ele7enxxh / android-afl Goto Github PK
View Code? Open in Web Editor NEWFuzzing Android program with american fuzzy lop (AFL)
License: Apache License 2.0
android-afl's People
Contributors
Stargazers
Watchers
Forkers
henices riusksk exiahan lllliiillll fatgrass thomasking2014 slox3r 0xr0ot wxl2578163 moonight10 c0de3 zhouat iamspid3r bigfool guiguzi1110 thelongestusernameofall skycsliuyang hawking2013 mspublic halo2me floatingguy sanshao27 wooyundota androiddream chaojianhu majinxin2003 apkhook vah13 geekwish jgj212 thor509 wlya 1683942030 lczgywzyy bypasscc chubbymaggie syhxsqqzm muzili dejunliu whb224117 alex-dengx darktemple9 shuixi2013 cpluse theodoredean sky8336 daizhongyin selret butterflyhack q1f3 ajgappmark brownbelt fuzzamos f0829 harmmachine robin-pwner bluekezhou fishso bean3ai byteways angrykub summershrimp yangboyd qqqqqqqqq-dev houcy ggulgun developer191 hyrathon shuaihufeng goodhacker nmhai joeyjiao linhlhq l9sk sigma-random fengjixuchui anhkggfork gogolena 0x6b7966 center1 rickzq e4ck sanchahua hohjgdhsj shalekesan lowrebswrd ickyphuz wyu0hop returnhere kennethblite tjy1985001 benchen216 gh0st0ne silentcedar chenyangming9 baakzingjing crackercat dr0s3 gmh5225 daoyuan14android-afl's Issues
patch link is unavailable
well,the patch link:" https://github.com/ele7enxxh/android-afl/blob/master/android-patch/afl-2.33b-android.patch " is unavailable now, could you pls give another link?
Can't compile, /bin/bash: llvm-config-3.8: command not found
Hello,
I am trying to compile android 6.0.1 and facing the following issue. Kindly help me resolve the issue.
Thanks in advance.
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=6.0.1
TARGET_PRODUCT=aosp_arm
TARGET_BUILD_VARIANT=eng
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm
TARGET_ARCH_VARIANT=armv7-a
TARGET_CPU_VARIANT=generic
TARGET_2ND_ARCH=
TARGET_2ND_ARCH_VARIANT=
TARGET_2ND_CPU_VARIANT=
HOST_ARCH=x86_64
HOST_OS=darwin
HOST_OS_EXTRA=Darwin-16.1.0-x86_64-i386-64bit
HOST_BUILD_TYPE=release
BUILD_ID=MOB31K
OUT_DIR=out
Generating afl-llvm-pass.so
/bin/bash: llvm-config-3.8: command not found
/bin/bash: llvm-config-3.8: command not found
/bin/bash: clang++-3.8: command not found
Import includes file: out/host/darwin-x86/obj/EXECUTABLES/afl-gcc_intermediates/import_includes
host C: afl-gcc <= android-afl/afl-gcc.c
Export includes file: android-afl/Android.mk -- out/host/darwin-x86/obj/EXECUTABLES/afl-gcc_intermediates/export_includes
host Executable: afl-gcc (out/host/darwin-x86/obj/EXECUTABLES/afl-gcc_intermediates/afl-gcc)
clang: warning: argument unused during compilation: '-pie'
Install: out/host/darwin-x86/bin/afl-gcc
Import includes file: out/host/darwin-x86/obj/EXECUTABLES/afl-as_intermediates/import_includes
host C: afl-as <= android-afl/afl-as.c
Export includes file: android-afl/Android.mk -- out/host/darwin-x86/obj/EXECUTABLES/afl-as_intermediates/export_includes
host Executable: afl-as (out/host/darwin-x86/obj/EXECUTABLES/afl-as_intermediates/afl-as)
clang: warning: argument unused during compilation: '-pie'
Install: out/host/darwin-x86/afl/afl-as
Import includes file: out/target/product/generic/obj/EXECUTABLES/afl-fuzz_intermediates/import_includes
target thumb C: afl-fuzz <= android-afl/afl-fuzz.c
target Executable: afl-fuzz (out/target/product/generic/obj/EXECUTABLES/afl-fuzz_intermediates/LINKED/afl-fuzz)
target Unpacked: afl-fuzz (out/target/product/generic/obj/EXECUTABLES/afl-fuzz_intermediates/PACKED/afl-fuzz)
target Symbolic: afl-fuzz (out/target/product/generic/symbols/system/bin/afl-fuzz)
Export includes file: android-afl/Android.mk -- out/target/product/generic/obj/EXECUTABLES/afl-fuzz_intermediates/export_includes
target Strip: afl-fuzz (out/target/product/generic/obj/EXECUTABLES/afl-fuzz_intermediates/afl-fuzz)
Install: out/target/product/generic/system/bin/afl-fuzz
Import includes file: out/host/darwin-x86/obj/EXECUTABLES/afl-fuzz_intermediates/import_includes
host C: afl-fuzz <= android-afl/afl-fuzz.c
Export includes file: android-afl/Android.mk -- out/host/darwin-x86/obj/EXECUTABLES/afl-fuzz_intermediates/export_includes
host Executable: afl-fuzz (out/host/darwin-x86/obj/EXECUTABLES/afl-fuzz_intermediates/afl-fuzz)
clang: warning: argument unused during compilation: '-pie'
Install: out/host/darwin-x86/bin/afl-fuzz
Import includes file: out/target/product/generic/obj/EXECUTABLES/afl-showmap_intermediates/import_includes
target thumb C: afl-showmap <= android-afl/afl-showmap.c
target Executable: afl-showmap (out/target/product/generic/obj/EXECUTABLES/afl-showmap_intermediates/LINKED/afl-showmap)
target Unpacked: afl-showmap (out/target/product/generic/obj/EXECUTABLES/afl-showmap_intermediates/PACKED/afl-showmap)
target Symbolic: afl-showmap (out/target/product/generic/symbols/system/bin/afl-showmap)
Export includes file: android-afl/Android.mk -- out/target/product/generic/obj/EXECUTABLES/afl-showmap_intermediates/export_includes
target Strip: afl-showmap (out/target/product/generic/obj/EXECUTABLES/afl-showmap_intermediates/afl-showmap)
Install: out/target/product/generic/system/bin/afl-showmap
Import includes file: out/host/darwin-x86/obj/EXECUTABLES/afl-showmap_intermediates/import_includes
host C: afl-showmap <= android-afl/afl-showmap.c
Export includes file: android-afl/Android.mk -- out/host/darwin-x86/obj/EXECUTABLES/afl-showmap_intermediates/export_includes
host Executable: afl-showmap (out/host/darwin-x86/obj/EXECUTABLES/afl-showmap_intermediates/afl-showmap)
clang: warning: argument unused during compilation: '-pie'
Install: out/host/darwin-x86/bin/afl-showmap
Import includes file: out/target/product/generic/obj/EXECUTABLES/afl-tmin_intermediates/import_includes
target thumb C: afl-tmin <= android-afl/afl-tmin.c
target Executable: afl-tmin (out/target/product/generic/obj/EXECUTABLES/afl-tmin_intermediates/LINKED/afl-tmin)
target Unpacked: afl-tmin (out/target/product/generic/obj/EXECUTABLES/afl-tmin_intermediates/PACKED/afl-tmin)
target Symbolic: afl-tmin (out/target/product/generic/symbols/system/bin/afl-tmin)
Export includes file: android-afl/Android.mk -- out/target/product/generic/obj/EXECUTABLES/afl-tmin_intermediates/export_includes
