Coastguard Worker    if (fd < 0) { PFATAL("Unable to open stdout"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    unlink(outfile);                                       /* Ignore errors */
*08b48e0bSAndroid Build Coastguard Worker    fd = open(outfile, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
*08b48e0bSAndroid Build Coastguard Worker    if (fd < 0) { PFATAL("Unable to create '%s'", outfile); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (binary_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    for (i = 0; i < map_size; i++) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (fsrv->trace_bits[i]) { ret++; }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    ck_write(fd, fsrv->trace_bits, map_size, outfile);
*08b48e0bSAndroid Build Coastguard Worker    close(fd);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    FILE *f = fdopen(fd, "w");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!f) { PFATAL("fdopen() failed"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    for (i = 0; i < map_size; i++) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (!fsrv->trace_bits[i]) { continue; }
*08b48e0bSAndroid Build Coastguard Worker      ret++;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      total += fsrv->trace_bits[i];
*08b48e0bSAndroid Build Coastguard Worker      if (highest < fsrv->trace_bits[i]) { highest = fsrv->trace_bits[i]; }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (cmin_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        fprintf(f, "%u%03u\n", i, fsrv->trace_bits[i]);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        fprintf(f, "%06u:%u\n", i, fsrv->trace_bits[i]);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fclose(f);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  return ret;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workervoid pre_afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *mem, u32 len) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  static u8 buf[MAX_FILE];
*08b48e0bSAndroid Build Coastguard Worker  u32       sent = 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (unlikely(afl->custom_mutators_count)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    ssize_t new_size = len;
*08b48e0bSAndroid Build Coastguard Worker    u8     *new_mem = mem;
*08b48e0bSAndroid Build Coastguard Worker    u8     *new_buf = NULL;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (el->afl_custom_post_process) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        new_size =
*08b48e0bSAndroid Build Coastguard Worker            el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (unlikely(!new_buf || new_size <= 0)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          return;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          new_mem = new_buf;
*08b48e0bSAndroid Build Coastguard Worker          len = new_size;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    });
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (new_mem != mem && new_mem != NULL) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      mem = buf;
*08b48e0bSAndroid Build Coastguard Worker      memcpy(mem, new_mem, new_size);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (unlikely(afl->custom_mutators_count)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (el->afl_custom_fuzz_send) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          el->afl_custom_fuzz_send(el->data, mem, len);
*08b48e0bSAndroid Build Coastguard Worker          sent = 1;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      });
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (likely(!sent)) { afl_fsrv_write_to_testcase(fsrv, mem, len); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Execute target application. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem,
*08b48e0bSAndroid Build Coastguard Worker                                          u32 len) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  pre_afl_fsrv_write_to_testcase(fsrv, mem, len);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!quiet_mode) { SAYF("-- Program output begins --\n" cRST); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (afl_fsrv_run_target(fsrv, fsrv->exec_tmout, &stop_soon) ==
*08b48e0bSAndroid Build Coastguard Worker      FSRV_RUN_ERROR) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    FATAL("Error running target");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->trace_bits[0]) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->trace_bits[0] -= 1;
*08b48e0bSAndroid Build Coastguard Worker    have_coverage = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    have_coverage = false;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!no_classify) { classify_counts(fsrv); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!quiet_mode) { SAYF(cRST "-- Program output ends --\n"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!fsrv->last_run_timed_out && !stop_soon &&
*08b48e0bSAndroid Build Coastguard Worker      WIFSIGNALED(fsrv->child_status)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    child_crashed = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    child_crashed = false;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!quiet_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (timed_out || fsrv->last_run_timed_out) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      SAYF(cLRD "\n+++ Program timed off +++\n" cRST);
*08b48e0bSAndroid Build Coastguard Worker      timed_out = 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else if (stop_soon) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      SAYF(cLRD "\n+++ Program aborted by user +++\n" cRST);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else if (child_crashed) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      SAYF(cLRD "\n+++ Program killed by signal %u +++\n" cRST,
*08b48e0bSAndroid Build Coastguard Worker           WTERMSIG(fsrv->child_status));
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (stop_soon) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    SAYF(cRST cLRD "\n+++ afl-showmap folder mode aborted by user +++\n" cRST);
*08b48e0bSAndroid Build Coastguard Worker    exit(1);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Read initial file. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic u32 read_file(u8 *in_file) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (print_filenames) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    SAYF("Processing %s\n", in_file);
*08b48e0bSAndroid Build Coastguard Worker    fflush(stdout);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  struct stat st;
*08b48e0bSAndroid Build Coastguard Worker  s32         fd = open(in_file, O_RDONLY);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (fd < 0) { WARNF("Unable to open '%s'", in_file); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (fstat(fd, &st) || !st.st_size) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!be_quiet && !quiet_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      WARNF("Zero-sized input file '%s'.", in_file);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (st.st_size > MAX_FILE) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!be_quiet && !quiet_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      WARNF("Input file '%s' is too large, only reading %ld bytes.", in_file,
*08b48e0bSAndroid Build Coastguard Worker            MAX_FILE);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    in_len = MAX_FILE;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    in_len = st.st_size;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  in_data = ck_alloc_nozero(in_len);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  ck_read(fd, in_data, in_len, in_file);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  close(fd);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  // OKF("Read %u byte%s from '%s'.", in_len, in_len == 1 ? "" : "s", in_file);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  return in_len;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#ifdef __linux__
