commit fda403cf93ecb8792cb1d061564d89a6553ca020
author morehouse <morehouse> Mon Apr 23 21:36:21 2018 +0000
committer morehouse <morehouse> Mon Apr 23 21:36:21 2018 +0000
tree dd18673113dad83d0af4d90e7551d48f02de5378
parent fcd19a8d8dbb912e2f9ed45d96f9831bf9c09ea5

[libFuzzer] Add feature to not use AFL's deferred forkserver.

A small but substantial minority of libFuzzer-based fuzzers run code that
does not play well with fork in global constructors or LLVMFuzzerInitialize.
This patch allows these fuzzers to use afl_driver by allowing them to
opt-out of using AFL's deferred forkserver which deferres calling fork until
after this code.

Patch By: metzman

Differential Revision: https://reviews.llvm.org/D45744

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk/lib/fuzzer@330652 91177308-0d34-0410-b5e6-96231b3b80d8

afl/afl_driver.cpp

diff --git a/afl/afl_driver.cpp b/afl/afl_driver.cpp
index 9f50ddd..fa494c0 100644
--- a/afl/afl_driver.cpp
+++ b/afl/afl_driver.cpp
@@ -138,6 +138,17 @@
 static const char *kExtraStatsFormatString = "peak_rss_mb            : %u\n"
                                              "slowest_unit_time_sec  : %u\n";
 
+// Experimental feature to use afl_driver without AFL's deferred mode.
+// Needs to run before __afl_auto_init.
+__attribute__((constructor(0))) void __decide_deferred_forkserver(void) {
+  if (getenv("AFL_DRIVER_DONT_DEFER")) {
+    if (unsetenv("__AFL_DEFER_FORKSRV")) {
+      perror("Failed to unset __AFL_DEFER_FORKSRV");
+      abort();
+    }
+  }
+}
+
 // Copied from FuzzerUtil.cpp.
 size_t GetPeakRSSMb() {
   struct rusage usage;
@@ -315,7 +326,8 @@
   maybe_duplicate_stderr();
   maybe_initialize_extra_stats();
 
-  __afl_manual_init();
+  if (!getenv("AFL_DRIVER_DONT_DEFER"))
+    __afl_manual_init();
 
   int N = 1000;
   if (argc == 2 && argv[1][0] == '-')