target Strip: afl-tmin (out/target/product/generic/obj/EXECUTABLES/afl-tmin_intermediates/afl-tmin)
Install: out/target/product/generic/system/bin/afl-tmin
Import includes file: out/host/darwin-x86/obj/EXECUTABLES/afl-tmin_intermediates/import_includes
host C: afl-tmin <= android-afl/afl-tmin.c
Export includes file: android-afl/Android.mk -- out/host/darwin-x86/obj/EXECUTABLES/afl-tmin_intermediates/export_includes
host Executable: afl-tmin (out/host/darwin-x86/obj/EXECUTABLES/afl-tmin_intermediates/afl-tmin)
clang: warning: argument unused during compilation: '-pie'
Install: out/host/darwin-x86/bin/afl-tmin
Import includes file: out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates/import_includes
target thumb C: afl-analyze <= android-afl/afl-analyze.c
target Executable: afl-analyze (out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates/LINKED/afl-analyze)
target Unpacked: afl-analyze (out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates/PACKED/afl-analyze)
target Symbolic: afl-analyze (out/target/product/generic/symbols/system/bin/afl-analyze)
Export includes file: android-afl/Android.mk -- out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates/export_includes
target Strip: afl-analyze (out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze)
Install: out/target/product/generic/system/bin/afl-analyze
Import includes file: out/host/darwin-x86/obj/EXECUTABLES/afl-analyze_intermediates/import_includes
host C: afl-analyze <= android-afl/afl-analyze.c
Export includes file: android-afl/Android.mk -- out/host/darwin-x86/obj/EXECUTABLES/afl-analyze_intermediates/export_includes
host Executable: afl-analyze (out/host/darwin-x86/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze)
clang: warning: argument unused during compilation: '-pie'
Install: out/host/darwin-x86/bin/afl-analyze
Import includes file: out/target/product/generic/obj/EXECUTABLES/afl-gotcpu_intermediates/import_includes
target thumb C: afl-gotcpu <= android-afl/afl-gotcpu.c
target Executable: afl-gotcpu (out/target/product/generic/obj/EXECUTABLES/afl-gotcpu_intermediates/LINKED/afl-gotcpu)
target Unpacked: afl-gotcpu (out/target/product/generic/obj/EXECUTABLES/afl-gotcpu_intermediates/PACKED/afl-gotcpu)
target Symbolic: afl-gotcpu (out/target/product/generic/symbols/system/bin/afl-gotcpu)
Export includes file: android-afl/Android.mk -- out/target/product/generic/obj/EXECUTABLES/afl-gotcpu_intermediates/export_includes
target Strip: afl-gotcpu (out/target/product/generic/obj/EXECUTABLES/afl-gotcpu_intermediates/afl-gotcpu)
Install: out/target/product/generic/system/bin/afl-gotcpu
Import includes file: out/host/darwin-x86/obj/EXECUTABLES/afl-gotcpu_intermediates/import_includes
host C: afl-gotcpu <= android-afl/afl-gotcpu.c
Export includes file: android-afl/Android.mk -- out/host/darwin-x86/obj/EXECUTABLES/afl-gotcpu_intermediates/export_includes
host Executable: afl-gotcpu (out/host/darwin-x86/obj/EXECUTABLES/afl-gotcpu_intermediates/afl-gotcpu)
clang: warning: argument unused during compilation: '-pie'
Install: out/host/darwin-x86/bin/afl-gotcpu
Import includes file: out/host/darwin-x86/obj/EXECUTABLES/afl-clang-fast_intermediates/import_includes
host C: afl-clang-fast <= android-afl/llvm_mode/afl-clang-fast.c
Export includes file: android-afl/Android.mk -- out/host/darwin-x86/obj/EXECUTABLES/afl-clang-fast_intermediates/export_includes
host Executable: afl-clang-fast (out/host/darwin-x86/obj/EXECUTABLES/afl-clang-fast_intermediates/afl-clang-fast)
clang: warning: argument unused during compilation: '-pie'
Install: out/host/darwin-x86/bin/afl-clang-fast
Import includes file: out/target/product/generic/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/import_includes
target thumb C: afl-llvm-rt <= android-afl/llvm_mode/afl-llvm-rt.o.c
/bin/bash: /usr/bin/clang-3.8: No such file or directory
make: *** [out/target/product/generic/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o] Error 127
\e[0;31m#### make failed to build some targets (11 seconds) ####\e[00m
Execute crash.c failed
Hi:
I've built my 6.0.1 AOSP and use "TEST_GCC_ARM=true mm -B" command built crash.c, but when I pushed crash to emulator and try to execute it, an error occurred, the error content is below:
WARNING: linker: ./crash has text relocations. This is wasting memory and prevents security hardening. Please fix.
[1] + Stopped (signal) ./crash
Can anyone tell me what's wrong with this? Thank you!
cp: 无法获取'out/target/product/generic_arm64/obj_arm/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o' 的文件状态(stat): 没有那个文件或目录
Hi, I have a problem when i compile the android-afl project.
===================================
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=6.0.1
TARGET_PRODUCT=aosp_arm64
TARGET_BUILD_VARIANT=eng
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm64
TARGET_ARCH_VARIANT=armv8-a
TARGET_CPU_VARIANT=generic
TARGET_2ND_ARCH=arm
TARGET_2ND_ARCH_VARIANT=armv7-a-neon
TARGET_2ND_CPU_VARIANT=cortex-a15
HOST_ARCH=x86_64
HOST_OS=linux
HOST_OS_EXTRA=Linux-4.8.0-36-generic-x86_64-with-Ubuntu-16.04-xenial
HOST_BUILD_TYPE=release
BUILD_ID=MMB29K
OUT_DIR=out
...
...
Export includes file: android-afl/Android.mk -- out/target/product/generic_arm64/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/export_includes
target Strip: afl-llvm-rt (out/target/product/generic_arm64/obj/lib/afl-llvm-rt.so)
Install: out/target/product/generic_arm64/system/lib64/afl-llvm-rt.so
cp: 无法获取'out/target/product/generic_arm64/obj_arm/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o' 的文件状态(stat): 没有那个文件或目录
build/core/base_rules.mk:559: recipe for target 'out/target/product/generic_arm64/system/lib64/afl-llvm-rt.so' failed
make: *** [out/target/product/generic_arm64/system/lib64/afl-llvm-rt.so] Error 1
make: *** Deleting file 'out/target/product/generic_arm64/system/lib64/afl-llvm-rt.so'
make: Leaving directory '/home/ppc/source'
make failed to build some targets (7 seconds)
How to fix it ,thanks!
android-ashmem.h:14:57: error: declaration of 'struct shmid_ds' will not be visible
mm -B won't build this for me.