*08b48e0bSAndroid Build Coastguard Worker/* Execute the target application with an empty input (in Nyx mode). */
*08b48e0bSAndroid Build Coastguard Workerstatic void showmap_run_target_nyx_mode(afl_forkserver_t *fsrv) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  afl_fsrv_write_to_testcase(fsrv, NULL, 0);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (afl_fsrv_run_target(fsrv, fsrv->exec_tmout, &stop_soon) ==
*08b48e0bSAndroid Build Coastguard Worker      FSRV_RUN_ERROR) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    FATAL("Error running target in Nyx mode");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Execute target application. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void showmap_run_target(afl_forkserver_t *fsrv, char **argv) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  static struct itimerval it;
*08b48e0bSAndroid Build Coastguard Worker  int                     status = 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!quiet_mode) { SAYF("-- Program output begins --\n" cRST); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  MEM_BARRIER();
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  fsrv->child_pid = fork();
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->child_pid < 0) { PFATAL("fork() failed"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!fsrv->child_pid) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    struct rlimit r;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (quiet_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      s32 fd = open("/dev/null", O_RDWR);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (fd < 0 || dup2(fd, 1) < 0 || dup2(fd, 2) < 0) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        *(u32 *)fsrv->trace_bits = EXEC_FAIL_SIG;
*08b48e0bSAndroid Build Coastguard Worker        PFATAL("Descriptor initialization failed");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      close(fd);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (fsrv->mem_limit) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      r.rlim_max = r.rlim_cur = ((rlim_t)fsrv->mem_limit) << 20;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#ifdef RLIMIT_AS
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      setrlimit(RLIMIT_AS, &r);                            /* Ignore errors */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#else
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      setrlimit(RLIMIT_DATA, &r);                          /* Ignore errors */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#endif                                                        /* ^RLIMIT_AS */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!keep_cores) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      r.rlim_max = r.rlim_cur = 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      r.rlim_max = r.rlim_cur = RLIM_INFINITY;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    setrlimit(RLIMIT_CORE, &r);                            /* Ignore errors */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!getenv("LD_BIND_LAZY")) { setenv("LD_BIND_NOW", "1", 0); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    setsid();
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    execv(fsrv->target_path, argv);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    *(u32 *)fsrv->trace_bits = EXEC_FAIL_SIG;
*08b48e0bSAndroid Build Coastguard Worker    exit(0);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  /* Configure timeout, wait for child, cancel timeout. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->exec_tmout) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->last_run_timed_out = 0;
*08b48e0bSAndroid Build Coastguard Worker    it.it_value.tv_sec = (fsrv->exec_tmout / 1000);
*08b48e0bSAndroid Build Coastguard Worker    it.it_value.tv_usec = (fsrv->exec_tmout % 1000) * 1000;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    signal(SIGALRM, kill_child);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    setitimer(ITIMER_REAL, &it, NULL);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (waitpid(fsrv->child_pid, &status, 0) <= 0) { FATAL("waitpid() failed"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  fsrv->child_pid = 0;
*08b48e0bSAndroid Build Coastguard Worker  it.it_value.tv_sec = 0;
*08b48e0bSAndroid Build Coastguard Worker  it.it_value.tv_usec = 0;
*08b48e0bSAndroid Build Coastguard Worker  setitimer(ITIMER_REAL, &it, NULL);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  MEM_BARRIER();
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  /* Clean up bitmap, analyze exit condition, etc. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (*(u32 *)fsrv->trace_bits == EXEC_FAIL_SIG) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    FATAL("Unable to execute '%s'", argv[0]);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->trace_bits[0]) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->trace_bits[0] -= 1;
*08b48e0bSAndroid Build Coastguard Worker    have_coverage = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    have_coverage = false;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!no_classify) { classify_counts(fsrv); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!quiet_mode) { SAYF(cRST "-- Program output ends --\n"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!fsrv->last_run_timed_out && !stop_soon && WIFSIGNALED(status)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    child_crashed = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!quiet_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (timed_out || fsrv->last_run_timed_out) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      SAYF(cLRD "\n+++ Program timed off +++\n" cRST);
*08b48e0bSAndroid Build Coastguard Worker      timed_out = 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else if (stop_soon) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      SAYF(cLRD "\n+++ Program aborted by user +++\n" cRST);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else if (child_crashed) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      SAYF(cLRD "\n+++ Program killed by signal %u +++\n" cRST,
*08b48e0bSAndroid Build Coastguard Worker           WTERMSIG(status));
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Handle Ctrl-C and the like. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void handle_stop_sig(int sig) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  (void)sig;
*08b48e0bSAndroid Build Coastguard Worker  stop_soon = true;
*08b48e0bSAndroid Build Coastguard Worker  afl_fsrv_killall();
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Do basic preparations - persistent fds, filenames, etc. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void set_up_environment(afl_forkserver_t *fsrv, char **argv) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  char *afl_preload;
*08b48e0bSAndroid Build Coastguard Worker  char *frida_afl_preload = NULL;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  set_sanitizer_defaults();
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (get_afl_env("AFL_PRELOAD")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (fsrv->qemu_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      /* afl-qemu-trace takes care of converting AFL_PRELOAD. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else if (fsrv->frida_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      afl_preload = getenv("AFL_PRELOAD");
*08b48e0bSAndroid Build Coastguard Worker      u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so");
*08b48e0bSAndroid Build Coastguard Worker      if (afl_preload) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        frida_afl_preload = alloc_printf("%s", frida_binary);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      ck_free(frida_binary);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      setenv("LD_PRELOAD", frida_afl_preload, 1);
