bin/zafl.sh

@@ -52,6 +52,7 @@ usage()
 	echo "     -l, --enable-laf                        Enable laf-intel style instrumentation"
 	echo "     -L, --disable-laf                       Disable laf-intel style instrumentation"
 	echo "     -a, --args <args>                       Add extra args to be passed to backend analysis engine"
+	echo "     --auto-zafl-libraries                   Auto-initialize fork server when fuzzing just libraries"
 	echo "     -v                                      Verbose mode" 
 	echo 
 }
@@ -67,6 +68,7 @@ trace_opt=""
 zipr_opt=""
 random_seed=""
 laf_opt=""
+auto_zafl_opt=""
 extra_args=""
 
 me=$(whoami)
@@ -330,6 +332,10 @@ parse_args()
 				laf_opt=""
 				shift
 				;;
+			-L | --auto-zafl-libraries)
+				auto_zafl_libraries="yes"
+				shift
+				;;
 			-*|--*=) # unsupported flags
 				echo "Error: Unsupported flag $1" >&2
 				exit 1
@@ -402,7 +408,12 @@ find_main()
 				options=" $options -o zax:'-e 0x$main_addr'"
 			fi
 		else
-			log_warning "no main() detected, probably a library ==> no automated insertion of fork server"
+			if [ -z $auto_zafl_libraries ]; then
+				log_warning "no main() detected, probably a library ==> no automated insertion of fork server"
+			else
+				log_warning "no main() detected, automatically insert fork server"
+				auto_zafl_opt=" -o zax:--autozafl "
+			fi
 		fi
 	fi
 	rm $tmp_objdump >/dev/null 2>&1
@@ -454,8 +465,8 @@ main()
 		optional_step=" -c laf $laf_opt "
 	fi
 
-	zax_opt=" $zax_opt $float_opt "
-	cmd="$ZAFL_TM_ENV $PSZ $input_binary $output_zafl_binary $ida_or_rida_opt -s move_globals $optional_step -c zax -o move_globals:--elftables-only -o move_globals:--no-use-stars $stars_opt $zax_opt $verbose_opt $options $other_args $trace_opt $zipr_opt $extra_args"
+	zax_opt=" $zax_opt $float_opt $auto_zafl_opt "
+	cmd="$ZAFL_TM_ENV $PSZ $input_binary $output_zafl_binary $ida_or_rida_opt -s move_globals $optional_step -c zax -o move_globals:--elftables-only -o move_globals:--no-use-stars $stars_opt $zax_opt $verbose_opt $options $other_args $trace_opt $zipr_opt $extra_args" 
 
 
 	if [ ! -z "$ZAFL_TM_ENV" ]; then

libzafl @ 3cc41bdc

-Subproject commit 41d574f13bfe692478385ac8b263e83990ae0436
+Subproject commit 3cc41bdc89adcebda3e13ac324c4cc85ef78f6e2

test/bc/test_bc.sh

@@ -40,6 +40,9 @@ fuzz_with_zafl()
 	bc_zafl=$1
 
 	# setup AFL directories
+	if [ -d zafl_in ]; then
+		rm -fr zafl_in
+	fi
 	mkdir zafl_in
 	echo "1" > zafl_in/1
 
@@ -81,7 +84,6 @@ readline=$( ldd `which bc` | grep libreadline | cut -d'>' -f2 | cut -d'(' -f1 )
 readline_basename=$( basename $readline )
 readline_realpath=$( realpath $readline )
 echo "basename: $readline_basename  realpath: $readline_realpath"
-#$PSZ $readline_realpath $readline_basename -c move_globals=on -c zafl=on -o move_globals:--elftables -o zipr:--traceplacement:on -o zipr:true -o zafl:--stars 
 zafl.sh $readline_realpath $readline_basename --random-seed 42 -d
 if [ $? -eq 0 ]; then
 	log_success "build zafl version of $readline_basename at $readline_realpath"
@@ -98,6 +100,29 @@ if [ $? -eq 0 ]; then
 else
 	log_error "bc.stars.zafl.d.g.r.cs basic functionality"
 fi
+log_message "Fuzz for $AFL_TIMEOUT secs"
+fuzz_with_zafl $(realpath ./bc.stars.zafl.d.g.r.cs)
+
+# build ZAFL version of readline shared library (add --auto-zafl-libraries)
+rm $readline_basename
+zafl.sh $readline_realpath $readline_basename --random-seed 42 -d --auto-zafl-libraries
+if [ $? -eq 0 ]; then
+	log_success "build zafl version of $readline_basename at $readline_realpath"
+else
+	log_error "build zafl version of $readline_basename at $readline_realpath"
+fi
+
+# test functionality
+echo "2+3" | `which bc` > out.bc.orig
+echo "2+3" | ./bc.stars.zafl.d.g.r.cs > out.bc.stars.zafl.d.g.r.cs
+diff out.bc.orig out.bc.stars.zafl.d.g.r.cs >/dev/null 2>&1
+if [ $? -eq 0 ]; then
+	log_success "bc.stars.zafl.d.g.r.cs basic functionality with --auto-zafl-libraries"
+else
+	log_error "bc.stars.zafl.d.g.r.cs basic functionality with --auto-zafl-libraries"
+fi
+log_message "Fuzz for $AFL_TIMEOUT secs"
+fuzz_with_zafl $(realpath ./bc.stars.zafl.d.g.r.cs)
 
 popd