[ 52% 62/117] target thumb C: afl-analyze <= android-afl/afl-analyze.c
FAILED: out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze.o
/bin/bash -c "PWD=/proc/self/cwd prebuilts/clang/host/linux-x86/clang-3688880/bin/clang -I android-afl -I out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates -I out/target/product/generic/gen/EXECUTABLES/afl-analyze_intermediates -I libnativehelper/include/nativehelper \$(cat out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I libnativehelper/include -I frameworks/native/include -I frameworks/native/opengl/include -isystem frameworks/av/include -isystem out/target/product/generic/obj/include -isystem bionic/libc/arch-arm/include -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm -isystem bionic/libc/kernel/android/uapi -c -fno-exceptions -Wno-multichar -ffunction-sections -fdata-sections -funwind-tables -fstack-protector-strong -Wa,--noexecstack -Werror=format-security -D_FORTIFY_SOURCE=2 -fno-short-enums -no-canonical-prefixes -DNDEBUG -g -Wstrict-aliasing=2 -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -DNDEBUG -UDEBUG -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-expansion-to-defined -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -nostdlibinc -msoft-float -march=armv7-a -mfloat-abi=softfp -mfpu=vfpv3-d16 -target arm-linux-androideabi -Bprebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9/arm-linux-androideabi/bin -std=gnu99 -mthumb -Os -fomit-frame-pointer -fno-strict-aliasing -O3 -funroll-loops -Wall -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fpie -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Werror -MD -MF out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze.d -o out/target/product/generic/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze.o android-afl/afl-analyze.c"
In file included from android-afl/afl-analyze.c:25:
android-afl/android-ashmem.h:14:57: error: declaration of 'struct shmid_ds' will not be visible outside of this function [-Werror,-Wvisibility]
static inline int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf)
^
1 error generated.
ninja: build stopped: subcommand failed.
make: *** [build/core/ninja.mk:85: ninja_wrapper] Error 1
make: Leaving directory '/home/user/projects/x/fuzz'
#### make failed to build some targets (8 seconds) ####
mm error on aosp_arm-eng.
on arm or x86, android-afl was successfully.
but when i build it for arm64, i got a lot of errors like this:
aosp-maker@ubuntu:~/SourceCode/aosp/android-afl$ mm
============================================
PLATFORM_VERSION_CODENAME=O
PLATFORM_VERSION=O
TARGET_PRODUCT=aosp_arm64
TARGET_BUILD_VARIANT=eng
TARGET_BUILD_TYPE=release
TARGET_ARCH=arm64
TARGET_ARCH_VARIANT=armv8-a
TARGET_CPU_VARIANT=generic
TARGET_2ND_ARCH=arm
TARGET_2ND_ARCH_VARIANT=armv7-a-neon
TARGET_2ND_CPU_VARIANT=cortex-a15
HOST_ARCH=x86_64
HOST_2ND_ARCH=x86
HOST_OS=linux
HOST_OS_EXTRA=Linux-4.8.0-36-generic-x86_64-Ubuntu-16.04.2-LTS
HOST_CROSS_OS=windows
HOST_CROSS_ARCH=x86
HOST_CROSS_2ND_ARCH=x86_64
HOST_BUILD_TYPE=release
BUILD_ID=NYC
OUT_DIR=out
============================================
ninja: no work to do.
[1/1] out/soong/.bootstrap/bin/soong_build out/soong/build.ninja
out/build-aosp_arm64-android-afl_Android.mk.ninja is missing, regenerating...
Generating afl-llvm-pass.so
[ 12% 797/6502] target C: afl-analyze <= android-afl/afl-analyze.c
FAILED: out/target/product/generic_arm64/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze.o
/bin/bash -c "PWD=/proc/self/cwd prebuilts/clang/host/linux-x86/clang-4053586/bin/clang -I android-afl -I out/target/product/generic_arm64/obj/EXECUTABLES/afl-analyze_intermediates -I out/target/product/generic_arm64/gen/EXECUTABLES/afl-analyze_intermediates -I libnativehelper/include_deprecated \$(cat out/target/product/generic_arm64/obj/EXECUTABLES/afl-analyze_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I libnativehelper/include -I frameworks/native/include -I frameworks/native/opengl/include -I frameworks/av/include -isystem out/target/product/generic_arm64/obj/include -isystem bionic/libc/arch-arm64/include -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm64 -isystem bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c -fno-exceptions -Wno-multichar -fno-strict-aliasing -fstack-protector-strong -ffunction-sections -fdata-sections -funwind-tables -Wa,--noexecstack -Werror=format-security -D_FORTIFY_SOURCE=2 -fno-short-enums -no-canonical-prefixes -Werror=pointer-to-int-cast -Werror=int-to-pointer-cast -Werror=implicit-function-declaration -DNDEBUG -O2 -g -Wstrict-aliasing=2 -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -DNDEBUG -UDEBUG -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-expansion-to-defined -fdebug-prefix-map=\$PWD/= -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -nostdlibinc -target aarch64-linux-android -Bprebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin -std=gnu99 -funroll-loops -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fPIE -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Werror -MD -MF out/target/product/generic_arm64/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze.d -o out/target/product/generic_arm64/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze.o android-afl/afl-analyze.c"
android-afl/afl-analyze.c:982:40: error: format specifies type 'unsigned long long *' but the argument has type 'u64 *' (aka 'unsigned long *') [-Werror,-Wformat]
if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 ||
~~~~ ^~~~~~~~~~
%lu
android-afl/afl-analyze.c:1051:8: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
mem_limit, exec_tmout, edges_only ? ", edges only" : "");
^~~~~~~~~
android-afl/debug.h:179:27: note: expanded from macro 'ACTF'
SAYF(cLBL "[*] " cRST x); \
^
android-afl/debug.h:166:41: note: expanded from macro 'SAYF'
# define SAYF(x...) fprintf(stderr, x)
^
2 errors generated.
[ 12% 800/6502] target C: afl-fuzz <= android-afl/afl-fuzz.c
FAILED: out/target/product/generic_arm64/obj/EXECUTABLES/afl-fuzz_intermediates/afl-fuzz.o
/bin/bash -c "PWD=/proc/self/cwd prebuilts/clang/host/linux-x86/clang-4053586/bin/clang -I android-afl -I out/target/product/generic_arm64/obj/EXECUTABLES/afl-fuzz_intermediates -I out/target/product/generic_arm64/gen/EXECUTABLES/afl-fuzz_intermediates -I libnativehelper/include_deprecated \$(cat out/target/product/generic_arm64/obj/EXECUTABLES/afl-fuzz_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I libnativehelper/include -I frameworks/native/include -I frameworks/native/opengl/include -I frameworks/av/include -isystem out/target/product/generic_arm64/obj/include -isystem bionic/libc/arch-arm64/include -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm64 -isystem bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c -fno-exceptions -Wno-multichar -fno-strict-aliasing -fstack-protector-strong -ffunction-sections -fdata-sections -funwind-tables -Wa,--noexecstack -Werror=format-security -D_FORTIFY_SOURCE=2 -fno-short-enums -no-canonical-prefixes -Werror=pointer-to-int-cast -Werror=int-to-pointer-cast -Werror=implicit-function-declaration -DNDEBUG -O2 -g -Wstrict-aliasing=2 -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -DNDEBUG -UDEBUG -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-expansion-to-defined -fdebug-prefix-map=\$PWD/= -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -nostdlibinc -target aarch64-linux-android -Bprebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin -std=gnu99 -funroll-loops -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fPIE -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Werror -MD -MF out/target/product/generic_arm64/obj/EXECUTABLES/afl-fuzz_intermediates/afl-fuzz.d -o out/target/product/generic_arm64/obj/EXECUTABLES/afl-fuzz_intermediates/afl-fuzz.o android-afl/afl-fuzz.c"
android-afl/afl-fuzz.c:561:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1, 10000, "%llu", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:567:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1000, 1000, "%lluk", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:576:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1000 * 1000, 1000, "%lluM", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:632:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1, 10000, "%llu B", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:638:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1024, 1000, "%llu kB", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:647:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1024 * 1024, 1000, "%llu MB", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:2199:34: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