*08b48e0bSAndroid Build Coastguard Worker      setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      /* CoreSight mode uses the default behavior. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1);
*08b48e0bSAndroid Build Coastguard Worker      setenv("DYLD_INSERT_LIBRARIES", getenv("AFL_PRELOAD"), 1);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else if (fsrv->frida_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so");
*08b48e0bSAndroid Build Coastguard Worker    setenv("LD_PRELOAD", frida_binary, 1);
*08b48e0bSAndroid Build Coastguard Worker    setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1);
*08b48e0bSAndroid Build Coastguard Worker    ck_free(frida_binary);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (frida_afl_preload) { ck_free(frida_afl_preload); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Setup signal handlers, duh. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void setup_signal_handlers(void) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  struct sigaction sa;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  sa.sa_handler = NULL;
*08b48e0bSAndroid Build Coastguard Worker#ifdef SA_RESTART
*08b48e0bSAndroid Build Coastguard Worker  sa.sa_flags = SA_RESTART;
*08b48e0bSAndroid Build Coastguard Worker#else
*08b48e0bSAndroid Build Coastguard Worker  sa.sa_flags = 0;
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker  sa.sa_sigaction = NULL;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  sigemptyset(&sa.sa_mask);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  /* Various ways of saying "stop". */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  sa.sa_handler = handle_stop_sig;
*08b48e0bSAndroid Build Coastguard Worker  sigaction(SIGHUP, &sa, NULL);
*08b48e0bSAndroid Build Coastguard Worker  sigaction(SIGINT, &sa, NULL);
*08b48e0bSAndroid Build Coastguard Worker  sigaction(SIGTERM, &sa, NULL);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workeru32 execute_testcases(u8 *dir) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  struct dirent **nl;
*08b48e0bSAndroid Build Coastguard Worker  s32             nl_cnt, subdirs = 1;
*08b48e0bSAndroid Build Coastguard Worker  u32             i, done = 0;
*08b48e0bSAndroid Build Coastguard Worker  u8              val_buf[2][STRINGIFY_VAL_SIZE_MAX];
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!be_quiet) { ACTF("Scanning '%s'...", dir); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  /* We use scandir() + alphasort() rather than readdir() because otherwise,
*08b48e0bSAndroid Build Coastguard Worker     the ordering of test cases would vary somewhat randomly and would be
*08b48e0bSAndroid Build Coastguard Worker     difficult to control. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  nl_cnt = scandir(dir, &nl, NULL, alphasort);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (nl_cnt < 0) { return 0; }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  for (i = 0; i < (u32)nl_cnt; ++i) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    struct stat st;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    u8 *fn2 = alloc_printf("%s/%s", dir, nl[i]->d_name);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (lstat(fn2, &st) || access(fn2, R_OK)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      PFATAL("Unable to access '%s'", fn2);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    /* obviously we want to skip "descending" into . and .. directories,
*08b48e0bSAndroid Build Coastguard Worker       however it is a good idea to skip also directories that start with
*08b48e0bSAndroid Build Coastguard Worker       a dot */
*08b48e0bSAndroid Build Coastguard Worker    if (subdirs && S_ISDIR(st.st_mode) && nl[i]->d_name[0] != '.') {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      free(nl[i]);                                           /* not tracked */
*08b48e0bSAndroid Build Coastguard Worker      done += execute_testcases(fn2);
*08b48e0bSAndroid Build Coastguard Worker      ck_free(fn2);
*08b48e0bSAndroid Build Coastguard Worker      continue;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!S_ISREG(st.st_mode) || !st.st_size) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      free(nl[i]);
*08b48e0bSAndroid Build Coastguard Worker      ck_free(fn2);
*08b48e0bSAndroid Build Coastguard Worker      continue;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (st.st_size > MAX_FILE && !be_quiet && !quiet_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2,
*08b48e0bSAndroid Build Coastguard Worker            stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size),
*08b48e0bSAndroid Build Coastguard Worker            stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE));
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!collect_coverage)
*08b48e0bSAndroid Build Coastguard Worker      snprintf(outfile, sizeof(outfile), "%s/%s", out_file, nl[i]->d_name);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    free(nl[i]);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (read_file(fn2)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (wait_for_gdb) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid);
*08b48e0bSAndroid Build Coastguard Worker        fprintf(stderr, "exec: kill -CONT %d\n", getpid());
*08b48e0bSAndroid Build Coastguard Worker        kill(0, SIGSTOP);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      showmap_run_target_forkserver(fsrv, in_data, in_len);
*08b48e0bSAndroid Build Coastguard Worker      ck_free(in_data);
*08b48e0bSAndroid Build Coastguard Worker      ++done;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (child_crashed && debug) { WARNF("crashed: %s", fn2); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (collect_coverage)
*08b48e0bSAndroid Build Coastguard Worker        analyze_results(fsrv);
*08b48e0bSAndroid Build Coastguard Worker      else
*08b48e0bSAndroid Build Coastguard Worker        tcnt = write_results_to_file(fsrv, outfile);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  free(nl);                                                  /* not tracked */
*08b48e0bSAndroid Build Coastguard Worker  return done;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workeru32 execute_testcases_filelist(u8 *fn) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  u32   done = 0;
*08b48e0bSAndroid Build Coastguard Worker  u8    buf[4096];
*08b48e0bSAndroid Build Coastguard Worker  u8    val_buf[2][STRINGIFY_VAL_SIZE_MAX];
*08b48e0bSAndroid Build Coastguard Worker  FILE *f;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!be_quiet) { ACTF("Reading from '%s'...", fn); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if ((f = fopen(fn, "r")) == NULL) { FATAL("could not open '%s'", fn); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  while (fgets(buf, sizeof(buf), f) != NULL) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    struct stat st;
*08b48e0bSAndroid Build Coastguard Worker    u8         *fn2 = buf, *fn3;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    while (*fn2 == ' ') {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      ++fn2;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    while (*fn2 &&
*08b48e0bSAndroid Build Coastguard Worker           (fn2[strlen(fn2) - 1] == '\r' || fn2[strlen(fn2) - 1] == '\n' ||
*08b48e0bSAndroid Build Coastguard Worker            fn2[strlen(fn2) - 1] == ' ')) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      fn2[strlen(fn2) - 1] = 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (debug) { printf("Getting coverage for '%s'\n", fn2); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!*fn2) { continue; }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (lstat(fn2, &st) || access(fn2, R_OK)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      WARNF("Unable to access '%s'", fn2);
*08b48e0bSAndroid Build Coastguard Worker      continue;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    ++done;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!S_ISREG(st.st_mode) || !st.st_size) { continue; }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if ((fn3 = strrchr(fn2, '/'))) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      ++fn3;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      fn3 = fn2;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (st.st_size > MAX_FILE && !be_quiet && !quiet_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2,
*08b48e0bSAndroid Build Coastguard Worker            stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size),
*08b48e0bSAndroid Build Coastguard Worker            stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE));
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!collect_coverage) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      snprintf(outfile, sizeof(outfile), "%s/%s", out_file, fn3);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (read_file(fn2)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (wait_for_gdb) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid);
*08b48e0bSAndroid Build Coastguard Worker        fprintf(stderr, "exec: kill -CONT %d\n", getpid());
*08b48e0bSAndroid Build Coastguard Worker        kill(0, SIGSTOP);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      showmap_run_target_forkserver(fsrv, in_data, in_len);
*08b48e0bSAndroid Build Coastguard Worker      ck_free(in_data);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (child_crashed && debug) { WARNF("crashed: %s", fn2); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (collect_coverage)
*08b48e0bSAndroid Build Coastguard Worker        analyze_results(fsrv);
*08b48e0bSAndroid Build Coastguard Worker      else
*08b48e0bSAndroid Build Coastguard Worker        tcnt = write_results_to_file(fsrv, outfile);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  return done;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Show banner. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void show_banner(void) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  SAYF(cCYA "afl-showmap" VERSION cRST " by Michal Zalewski\n");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Display usage hints. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerstatic void usage(u8 *argv0) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  show_banner();
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  SAYF(
*08b48e0bSAndroid Build Coastguard Worker      "\n%s [ options ] -- /path/to/target_app [ ... ]\n\n"
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      "Required parameters:\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -o file    - file to write the trace data to\n\n"
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      "Execution control settings:\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -t msec    - timeout for each run (default: 1000ms)\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -m megs    - memory limit for child process (default: none)\n"
*08b48e0bSAndroid Build Coastguard Worker#if defined(__linux__) && defined(__aarch64__)
*08b48e0bSAndroid Build Coastguard Worker      "  -A         - use binary-only instrumentation (ARM CoreSight mode)\n"
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker      "  -O         - use binary-only instrumentation (FRIDA mode)\n"
*08b48e0bSAndroid Build Coastguard Worker#if defined(__linux__)
*08b48e0bSAndroid Build Coastguard Worker      "  -Q         - use binary-only instrumentation (QEMU mode)\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -U         - use Unicorn-based instrumentation (Unicorn mode)\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -W         - use qemu-based instrumentation with Wine (Wine mode)\n"
*08b48e0bSAndroid Build Coastguard Worker      "               (Not necessary, here for consistency with other afl-* "
*08b48e0bSAndroid Build Coastguard Worker      "tools)\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -X         - use Nyx mode\n"
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker      "\n"
*08b48e0bSAndroid Build Coastguard Worker      "Other settings:\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -i dir     - process all files below this directory, must be combined "
*08b48e0bSAndroid Build Coastguard Worker      "with -o.\n"
*08b48e0bSAndroid Build Coastguard Worker      "               With -C, -o is a file, without -C it must be a "
*08b48e0bSAndroid Build Coastguard Worker      "directory\n"
*08b48e0bSAndroid Build Coastguard Worker      "               and each bitmap will be written there individually.\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -I filelist - alternatively to -i, -I is a list of files\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -C         - collect coverage, writes all edges to -o and gives a "
*08b48e0bSAndroid Build Coastguard Worker      "summary\n"
*08b48e0bSAndroid Build Coastguard Worker      "               Must be combined with -i.\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -q         - sink program's output and don't show messages\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -e         - show edge coverage only, ignore hit counts\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -r         - show real tuple values instead of AFL filter values\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -s         - do not classify the map\n"
*08b48e0bSAndroid Build Coastguard Worker      "  -c         - allow core dumps\n\n"
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      "This tool displays raw tuple data captured by AFL instrumentation.\n"
*08b48e0bSAndroid Build Coastguard Worker      "For additional help, consult %s/README.md.\n\n"
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      "If you use -i/-I mode, then custom mutator post_process send send "
*08b48e0bSAndroid Build Coastguard Worker      "functionality\n"
*08b48e0bSAndroid Build Coastguard Worker      "is supported.\n\n"
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      "Environment variables used:\n"
*08b48e0bSAndroid Build Coastguard Worker      "LD_BIND_LAZY: do not set LD_BIND_NOW env var for target\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_CMIN_CRASHES_ONLY: (cmin_mode) only write tuples for crashing "
*08b48e0bSAndroid Build Coastguard Worker      "inputs\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_CMIN_ALLOW_ANY: (cmin_mode) write tuples for crashing inputs also\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_CRASH_EXITCODE: optional child exit code to be interpreted as "
*08b48e0bSAndroid Build Coastguard Worker      "crash\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_DEBUG: enable extra developer output\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during "
*08b48e0bSAndroid Build Coastguard Worker      "startup (in milliseconds)\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, "
*08b48e0bSAndroid Build Coastguard Worker      "etc.\n"
*08b48e0bSAndroid Build Coastguard Worker      "                 (default: SIGKILL)\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_FORK_SERVER_KILL_SIGNAL: Kill signal for the fork server on "
*08b48e0bSAndroid Build Coastguard Worker      "termination\n"
*08b48e0bSAndroid Build Coastguard Worker      "                             (default: SIGTERM). If unset and "
*08b48e0bSAndroid Build Coastguard Worker      "AFL_KILL_SIGNAL is\n"
*08b48e0bSAndroid Build Coastguard Worker      "                             set, that value will be used.\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_MAP_SIZE: the shared memory size for that target. must be >= the "
*08b48e0bSAndroid Build Coastguard Worker      "size the\n"
*08b48e0bSAndroid Build Coastguard Worker      "              target was compiled for\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_PRINT_FILENAMES: Print the queue entry currently processed will to "
*08b48e0bSAndroid Build Coastguard Worker      "stdout\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_QUIET: do not print extra informational output\n"
*08b48e0bSAndroid Build Coastguard Worker      "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n",