DMS(mem_limit << 20), mem_limit - 1);
^~~~~~~~~~~~~
android-afl/debug.h:164:32: note: expanded from macro 'SAYF'
# define SAYF(x...) printf(x)
^
android-afl/afl-fuzz.c:2251:32: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
DMS(mem_limit << 20), mem_limit - 1);
^~~~~~~~~~~~~
android-afl/debug.h:164:32: note: expanded from macro 'SAYF'
# define SAYF(x...) printf(x)
^
android-afl/afl-fuzz.c:2729:36: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
q->len, q->bitmap_size, q->exec_us);
^~~~~~~~~~
android-afl/debug.h:164:32: note: expanded from macro 'SAYF'
# define SAYF(x...) printf(x)
^
android-afl/afl-fuzz.c:2826:38: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
DMS(mem_limit << 20), mem_limit - 1, doc_path);
^~~~~~~~~~~~~
android-afl/debug.h:164:32: note: expanded from macro 'SAYF'
# define SAYF(x...) printf(x)
^
android-afl/afl-fuzz.c:3214:25: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
unique_hangs, describe_op(0));
^~~~~~~~~~~~
android-afl/alloc-inl.h:36:34: note: expanded from macro 'alloc_printf'
s32 _len = snprintf(NULL, 0, _str); \
^~~~
android-afl/afl-fuzz.c:3214:25: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
unique_hangs, describe_op(0));
^~~~~~~~~~~~
android-afl/alloc-inl.h:39:37: note: expanded from macro 'alloc_printf'
snprintf((char*)_tmp, _len + 1, _str); \
^~~~
android-afl/afl-fuzz.c:3256:25: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
unique_crashes, kill_signal, describe_op(0));
^~~~~~~~~~~~~~
android-afl/alloc-inl.h:36:34: note: expanded from macro 'alloc_printf'
s32 _len = snprintf(NULL, 0, _str); \
^~~~
android-afl/afl-fuzz.c:3256:25: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
unique_crashes, kill_signal, describe_op(0));
^~~~~~~~~~~~~~
android-afl/alloc-inl.h:39:37: note: expanded from macro 'alloc_printf'
snprintf((char*)_tmp, _len + 1, _str); \
^~~~
android-afl/afl-fuzz.c:3424:14: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
start_time / 1000, get_cur_time() / 1000, getpid(),
^~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:3424:33: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
start_time / 1000, get_cur_time() / 1000, getpid(),
^~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:3425:14: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
queue_cycle ? (queue_cycle - 1) : 0, total_execs, eps,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:3425:51: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
queue_cycle ? (queue_cycle - 1) : 0, total_execs, eps,
^~~~~~~~~~~
android-afl/afl-fuzz.c:3428:54: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
queued_variable, stability, bitmap_cvg, unique_crashes,
^~~~~~~~~~~~~~
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
[ 12% 801/6502] target C: afl-showmap <= android-afl/afl-showmap.c
FAILED: out/target/product/generic_arm64/obj/EXECUTABLES/afl-showmap_intermediates/afl-showmap.o
/bin/bash -c "PWD=/proc/self/cwd prebuilts/clang/host/linux-x86/clang-4053586/bin/clang -I android-afl -I out/target/product/generic_arm64/obj/EXECUTABLES/afl-showmap_intermediates -I out/target/product/generic_arm64/gen/EXECUTABLES/afl-showmap_intermediates -I libnativehelper/include_deprecated \$(cat out/target/product/generic_arm64/obj/EXECUTABLES/afl-showmap_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I libnativehelper/include -I frameworks/native/include -I frameworks/native/opengl/include -I frameworks/av/include -isystem out/target/product/generic_arm64/obj/include -isystem bionic/libc/arch-arm64/include -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm64 -isystem bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c -fno-exceptions -Wno-multichar -fno-strict-aliasing -fstack-protector-strong -ffunction-sections -fdata-sections -funwind-tables -Wa,--noexecstack -Werror=format-security -D_FORTIFY_SOURCE=2 -fno-short-enums -no-canonical-prefixes -Werror=pointer-to-int-cast -Werror=int-to-pointer-cast -Werror=implicit-function-declaration -DNDEBUG -O2 -g -Wstrict-aliasing=2 -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -DNDEBUG -UDEBUG -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-expansion-to-defined -fdebug-prefix-map=\$PWD/= -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -nostdlibinc -target aarch64-linux-android -Bprebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin -std=gnu99 -funroll-loops -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fPIE -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Werror -MD -MF out/target/product/generic_arm64/obj/EXECUTABLES/afl-showmap_intermediates/afl-showmap.d -o out/target/product/generic_arm64/obj/EXECUTABLES/afl-showmap_intermediates/afl-showmap.o android-afl/afl-showmap.c"
android-afl/afl-showmap.c:651:40: error: format specifies type 'unsigned long long *' but the argument has type 'u64 *' (aka 'unsigned long *') [-Werror,-Wformat]
if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 ||
~~~~ ^~~~~~~~~~
%lu
1 error generated.
[ 12% 802/6502] target C: afl-gotcpu <= android-afl/afl-gotcpu.c
ninja: build stopped: subcommand failed.
03:01:03 ninja failed with: exit status 1
#### failed to build some targets (31 seconds) ####
can't compile: afl-llvm-pass.so: No such file or directory
Hi,
I'm having issues trying to compile it with Android 7.0 source. The AOSP itself compiles fine. I have llvm-3.8 and clang-3.8 installed. It also doesn't seem to matter which target I choose using the 'lunch' command.
I'm getting the following error:
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=7.0
TARGET_PRODUCT=aosp_arm64
TARGET_BUILD_VARIANT=eng
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm64
TARGET_ARCH_VARIANT=armv8-a
TARGET_CPU_VARIANT=generic
TARGET_2ND_ARCH=arm
TARGET_2ND_ARCH_VARIANT=armv7-a-neon
TARGET_2ND_CPU_VARIANT=cortex-a15
HOST_ARCH=x86_64
HOST_2ND_ARCH=x86
HOST_OS=linux
HOST_OS_EXTRA=Linux-4.7.2-hardened-x86_64-Intel-R-_Core-TM-i7-5600U_CPU@_2.60GHz-with-gentoo-2.2
HOST_CROSS_OS=windows
HOST_CROSS_ARCH=x86
HOST_CROSS_2ND_ARCH=x86_64
HOST_BUILD_TYPE=release
BUILD_ID=NRD90S
OUT_DIR=out
Generating afl-llvm-pass.so
/usr/bin/x86_64-pc-linux-gnu-ld: cannot open output file out/host/linux-x86/afl/afl-llvm-pass.so: No such file or directory
x86_64-pc-linux-gnu-clang-3.8: error: linker command failed with exit code 1 (use -v to see invocation)
Starting build with ninja
ninja: Entering directory `.'
ninja: error: 'out/host/linux-x86/obj/SHARED_LIBRARIES/libc++_intermediates/export_includes', needed by 'out/host/linux-x86/obj/EXECUTABLES/afl-gcc_intermediates/import_includes', missing and no known rule to make it
build/core/ninja.mk:148: recipe for target 'ninja_wrapper' failed
make: *** [ninja_wrapper] Error 1
make failed to build some targets (21 seconds)
This is what it's trying to execute:
clang++-3.8 llvm-config --cxxflags -fno-rtti -fpic -O3 -funroll-loops -Wall -g -Wno-variadic-macros -Wno-unknown-warning-option -shared android-afl/llvm_mode/afl-llvm-pass.so.cc -o out/host/linux-x86/afl/afl-llvm-pass.so llvm-config --ldflags
I could get the afl-llvm-pass.so to build by amending the paths and running the following manually from inside the android-afl folder:
clang++-3.8 llvm-config --cxxflags -fno-rtti -fpic -O3 -funroll-loops -Wall -g -Wno-variadic-macros -Wno-unknown-warning-option -shared llvm_mode/afl-llvm-pass.so.cc -o ../out/host/linux-x86/afl/afl-llvm-pass.so llvm-config --ldflags
Nevertheless, it fails next with this:
Starting build with ninja
ninja: Entering directory `.'
ninja: error: 'out/host/linux-x86/obj/SHARED_LIBRARIES/libc++_intermediates/export_includes', needed by 'out/host/linux-x86/obj/EXECUTABLES/afl-gcc_intermediates/import_includes', missing and no known rule to make it
build/core/ninja.mk:148: recipe for target 'ninja_wrapper' failed
make: *** [ninja_wrapper] Error 1
As a side note, on gentoo there's no 'llvm-config-3.8' so I've amended the Android.mk accordingly:
LLVM_CONFIG := llvm-config
Any help will be appreciated.