*08b48e0bSAndroid Build Coastguard Worker      argv0, doc_path);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  exit(1);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker/* Main entry point */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Workerint main(int argc, char **argv_orig, char **envp) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  // TODO: u64 mem_limit = MEM_LIMIT;                  /* Memory limit (MB) */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  s32  opt, i;
*08b48e0bSAndroid Build Coastguard Worker  bool mem_limit_given = false, timeout_given = false, unicorn_mode = false,
*08b48e0bSAndroid Build Coastguard Worker       use_wine = false;
*08b48e0bSAndroid Build Coastguard Worker  char **use_argv;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  char **argv = argv_cpy_dup(argc, argv_orig);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  afl_forkserver_t fsrv_var = {0};
*08b48e0bSAndroid Build Coastguard Worker  if (getenv("AFL_DEBUG")) { debug = true; }
*08b48e0bSAndroid Build Coastguard Worker  if (get_afl_env("AFL_PRINT_FILENAMES")) { print_filenames = true; }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  fsrv = &fsrv_var;
*08b48e0bSAndroid Build Coastguard Worker  afl_fsrv_init(fsrv);
*08b48e0bSAndroid Build Coastguard Worker  map_size = get_map_size();
*08b48e0bSAndroid Build Coastguard Worker  fsrv->map_size = map_size;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (getenv("AFL_QUIET") != NULL) { be_quiet = true; }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  while ((opt = getopt(argc, argv, "+i:I:o:f:m:t:AeqCZOH:QUWbcrshXY")) > 0) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    switch (opt) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 's':
*08b48e0bSAndroid Build Coastguard Worker        no_classify = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'C':
*08b48e0bSAndroid Build Coastguard Worker        collect_coverage = true;
*08b48e0bSAndroid Build Coastguard Worker        quiet_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'i':
*08b48e0bSAndroid Build Coastguard Worker        if (in_dir) { FATAL("Multiple -i options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker        in_dir = optarg;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'I':
*08b48e0bSAndroid Build Coastguard Worker        if (in_filelist) { FATAL("Multiple -I options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker        in_filelist = optarg;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'o':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (out_file) { FATAL("Multiple -o options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker        out_file = optarg;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'm': {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        u8 suffix = 'M';
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (mem_limit_given) { FATAL("Multiple -m options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker        mem_limit_given = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (!optarg) { FATAL("Wrong usage of -m"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (!strcmp(optarg, "none")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          fsrv->mem_limit = 0;
*08b48e0bSAndroid Build Coastguard Worker          break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (sscanf(optarg, "%llu%c", &fsrv->mem_limit, &suffix) < 1 ||
*08b48e0bSAndroid Build Coastguard Worker            optarg[0] == '-') {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          FATAL("Bad syntax used for -m");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        switch (suffix) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          case 'T':
*08b48e0bSAndroid Build Coastguard Worker            fsrv->mem_limit *= 1024 * 1024;
*08b48e0bSAndroid Build Coastguard Worker            break;
*08b48e0bSAndroid Build Coastguard Worker          case 'G':
*08b48e0bSAndroid Build Coastguard Worker            fsrv->mem_limit *= 1024;
*08b48e0bSAndroid Build Coastguard Worker            break;
*08b48e0bSAndroid Build Coastguard Worker          case 'k':
*08b48e0bSAndroid Build Coastguard Worker            fsrv->mem_limit /= 1024;
*08b48e0bSAndroid Build Coastguard Worker            break;
*08b48e0bSAndroid Build Coastguard Worker          case 'M':
*08b48e0bSAndroid Build Coastguard Worker            break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          default:
*08b48e0bSAndroid Build Coastguard Worker            FATAL("Unsupported suffix or bad syntax for -m");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (fsrv->mem_limit < 5) { FATAL("Dangerously low value of -m"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (sizeof(rlim_t) == 4 && fsrv->mem_limit > 2000) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          FATAL("Value of -m out of range on 32-bit systems");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'f':  // only in here to avoid a compiler warning for use_stdin
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        FATAL("Option -f is not supported in afl-showmap");
*08b48e0bSAndroid Build Coastguard Worker        // currently not reached:
*08b48e0bSAndroid Build Coastguard Worker        fsrv->use_stdin = 0;
*08b48e0bSAndroid Build Coastguard Worker        fsrv->out_file = strdup(optarg);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 't':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (timeout_given) { FATAL("Multiple -t options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker        timeout_given = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (!optarg) { FATAL("Wrong usage of -t"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (strcmp(optarg, "none")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          fsrv->exec_tmout = atoi(optarg);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          if (fsrv->exec_tmout < 20 || optarg[0] == '-') {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker            FATAL("Dangerously low value of -t");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          // The forkserver code does not have a way to completely
*08b48e0bSAndroid Build Coastguard Worker          // disable the timeout, so we'll use a very, very long
*08b48e0bSAndroid Build Coastguard Worker          // timeout instead.
*08b48e0bSAndroid Build Coastguard Worker          WARNF(
*08b48e0bSAndroid Build Coastguard Worker              "Setting an execution timeout of 120 seconds ('none' is not "
*08b48e0bSAndroid Build Coastguard Worker              "allowed).");
*08b48e0bSAndroid Build Coastguard Worker          fsrv->exec_tmout = 120 * 1000;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'e':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (edges_only) { FATAL("Multiple -e options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker        if (raw_instr_output) { FATAL("-e and -r are mutually exclusive"); }
*08b48e0bSAndroid Build Coastguard Worker        edges_only = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'q':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        quiet_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'Z':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        /* This is an undocumented option to write data in the syntax expected
*08b48e0bSAndroid Build Coastguard Worker           by afl-cmin. Nobody else should have any use for this. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        cmin_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        quiet_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'H':
*08b48e0bSAndroid Build Coastguard Worker        /* Another afl-cmin specific feature. */
*08b48e0bSAndroid Build Coastguard Worker        at_file = optarg;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'O':                                               /* FRIDA mode */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (fsrv->frida_mode) { FATAL("Multiple -O options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        fsrv->frida_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        setenv("AFL_FRIDA_INST_SEED", "1", 1);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      /* FIXME: We want to use -P for consistency, but it is already unsed for