Thanks,
radegand
llvm and a lot of errot
Hi there!
I'am facing a problem when i try to mm the afl-fuzzer. Of Course I've made everything according to BUILD section. Look at this!
============================================
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=10
TARGET_PRODUCT=aosp_marlin
TARGET_BUILD_VARIANT=eng
TARGET_BUILD_TYPE=release
TARGET_ARCH=arm64
TARGET_ARCH_VARIANT=armv8-a
TARGET_CPU_VARIANT=kryo
TARGET_2ND_ARCH=arm
TARGET_2ND_ARCH_VARIANT=armv8-a
TARGET_2ND_CPU_VARIANT=kryo
HOST_ARCH=x86_64
HOST_2ND_ARCH=x86
HOST_OS=linux
HOST_OS_EXTRA=Linux-5.4.0-42-generic-x86_64-Ubuntu-18.04.5-LTS
HOST_CROSS_OS=windows
HOST_CROSS_ARCH=x86
HOST_CROSS_2ND_ARCH=x86_64
HOST_BUILD_TYPE=release
BUILD_ID=QQ3A.200805.001
OUT_DIR=out
PRODUCT_SOONG_NAMESPACES=device/google/marlin vendor/google/camera hardware/google/pixel
============================================
12:19:29 Disallowed PATH tool "llvm-config" used: []string{"llvm-config", "--cxxflags"}
12:19:29 See https://android.googlesource.com/platform/build/+/master/Changes.md#PATH_Tools for more information.
12:19:29 Disallowed PATH tool "llvm-config" used: []string{"llvm-config", "--ldflags"}
12:19:29 See https://android.googlesource.com/platform/build/+/master/Changes.md#PATH_Tools for more information.
[ 15% 8/51] target C: afl-llvm-rt <= android-afl/llvm_mode/afl-llvm-rt.o.c
FAILED: out/target/product/marlin/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o
/bin/bash -c "PWD=/proc/self/cwd /usr/bin/clang -I android-afl -I out/target/product/marlin/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates -I out/target/product/marlin/gen/SHARED_LIBRARIES/afl-llvm-rt_intermediates -I libnativehelper/include_jni \$(cat out/target/product/marlin/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I frameworks/native/include -I frameworks/native/opengl/include -I frameworks/av/include -isystem out/target/product/marlin/obj/include -isystem device/google/marlin/kernel-headers -isystem hardware/qcom/msm8996/kernel-headers -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm64 -isystem bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c -Werror=implicit-function-declaration -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -no-canonical-prefixes -DNDEBUG -UDEBUG -fno-exceptions -Wno-multichar -O2 -g -fno-strict-aliasing -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -faddrsig -Wimplicit-fallthrough -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-zero-as-null-pointer-constant -Wno-sign-compare -Wno-defaulted-function-deleted -Wno-inconsistent-missing-override -ffunction-sections -fdata-sections -fno-short-enums -funwind-tables -fstack-protector-strong -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -Wstrict-aliasing=2 -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -Werror=format-security -nostdlibinc -march=armv8-a -mcpu=kryo -target aarch64-linux-android -Bprebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin -std=gnu99 -Wall -Werror -O3 -funroll-loops -Wall -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fPIC -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Wno-tautological-constant-compare -Wno-tautological-type-limit-compare -Wno-tautological-unsigned-enum-zero-compare -Wno-tautological-unsigned-zero-compare -Wno-c++98-compat-extra-semi -Wno-return-std-move-in-c++11 -MD -MF out/target/product/marlin/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.d -o out/target/product/marlin/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o android-afl/llvm_mode/afl-llvm-rt.o.c"
clang: error: unknown argument: '-faddrsig'
[ 19% 10/51] target thumb C: afl-llvm-rt_32 <= android-afl/llvm_mode/afl-llvm-rt.o.c
FAILED: out/target/product/marlin/obj_arm/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o
/bin/bash -c "PWD=/proc/self/cwd /usr/bin/clang -I android-afl -I out/target/product/marlin/obj_arm/SHARED_LIBRARIES/afl-llvm-rt_intermediates -I out/target/product/marlin/gen/SHARED_LIBRARIES/afl-llvm-rt_intermediates -I libnativehelper/include_jni \$(cat out/target/product/marlin/obj_arm/SHARED_LIBRARIES/afl-llvm-rt_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I frameworks/native/include -I frameworks/native/opengl/include -I frameworks/av/include -isystem out/target/product/marlin/obj/include -isystem device/google/marlin/kernel-headers -isystem hardware/qcom/msm8996/kernel-headers -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm -isystem bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c -fomit-frame-pointer -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -no-canonical-prefixes -DNDEBUG -UDEBUG -fno-exceptions -Wno-multichar -O2 -g -fno-strict-aliasing -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -faddrsig -Wimplicit-fallthrough -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-zero-as-null-pointer-constant -Wno-sign-compare -Wno-defaulted-function-deleted -Wno-inconsistent-missing-override -ffunction-sections -fdata-sections -fno-short-enums -funwind-tables -fstack-protector-strong -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -Wstrict-aliasing=2 -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -Werror=format-security -nostdlibinc -msoft-float -march=armv8-a -mfloat-abi=softfp -mfpu=neon-fp-armv8 -mcpu=cortex-a53 -mfpu=neon-fp-armv8 -D__ARM_FEATURE_LPAE=1 -target armv7a-linux-androideabi -Bprebuilts/gcc/linux-x86/arm/arm-linux-androideabi-4.9/arm-linux-androideabi/bin -std=gnu99 -mthumb -Os -Wall -Werror -O3 -funroll-loops -Wall -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fPIC -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Wno-tautological-constant-compare -Wno-tautological-type-limit-compare -Wno-tautological-unsigned-enum-zero-compare -Wno-tautological-unsigned-zero-compare -Wno-c++98-compat-extra-semi -Wno-return-std-move-in-c++11 -MD -MF out/target/product/marlin/obj_arm/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.d -o out/target/product/marlin/obj_arm/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o android-afl/llvm_mode/afl-llvm-rt.o.c"
clang: error: unknown argument: '-faddrsig'
[ 21% 11/51] target C: afl-analyze <= android-afl/afl-analyze.c
FAILED: out/target/product/marlin/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze.o
/bin/bash -c "PWD=/proc/self/cwd prebuilts/clang/host/linux-x86/clang-r353983c1/bin/clang -I android-afl -I out/target/product/marlin/obj/EXECUTABLES/afl-analyze_intermediates -I out/target/product/marlin/gen/EXECUTABLES/afl-analyze_intermediates -I libnativehelper/include_jni \$(cat out/target/product/marlin/obj/EXECUTABLES/afl-analyze_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I frameworks/native/include -I frameworks/native/opengl/include -I frameworks/av/include -isystem out/target/product/marlin/obj/include -isystem device/google/marlin/kernel-headers -isystem hardware/qcom/msm8996/kernel-headers -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm64 -isystem bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c -Werror=implicit-function-declaration -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -no-canonical-prefixes -DNDEBUG -UDEBUG -fno-exceptions -Wno-multichar -O2 -g -fno-strict-aliasing -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -faddrsig -Wimplicit-fallthrough -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-zero-as-null-pointer-constant -Wno-sign-compare -Wno-defaulted-function-deleted -Wno-inconsistent-missing-override -ffunction-sections -fdata-sections -fno-short-enums -funwind-tables -fstack-protector-strong -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -Wstrict-aliasing=2 -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -Werror=format-security -nostdlibinc -march=armv8-a -mcpu=kryo -target aarch64-linux-android -Bprebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin -std=gnu99 -Wall -Werror -O3 -funroll-loops -Wall -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fPIE -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Wno-tautological-constant-compare -Wno-tautological-type-limit-compare -Wno-tautological-unsigned-enum-zero-compare -Wno-tautological-unsigned-zero-compare -Wno-c++98-compat-extra-semi -Wno-return-std-move-in-c++11 -MD -MF out/target/product/marlin/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze.d -o out/target/product/marlin/obj/EXECUTABLES/afl-analyze_intermediates/afl-analyze.o android-afl/afl-analyze.c"
android-afl/afl-analyze.c:982:40: error: format specifies type 'unsigned long long *' but the argument has type 'u64 *' (aka 'unsigned long *') [-Werror,-Wformat]
if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 ||
~~~~ ^~~~~~~~~~
%lu
android-afl/afl-analyze.c:1051:8: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
mem_limit, exec_tmout, edges_only ? ", edges only" : "");
^~~~~~~~~
android-afl/debug.h:179:27: note: expanded from macro 'ACTF'
SAYF(cLBL "[*] " cRST x); \
^
android-afl/debug.h:166:41: note: expanded from macro 'SAYF'
# define SAYF(x...) fprintf(stderr, x)
^
2 errors generated.