*08b48e0bSAndroid Build Coastguard Worker       * undocumenetd feature "Another afl-cmin specific feature." */
*08b48e0bSAndroid Build Coastguard Worker      case 'A':                                           /* CoreSight mode */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#if !defined(__aarch64__) || !defined(__linux__)
*08b48e0bSAndroid Build Coastguard Worker        FATAL("-A option is not supported on this platform");
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (fsrv->cs_mode) { FATAL("Multiple -A options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        fsrv->cs_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'Q':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (fsrv->qemu_mode) { FATAL("Multiple -Q options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        fsrv->qemu_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'U':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (unicorn_mode) { FATAL("Multiple -U options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        unicorn_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'W':                                           /* Wine+QEMU mode */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (use_wine) { FATAL("Multiple -W options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker        fsrv->qemu_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        use_wine = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'Y':  // fallthrough
*08b48e0bSAndroid Build Coastguard Worker#ifdef __linux__
*08b48e0bSAndroid Build Coastguard Worker      case 'X':                                                 /* NYX mode */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (fsrv->nyx_mode) { FATAL("Multiple -X options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        fsrv->nyx_mode = 1;
*08b48e0bSAndroid Build Coastguard Worker        fsrv->nyx_parent = true;
*08b48e0bSAndroid Build Coastguard Worker        fsrv->nyx_standalone = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker#else
*08b48e0bSAndroid Build Coastguard Worker      case 'X':
*08b48e0bSAndroid Build Coastguard Worker        FATAL("Nyx mode is only availabe on linux...");
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'b':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        /* Secret undocumented mode. Writes output in raw binary format
*08b48e0bSAndroid Build Coastguard Worker           similar to that dumped by afl-fuzz in <out_dir/queue/fuzz_bitmap. */
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        binary_mode = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'c':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (keep_cores) { FATAL("Multiple -c options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker        keep_cores = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'r':
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (raw_instr_output) { FATAL("Multiple -r options not supported"); }
*08b48e0bSAndroid Build Coastguard Worker        if (edges_only) { FATAL("-e and -r are mutually exclusive"); }
*08b48e0bSAndroid Build Coastguard Worker        raw_instr_output = true;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      case 'h':
*08b48e0bSAndroid Build Coastguard Worker        usage(argv[0]);
*08b48e0bSAndroid Build Coastguard Worker        return -1;
*08b48e0bSAndroid Build Coastguard Worker        break;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      default:
*08b48e0bSAndroid Build Coastguard Worker        usage(argv[0]);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (optind == argc || !out_file) { usage(argv[0]); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (in_dir && in_filelist) { FATAL("you can only specify either -i or -I"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (in_dir || in_filelist) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!out_file && !collect_coverage)
*08b48e0bSAndroid Build Coastguard Worker      FATAL("for -i/-I you need to specify either -C and/or -o");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->qemu_mode && !mem_limit_given) { fsrv->mem_limit = MEM_LIMIT_QEMU; }
*08b48e0bSAndroid Build Coastguard Worker  if (unicorn_mode && !mem_limit_given) { fsrv->mem_limit = MEM_LIMIT_UNICORN; }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  check_environment_vars(envp);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (getenv("AFL_NO_FORKSRV")) {             /* if set, use the fauxserver */
*08b48e0bSAndroid Build Coastguard Worker    fsrv->use_fauxsrv = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (getenv("AFL_DEBUG")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    DEBUGF("");
*08b48e0bSAndroid Build Coastguard Worker    for (i = 0; i < argc; i++)
*08b48e0bSAndroid Build Coastguard Worker      SAYF(" %s", argv[i]);
*08b48e0bSAndroid Build Coastguard Worker    SAYF("\n");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  //  if (afl->shmem_testcase_mode) { setup_testcase_shmem(afl); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  setenv("AFL_NO_AUTODICT", "1", 1);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  /* initialize cmplog_mode */
*08b48e0bSAndroid Build Coastguard Worker  shm.cmplog_mode = 0;
*08b48e0bSAndroid Build Coastguard Worker  setup_signal_handlers();
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  set_up_environment(fsrv, argv);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#ifdef __linux__
*08b48e0bSAndroid Build Coastguard Worker  if (!fsrv->nyx_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->target_path = find_binary(argv[optind]);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->target_path = ck_strdup(argv[optind]);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#else
*08b48e0bSAndroid Build Coastguard Worker  fsrv->target_path = find_binary(argv[optind]);
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!quiet_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    show_banner();
*08b48e0bSAndroid Build Coastguard Worker    ACTF("Executing '%s'...", fsrv->target_path);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (in_dir || in_filelist) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    /* If we don't have a file name chosen yet, use a safe default. */
*08b48e0bSAndroid Build Coastguard Worker    u8 *use_dir = ".";
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (access(use_dir, R_OK | W_OK | X_OK)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      use_dir = get_afl_env("TMPDIR");
*08b48e0bSAndroid Build Coastguard Worker      if (!use_dir) { use_dir = "/tmp"; }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    stdin_file = at_file ? strdup(at_file)
*08b48e0bSAndroid Build Coastguard Worker                         : (char *)alloc_printf("%s/.afl-showmap-temp-%u",
*08b48e0bSAndroid Build Coastguard Worker                                                use_dir, (u32)getpid());
*08b48e0bSAndroid Build Coastguard Worker    unlink(stdin_file);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    // If @@ are in the target args, replace them and also set use_stdin=false.
*08b48e0bSAndroid Build Coastguard Worker    detect_file_args(argv + optind, stdin_file, &fsrv->use_stdin);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->dev_null_fd = open("/dev/null", O_RDWR);
*08b48e0bSAndroid Build Coastguard Worker    if (fsrv->dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->out_file = stdin_file;
*08b48e0bSAndroid Build Coastguard Worker    fsrv->out_fd =
*08b48e0bSAndroid Build Coastguard Worker        open(stdin_file, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
*08b48e0bSAndroid Build Coastguard Worker    if (fsrv->out_fd < 0) { PFATAL("Unable to create '%s'", stdin_file); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    // If @@ are in the target args, replace them and also set use_stdin=false.