[ 23% 12/51] target C: afl-showmap <= android-afl/afl-showmap.c
FAILED: out/target/product/marlin/obj/EXECUTABLES/afl-showmap_intermediates/afl-showmap.o
/bin/bash -c "PWD=/proc/self/cwd prebuilts/clang/host/linux-x86/clang-r353983c1/bin/clang -I android-afl -I out/target/product/marlin/obj/EXECUTABLES/afl-showmap_intermediates -I out/target/product/marlin/gen/EXECUTABLES/afl-showmap_intermediates -I libnativehelper/include_jni \$(cat out/target/product/marlin/obj/EXECUTABLES/afl-showmap_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I frameworks/native/include -I frameworks/native/opengl/include -I frameworks/av/include -isystem out/target/product/marlin/obj/include -isystem device/google/marlin/kernel-headers -isystem hardware/qcom/msm8996/kernel-headers -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm64 -isystem bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c -Werror=implicit-function-declaration -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -no-canonical-prefixes -DNDEBUG -UDEBUG -fno-exceptions -Wno-multichar -O2 -g -fno-strict-aliasing -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -faddrsig -Wimplicit-fallthrough -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-zero-as-null-pointer-constant -Wno-sign-compare -Wno-defaulted-function-deleted -Wno-inconsistent-missing-override -ffunction-sections -fdata-sections -fno-short-enums -funwind-tables -fstack-protector-strong -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -Wstrict-aliasing=2 -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -Werror=format-security -nostdlibinc -march=armv8-a -mcpu=kryo -target aarch64-linux-android -Bprebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin -std=gnu99 -Wall -Werror -O3 -funroll-loops -Wall -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fPIE -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Wno-tautological-constant-compare -Wno-tautological-type-limit-compare -Wno-tautological-unsigned-enum-zero-compare -Wno-tautological-unsigned-zero-compare -Wno-c++98-compat-extra-semi -Wno-return-std-move-in-c++11 -MD -MF out/target/product/marlin/obj/EXECUTABLES/afl-showmap_intermediates/afl-showmap.d -o out/target/product/marlin/obj/EXECUTABLES/afl-showmap_intermediates/afl-showmap.o android-afl/afl-showmap.c"
android-afl/afl-showmap.c:178:39: error: 'open' has superfluous mode bits; missing O_CREAT? [-Werror,-Wuser-defined-warnings]
fd = open(out_file, O_WRONLY, 0600);
^
bionic/libc/include/bits/fortify/fcntl.h:69:9: note: from 'diagnose_if' attribute on 'open':
__clang_warning_if(!__open_modes_useful(flags) && modes,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bionic/libc/include/sys/cdefs.h:134:54: note: expanded from macro '__clang_warning_if'
#define __clang_warning_if(cond, msg) __attribute__((diagnose_if(cond, msg, "warning")))
^ ~~~~
android-afl/afl-showmap.c:651:40: error: format specifies type 'unsigned long long *' but the argument has type 'u64 *' (aka 'unsigned long *') [-Werror,-Wformat]
if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 ||
~~~~ ^~~~~~~~~~
%lu
2 errors generated.
[ 25% 13/51] target C: afl-tmin <= android-afl/afl-tmin.c
FAILED: out/target/product/marlin/obj/EXECUTABLES/afl-tmin_intermediates/afl-tmin.o
/bin/bash -c "PWD=/proc/self/cwd prebuilts/clang/host/linux-x86/clang-r353983c1/bin/clang -I android-afl -I out/target/product/marlin/obj/EXECUTABLES/afl-tmin_intermediates -I out/target/product/marlin/gen/EXECUTABLES/afl-tmin_intermediates -I libnativehelper/include_jni \$(cat out/target/product/marlin/obj/EXECUTABLES/afl-tmin_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I frameworks/native/include -I frameworks/native/opengl/include -I frameworks/av/include -isystem out/target/product/marlin/obj/include -isystem device/google/marlin/kernel-headers -isystem hardware/qcom/msm8996/kernel-headers -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm64 -isystem bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c -Werror=implicit-function-declaration -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -no-canonical-prefixes -DNDEBUG -UDEBUG -fno-exceptions -Wno-multichar -O2 -g -fno-strict-aliasing -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -faddrsig -Wimplicit-fallthrough -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-zero-as-null-pointer-constant -Wno-sign-compare -Wno-defaulted-function-deleted -Wno-inconsistent-missing-override -ffunction-sections -fdata-sections -fno-short-enums -funwind-tables -fstack-protector-strong -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -Wstrict-aliasing=2 -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -Werror=format-security -nostdlibinc -march=armv8-a -mcpu=kryo -target aarch64-linux-android -Bprebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin -std=gnu99 -Wall -Werror -O3 -funroll-loops -Wall -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fPIE -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Wno-tautological-constant-compare -Wno-tautological-type-limit-compare -Wno-tautological-unsigned-enum-zero-compare -Wno-tautological-unsigned-zero-compare -Wno-c++98-compat-extra-semi -Wno-return-std-move-in-c++11 -MD -MF out/target/product/marlin/obj/EXECUTABLES/afl-tmin_intermediates/afl-tmin.d -o out/target/product/marlin/obj/EXECUTABLES/afl-tmin_intermediates/afl-tmin.o android-afl/afl-tmin.c"
android-afl/afl-tmin.c:1025:40: error: format specifies type 'unsigned long long *' but the argument has type 'u64 *' (aka 'unsigned long *') [-Werror,-Wformat]
if (sscanf(optarg, "%llu%c", &mem_limit, &suffix) < 1 ||
~~~~ ^~~~~~~~~~
%lu
android-afl/afl-tmin.c:1116:8: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
mem_limit, exec_tmout, edges_only ? ", edges only" : "");
^~~~~~~~~
android-afl/debug.h:179:27: note: expanded from macro 'ACTF'
SAYF(cLBL "[*] " cRST x); \
^
android-afl/debug.h:166:41: note: expanded from macro 'SAYF'
# define SAYF(x...) fprintf(stderr, x)
^
2 errors generated.