*08b48e0bSAndroid Build Coastguard Worker    detect_file_args(argv + optind, at_file, &fsrv->use_stdin);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->qemu_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (use_wine) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      use_argv = get_wine_argv(argv[0], &fsrv->target_path, argc - optind,
*08b48e0bSAndroid Build Coastguard Worker                               argv + optind);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      use_argv = get_qemu_argv(argv[0], &fsrv->target_path, argc - optind,
*08b48e0bSAndroid Build Coastguard Worker                               argv + optind);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else if (fsrv->cs_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    use_argv =
*08b48e0bSAndroid Build Coastguard Worker        get_cs_argv(argv[0], &fsrv->target_path, argc - optind, argv + optind);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#ifdef __linux__
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else if (fsrv->nyx_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    use_argv = ck_alloc(sizeof(char *) * (1));
*08b48e0bSAndroid Build Coastguard Worker    use_argv[0] = argv[0];
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->nyx_id = 0;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    u8 *libnyx_binary = find_afl_binary(use_argv[0], "libnyx.so");
*08b48e0bSAndroid Build Coastguard Worker    fsrv->nyx_handlers = afl_load_libnyx_plugin(libnyx_binary);
*08b48e0bSAndroid Build Coastguard Worker    if (fsrv->nyx_handlers == NULL) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      FATAL("failed to initialize libnyx.so...");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->nyx_use_tmp_workdir = true;
*08b48e0bSAndroid Build Coastguard Worker    fsrv->nyx_bind_cpu_id = 0;
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    use_argv = argv + optind;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  afl = calloc(1, sizeof(afl_state_t));
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (getenv("AFL_FORKSRV_INIT_TMOUT")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    s32 forksrv_init_tmout = atoi(getenv("AFL_FORKSRV_INIT_TMOUT"));
*08b48e0bSAndroid Build Coastguard Worker    if (forksrv_init_tmout < 1) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      FATAL("Bad value specified for AFL_FORKSRV_INIT_TMOUT");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->init_tmout = (u32)forksrv_init_tmout;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (getenv("AFL_CRASH_EXITCODE")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    long exitcode = strtol(getenv("AFL_CRASH_EXITCODE"), NULL, 10);
*08b48e0bSAndroid Build Coastguard Worker    if ((!exitcode && (errno == EINVAL || errno == ERANGE)) ||
*08b48e0bSAndroid Build Coastguard Worker        exitcode < -127 || exitcode > 128) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      FATAL("Invalid crash exitcode, expected -127 to 128, but got %s",
*08b48e0bSAndroid Build Coastguard Worker            getenv("AFL_CRASH_EXITCODE"));
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->uses_crash_exitcode = true;
*08b48e0bSAndroid Build Coastguard Worker    // WEXITSTATUS is 8 bit unsigned
*08b48e0bSAndroid Build Coastguard Worker    fsrv->crash_exitcode = (u8)exitcode;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#ifdef __linux__
*08b48e0bSAndroid Build Coastguard Worker  if (!fsrv->nyx_mode && (in_dir || in_filelist)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    (void)check_binary_signatures(fsrv->target_path);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#else
*08b48e0bSAndroid Build Coastguard Worker  if (in_dir) { (void)check_binary_signatures(fsrv->target_path); }
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  shm_fuzz = ck_alloc(sizeof(sharedmem_t));
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  /* initialize cmplog_mode */
*08b48e0bSAndroid Build Coastguard Worker  shm_fuzz->cmplog_mode = 0;
*08b48e0bSAndroid Build Coastguard Worker  u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1);
*08b48e0bSAndroid Build Coastguard Worker  shm_fuzz->shmemfuzz_mode = true;
*08b48e0bSAndroid Build Coastguard Worker  if (!map) { FATAL("BUG: Zero return from afl_shm_init."); }
*08b48e0bSAndroid Build Coastguard Worker#ifdef USEMMAP
*08b48e0bSAndroid Build Coastguard Worker  setenv(SHM_FUZZ_ENV_VAR, shm_fuzz->g_shm_file_path, 1);
*08b48e0bSAndroid Build Coastguard Worker#else
*08b48e0bSAndroid Build Coastguard Worker  u8 *shm_str = alloc_printf("%d", shm_fuzz->shm_id);
*08b48e0bSAndroid Build Coastguard Worker  setenv(SHM_FUZZ_ENV_VAR, shm_str, 1);
*08b48e0bSAndroid Build Coastguard Worker  ck_free(shm_str);
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker  fsrv->support_shmem_fuzz = true;
*08b48e0bSAndroid Build Coastguard Worker  fsrv->shmem_fuzz_len = (u32 *)map;
*08b48e0bSAndroid Build Coastguard Worker  fsrv->shmem_fuzz = map + sizeof(u32);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  configure_afl_kill_signals(fsrv, NULL, NULL,
*08b48e0bSAndroid Build Coastguard Worker                             (fsrv->qemu_mode || unicorn_mode
*08b48e0bSAndroid Build Coastguard Worker#ifdef __linux__
*08b48e0bSAndroid Build Coastguard Worker                              || fsrv->nyx_mode
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker                              )
*08b48e0bSAndroid Build Coastguard Worker                                 ? SIGKILL
*08b48e0bSAndroid Build Coastguard Worker                                 : SIGTERM);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!fsrv->cs_mode && !fsrv->qemu_mode && !unicorn_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    u32 save_be_quiet = be_quiet;
*08b48e0bSAndroid Build Coastguard Worker    be_quiet = !debug;
*08b48e0bSAndroid Build Coastguard Worker    if (map_size > 4194304) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      fsrv->map_size = map_size;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      fsrv->map_size = 4194304;  // dummy temporary value
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    u32 new_map_size =
*08b48e0bSAndroid Build Coastguard Worker        afl_fsrv_get_mapsize(fsrv, use_argv, &stop_soon,
*08b48e0bSAndroid Build Coastguard Worker                             (get_afl_env("AFL_DEBUG_CHILD") ||
*08b48e0bSAndroid Build Coastguard Worker                              get_afl_env("AFL_DEBUG_CHILD_OUTPUT"))
*08b48e0bSAndroid Build Coastguard Worker                                 ? 1
*08b48e0bSAndroid Build Coastguard Worker                                 : 0);
*08b48e0bSAndroid Build Coastguard Worker    be_quiet = save_be_quiet;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (new_map_size) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      // only reinitialize when it makes sense
*08b48e0bSAndroid Build Coastguard Worker      if (map_size < new_map_size ||
*08b48e0bSAndroid Build Coastguard Worker          (new_map_size > map_size && new_map_size - map_size > MAP_SIZE)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (!be_quiet)
*08b48e0bSAndroid Build Coastguard Worker          ACTF("Acquired new map size for target: %u bytes\n", new_map_size);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        afl_shm_deinit(&shm);
*08b48e0bSAndroid Build Coastguard Worker        afl_fsrv_kill(fsrv);
*08b48e0bSAndroid Build Coastguard Worker        fsrv->map_size = new_map_size;
*08b48e0bSAndroid Build Coastguard Worker        fsrv->trace_bits = afl_shm_init(&shm, new_map_size, 0);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      map_size = new_map_size;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    fsrv->map_size = map_size;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    afl_fsrv_start(fsrv, use_argv, &stop_soon,
*08b48e0bSAndroid Build Coastguard Worker                   (get_afl_env("AFL_DEBUG_CHILD") ||
*08b48e0bSAndroid Build Coastguard Worker                    get_afl_env("AFL_DEBUG_CHILD_OUTPUT"))
*08b48e0bSAndroid Build Coastguard Worker                       ? 1
*08b48e0bSAndroid Build Coastguard Worker                       : 0);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (in_dir || in_filelist) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    afl->fsrv.dev_urandom_fd = open("/dev/urandom", O_RDONLY);
*08b48e0bSAndroid Build Coastguard Worker    if (afl->fsrv.dev_urandom_fd < 0) { PFATAL("Unable to open /dev/urandom"); }
*08b48e0bSAndroid Build Coastguard Worker    afl->afl_env.afl_custom_mutator_library =
*08b48e0bSAndroid Build Coastguard Worker        getenv("AFL_CUSTOM_MUTATOR_LIBRARY");
*08b48e0bSAndroid Build Coastguard Worker    afl->afl_env.afl_python_module = getenv("AFL_PYTHON_MODULE");
*08b48e0bSAndroid Build Coastguard Worker    setup_custom_mutators(afl);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (getenv("AFL_CUSTOM_MUTATOR_LIBRARY") || getenv("AFL_PYTHON_MODULE")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      WARNF(
*08b48e0bSAndroid Build Coastguard Worker          "Custom mutator environment detected, this is only supported in "
*08b48e0bSAndroid Build Coastguard Worker          "-i/-I mode!\n");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (in_dir || in_filelist) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    DIR *dir_in, *dir_out = NULL;
*08b48e0bSAndroid Build Coastguard Worker    u8  *dn = NULL;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (getenv("AFL_DEBUG_GDB")) wait_for_gdb = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (in_filelist) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (!be_quiet) ACTF("Reading from file list '%s'...", in_filelist);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      // if a queue subdirectory exists switch to that
*08b48e0bSAndroid Build Coastguard Worker      dn = alloc_printf("%s/queue", in_dir);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if ((dir_in = opendir(dn)) != NULL) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        closedir(dir_in);
*08b48e0bSAndroid Build Coastguard Worker        in_dir = dn;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        ck_free(dn);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (!be_quiet) ACTF("Reading from directory '%s'...", in_dir);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!collect_coverage) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (!(dir_out = opendir(out_file))) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        if (mkdir(out_file, 0700)) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker          PFATAL("cannot create output directory %s", out_file);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if ((coverage_map = (u8 *)malloc(map_size + 64)) == NULL)
*08b48e0bSAndroid Build Coastguard Worker        FATAL("coult not grab memory");
*08b48e0bSAndroid Build Coastguard Worker      edges_only = false;
*08b48e0bSAndroid Build Coastguard Worker      raw_instr_output = true;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    atexit(at_exit_handler);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (get_afl_env("AFL_DEBUG")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      int j = optind;
*08b48e0bSAndroid Build Coastguard Worker      DEBUGF("%s:", fsrv->target_path);
*08b48e0bSAndroid Build Coastguard Worker      while (argv[j] != NULL) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        SAYF(" \"%s\"", argv[j++]);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      SAYF("\n");
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    map_size = fsrv->map_size;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz)
*08b48e0bSAndroid Build Coastguard Worker      shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (in_dir) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (execute_testcases(in_dir) == 0) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        FATAL("could not read input testcases from %s", in_dir);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      if (execute_testcases_filelist(in_filelist) == 0) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker        FATAL("could not read input testcases from %s", in_filelist);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!quiet_mode) { OKF("Processed %llu input files.", fsrv->total_execs); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (dir_out) { closedir(dir_out); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (collect_coverage) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      memcpy(fsrv->trace_bits, coverage_map, map_size);
*08b48e0bSAndroid Build Coastguard Worker      tcnt = write_results_to_file(fsrv, out_file);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz)
*08b48e0bSAndroid Build Coastguard Worker      shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#ifdef __linux__
*08b48e0bSAndroid Build Coastguard Worker    if (!fsrv->nyx_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker      showmap_run_target(fsrv, use_argv);
*08b48e0bSAndroid Build Coastguard Worker#ifdef __linux__
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      showmap_run_target_nyx_mode(fsrv);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker#endif
*08b48e0bSAndroid Build Coastguard Worker    tcnt = write_results_to_file(fsrv, out_file);
*08b48e0bSAndroid Build Coastguard Worker    if (!quiet_mode) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker      OKF("Hash of coverage map: %llx",
*08b48e0bSAndroid Build Coastguard Worker          hash64(fsrv->trace_bits, fsrv->map_size, HASH_CONST));
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (!quiet_mode || collect_coverage) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    if (!tcnt && !have_coverage) { FATAL("No instrumentation detected" cRST); }
*08b48e0bSAndroid Build Coastguard Worker    OKF("Captured %u tuples (map size %u, highest value %u, total values %llu) "
*08b48e0bSAndroid Build Coastguard Worker        "in '%s'." cRST,
*08b48e0bSAndroid Build Coastguard Worker        tcnt, fsrv->real_map_size, highest, total, out_file);
*08b48e0bSAndroid Build Coastguard Worker    if (collect_coverage)
*08b48e0bSAndroid Build Coastguard Worker      OKF("A coverage of %u edges were achieved out of %u existing (%.02f%%) "
*08b48e0bSAndroid Build Coastguard Worker          "with %llu input files.",
*08b48e0bSAndroid Build Coastguard Worker          tcnt, map_size, ((float)tcnt * 100) / (float)map_size,
*08b48e0bSAndroid Build Coastguard Worker          fsrv->total_execs);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (stdin_file) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    unlink(stdin_file);
*08b48e0bSAndroid Build Coastguard Worker    ck_free(stdin_file);
*08b48e0bSAndroid Build Coastguard Worker    stdin_file = NULL;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  remove_shm = 0;
*08b48e0bSAndroid Build Coastguard Worker  afl_shm_deinit(&shm);
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  u32 ret;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (cmin_mode && !!getenv("AFL_CMIN_CRASHES_ONLY")) {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    ret = fsrv->last_run_timed_out;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  } else {
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker    ret = child_crashed * 2 + fsrv->last_run_timed_out;
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->target_path) { ck_free(fsrv->target_path); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  afl_fsrv_deinit(fsrv);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  if (stdin_file) { ck_free(stdin_file); }
*08b48e0bSAndroid Build Coastguard Worker  if (collect_coverage) { free(coverage_map); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  argv_cpy_free(argv);
*08b48e0bSAndroid Build Coastguard Worker  if (fsrv->qemu_mode) { free(use_argv[2]); }
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker  exit(ret);
*08b48e0bSAndroid Build Coastguard Worker
*08b48e0bSAndroid Build Coastguard Worker}
*08b48e0bSAndroid Build Coastguard Worker