[ 27% 14/51] target C: afl-fuzz <= android-afl/afl-fuzz.c
FAILED: out/target/product/marlin/obj/EXECUTABLES/afl-fuzz_intermediates/afl-fuzz.o
/bin/bash -c "PWD=/proc/self/cwd prebuilts/clang/host/linux-x86/clang-r353983c1/bin/clang -I android-afl -I out/target/product/marlin/obj/EXECUTABLES/afl-fuzz_intermediates -I out/target/product/marlin/gen/EXECUTABLES/afl-fuzz_intermediates -I libnativehelper/include_jni \$(cat out/target/product/marlin/obj/EXECUTABLES/afl-fuzz_intermediates/import_includes) -I system/core/include -I system/media/audio/include -I hardware/libhardware/include -I hardware/libhardware_legacy/include -I hardware/ril/include -I frameworks/native/include -I frameworks/native/opengl/include -I frameworks/av/include -isystem out/target/product/marlin/obj/include -isystem device/google/marlin/kernel-headers -isystem hardware/qcom/msm8996/kernel-headers -isystem bionic/libc/include -isystem bionic/libc/kernel/uapi -isystem bionic/libc/kernel/uapi/asm-arm64 -isystem bionic/libc/kernel/android/scsi -isystem bionic/libc/kernel/android/uapi -c -Werror=implicit-function-declaration -DANDROID -fmessage-length=0 -W -Wall -Wno-unused -Winit-self -Wpointer-arith -no-canonical-prefixes -DNDEBUG -UDEBUG -fno-exceptions -Wno-multichar -O2 -g -fno-strict-aliasing -fdebug-prefix-map=/proc/self/cwd= -D__compiler_offsetof=__builtin_offsetof -faddrsig -Wimplicit-fallthrough -Werror=int-conversion -Wno-reserved-id-macro -Wno-format-pedantic -Wno-unused-command-line-argument -fcolor-diagnostics -Wno-zero-as-null-pointer-constant -Wno-sign-compare -Wno-defaulted-function-deleted -Wno-inconsistent-missing-override -ffunction-sections -fdata-sections -fno-short-enums -funwind-tables -fstack-protector-strong -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -Wstrict-aliasing=2 -Werror=return-type -Werror=non-virtual-dtor -Werror=address -Werror=sequence-point -Werror=date-time -Werror=format-security -nostdlibinc -march=armv8-a -mcpu=kryo -target aarch64-linux-android -Bprebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/aarch64-linux-android/bin -std=gnu99 -Wall -Werror -O3 -funroll-loops -Wall -g -Wno-pointer-sign -Wno-pointer-arith -Wno-sign-compare -Wno-unused-parameter -DAFL_PATH=\\\"out/host/linux-x86/afl\\\" -DDOC_PATH=\\\"out/host/linux-x86/share/doc/afl\\\" -DBIN_PATH=\\\"out/host/linux-x86/bin\\\" -fPIE -D_USING_LIBCXX -DANDROID_STRICT -Werror=int-to-pointer-cast -Werror=pointer-to-int-cast -Werror=address-of-temporary -Werror=return-type -Wno-tautological-constant-compare -Wno-tautological-type-limit-compare -Wno-tautological-unsigned-enum-zero-compare -Wno-tautological-unsigned-zero-compare -Wno-c++98-compat-extra-semi -Wno-return-std-move-in-c++11 -MD -MF out/target/product/marlin/obj/EXECUTABLES/afl-fuzz_intermediates/afl-fuzz.d -o out/target/product/marlin/obj/EXECUTABLES/afl-fuzz_intermediates/afl-fuzz.o android-afl/afl-fuzz.c"
android-afl/afl-fuzz.c:561:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1, 10000, "%llu", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:567:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1000, 1000, "%lluk", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:576:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1000 * 1000, 1000, "%lluM", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:632:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1, 10000, "%llu B", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:638:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1024, 1000, "%llu kB", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:647:3: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
CHK_FORMAT(1024 * 1024, 1000, "%llu MB", u64);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
%lu
android-afl/afl-fuzz.c:555:31: note: expanded from macro 'CHK_FORMAT'
sprintf(tmp[cur], _fmt, ((_cast)val) / (_divisor)); \
~~~~ ^~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:1920:33: error: 'open' has superfluous mode bits; missing O_CREAT? [-Werror,-Wuser-defined-warnings]
fd = open(fn, O_RDONLY, 0600);
^
bionic/libc/include/bits/fortify/fcntl.h:69:9: note: from 'diagnose_if' attribute on 'open':
__clang_warning_if(!__open_modes_useful(flags) && modes,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bionic/libc/include/sys/cdefs.h:134:54: note: expanded from macro '__clang_warning_if'
#define __clang_warning_if(cond, msg) __attribute__((diagnose_if(cond, msg, "warning")))
^ ~~~~
android-afl/afl-fuzz.c:2199:34: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
DMS(mem_limit << 20), mem_limit - 1);
^~~~~~~~~~~~~
android-afl/debug.h:164:32: note: expanded from macro 'SAYF'
# define SAYF(x...) printf(x)
^
android-afl/afl-fuzz.c:2251:32: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
DMS(mem_limit << 20), mem_limit - 1);
^~~~~~~~~~~~~
android-afl/debug.h:164:32: note: expanded from macro 'SAYF'
# define SAYF(x...) printf(x)
^
android-afl/afl-fuzz.c:2729:36: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
q->len, q->bitmap_size, q->exec_us);
^~~~~~~~~~
android-afl/debug.h:164:32: note: expanded from macro 'SAYF'
# define SAYF(x...) printf(x)
^
android-afl/afl-fuzz.c:2826:38: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
DMS(mem_limit << 20), mem_limit - 1, doc_path);
^~~~~~~~~~~~~
android-afl/debug.h:164:32: note: expanded from macro 'SAYF'
# define SAYF(x...) printf(x)
^
android-afl/afl-fuzz.c:3214:25: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
unique_hangs, describe_op(0));
^~~~~~~~~~~~
android-afl/alloc-inl.h:36:34: note: expanded from macro 'alloc_printf'
s32 _len = snprintf(NULL, 0, _str); \
^~~~
android-afl/afl-fuzz.c:3214:25: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
unique_hangs, describe_op(0));
^~~~~~~~~~~~
android-afl/alloc-inl.h:39:37: note: expanded from macro 'alloc_printf'
snprintf((char*)_tmp, _len + 1, _str); \
^~~~
android-afl/afl-fuzz.c:3256:25: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
unique_crashes, kill_signal, describe_op(0));
^~~~~~~~~~~~~~
android-afl/alloc-inl.h:36:34: note: expanded from macro 'alloc_printf'
s32 _len = snprintf(NULL, 0, _str); \
^~~~
android-afl/afl-fuzz.c:3256:25: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
unique_crashes, kill_signal, describe_op(0));
^~~~~~~~~~~~~~
android-afl/alloc-inl.h:39:37: note: expanded from macro 'alloc_printf'
snprintf((char*)_tmp, _len + 1, _str); \
^~~~
android-afl/afl-fuzz.c:3424:14: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
start_time / 1000, get_cur_time() / 1000, getpid(),
^~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:3424:33: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
start_time / 1000, get_cur_time() / 1000, getpid(),
^~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:3425:14: error: format specifies type 'unsigned long long' but the argument has type 'unsigned long' [-Werror,-Wformat]
queue_cycle ? (queue_cycle - 1) : 0, total_execs, eps,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
android-afl/afl-fuzz.c:3425:51: error: format specifies type 'unsigned long long' but the argument has type 'u64' (aka 'unsigned long') [-Werror,-Wformat]
queue_cycle ? (queue_cycle - 1) : 0, total_execs, eps,
^~~~~~~~~~~
fatal error: too many errors emitted, stopping now [-ferror-limit=]
20 errors generated.
12:19:33 ninja failed with: exit status 1
#### failed to build some targets (5 seconds) ####
Qemu Error
/usr/bin/ld: qga/commands-posix.o: in function dev_major_minor': /home/kali/AOSP/android-afl/qemu_mode/qemu-2.3.0/qga/commands-posix.c:633: undefined reference to major'
/usr/bin/ld: /home/kali/AOSP/android-afl/qemu_mode/qemu-2.3.0/qga/commands-posix.c:634: undefined reference to minor' /usr/bin/ld: /home/kali/AOSP/android-afl/qemu_mode/qemu-2.3.0/qga/commands-posix.c:633: undefined reference to major'
/usr/bin/ld: /home/kali/AOSP/android-afl/qemu_mode/qemu-2.3.0/qga/commands-posix.c:634: undefined reference to `minor'
collect2: error: ld returned 1 exit status
make: *** [Makefile:288: qemu-ga] Error 1
Installing Qemu_mode
└─$ ./build_qemu_support.sh
[*] Performing basic sanity checks...
[-] Error: 'libtool' not found, please install first.
Kindly provide instruction for this error or take your AFL code from Github
Furthermore, What is meant by Android Fuzzing?
What is input and output (Apk, ISO)
is the ASAN enabled?
Hi,
I want to use afl with asan, how should i enable asan? And is the ASAN enabled in android-afl?
afl-llvm-rt.o file arm version
/out/host/linux-x86/afl directory doesn't contain afl-llvm-rt.o of arm version,and the bin build with this afl-llvm-rt.o doesn't work fine at android
cp: cannot stat 'out/target/product/bxtp_abl/obj_x86/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o':
hi
when i build it on android m , x86 arch, i found a strange way that could fix this compiled error, but it's ugly.
when i built using (1), the error is:
cp: cannot stat 'out/target/product/bxtp_abl/obj_x86/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o': No such file or directory
Then I built it using (2), success.
when i built it using (2), the error is:
cp: cannot stat 'out/target/product/bxtp_abl/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o': No such file or directory
Then I built using (1), also success.
i don't know why. And out/target/product/bxtp_abl/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o is different from out/target/product/bxtp_abl/obj_x86/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.
Is anyone know why and how to fix this problem?
Android.mk
when i build it on android m , x86 arch, i found a strange way that could fix this compiled error, but it's ugly.
when i built using (1), the error is:
cp: cannot stat 'out/target/product/bxtp_abl/obj_x86/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o': No such file or directory
Then I built it using (2), success.
when i built it using (2), the error is:
cp: cannot stat 'out/target/product/bxtp_abl/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o': No such file or directory
Then I built using (1), also success.
i don't know why. And out/target/product/bxtp_abl/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o is different from out/target/product/bxtp_abl/obj_x86/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.
Is anyone know why and how to fix this problem?
#Android.mk
152 ################################afl-llvm-rt#################################
153
- 154 BUILD_OPTION_ONE=true
- 155 #cp: cannot stat 'out/target/product/bxtp_abl/obj_x86/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o': No such file or directory
- 156 # switch (1)->(2) or (2)->(1), then success, don't knowe why
- 157 #
- 158 ifeq ($(BUILD_OPTION_ONE), true)
- 159 #########(1)-start########
160 include $(CLEAR_VARS)
161
162 LOCAL_SRC_FILES := llvm_mode/afl-llvm-rt.o.c
163 LOCAL_CLANG := true
164 LOCAL_MULTILIB := both
165 LOCAL_CC := /usr/bin/clang-3.8
166 LOCAL_CFLAGS := $(common_CFLAGS)
167 LOCAL_MODULE := afl-llvm-rt
168 ifeq ($(TARGET_2ND_ARCH),)
169 LOCAL_POST_INSTALL_CMD :=$(hide) cp -f $ (TARGET_OUT_INTERMEDIATES)/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o $(HELPER_PATH)/afl-llvm-rt.o;
170 else
171 LOCAL_POST_INSTALL_CMD :=$(hide) cp -f $ (TARGET_OUT_INTERMEDIATES)/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o $(HELPER_PATH)/afl-llvm-rt-64.o;
172 cp -f$(TARGET_OUT_INTERMEDIATES)_$ (TARGET_2ND_ARCH)/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o $(HELPER_PA TH)/afl-llvm-rt.o;
173 endif
174 include $(BUILD_SHARED_LIBRARY)
175 - 176 #######(1)-end#############
- 177 else
- 178 #######(2)-start############
- 179 include $(CLEAR_VARS)
- 180
- 181 LOCAL_SRC_FILES := llvm_mode/afl-llvm-rt.o.c
- 182 LOCAL_CLANG := true
- 183 LOCAL_MULTILIB := 32
- 184 LOCAL_CC := /usr/bin/clang-3.8
- 185 LOCAL_CFLAGS := $(common_CFLAGS)
- 186 LOCAL_MODULE := afl-llvm-rt
- 187 LOCAL_POST_INSTALL_CMD :=
$(hide) cp -f $ (TARGET_OUT_INTERMEDIATES)/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o $(HELPER_PATH)/afl-llvm-rt-64.o; - 188 include $(BUILD_SHARED_LIBRARY)
- 189
- 190 include $(CLEAR_VARS)
- 191
- 192 LOCAL_SRC_FILES := llvm_mode/afl-llvm-rt.o.c
- 193 LOCAL_CLANG := true
- 194 LOCAL_MULTILIB := 64
- 195 LOCAL_CC := /usr/bin/clang-3.8
- 196 LOCAL_CFLAGS := $(common_CFLAGS)
- 197 LOCAL_MODULE := afl-llvm-rt
- 198 LOCAL_POST_INSTALL_CMD :=
$(hide) cp -f $ (TARGET_OUT_INTERMEDIATES)_$(TARGET_2ND_ARCH)/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mo de/afl-llvm-rt.o.o $(HELPER_PATH)/afl-llvm-rt.o; - 199 include $(BUILD_SHARED_LIBRARY)
- 200 endif
- 201 ########(2)-end###############
- 202
compiled error:crash.o(.text+0x146): error: undefined reference to 'shmat'
hi
I want to build android-test on android6.0, x86 arch.
When I build android-test/, I got an error:
target Executable: crash (out/target/product/bxtp_abl/obj/EXECUTABLES/crash_intermediates/LINKED/crash)
out/target/product/bxtp_abl/obj/EXECUTABLES/crash_intermediates/crash.o(.text+0x146): error: undefined reference to 'shmat'
collect2: error: ld returned 1 exit status
build/core/executable_internal.mk:79: recipe for target 'out/target/product/bxtp_abl/obj/EXECUTABLES/crash_intermediates/LINKED/crash' failed
make: *** [out/target/product/bxtp_abl/obj/EXECUTABLES/crash_intermediates/LINKED/crash] Error 1
Do you have any idea?
Oops, failed to execute '/usr/local/bin/afl-gcc'
Hi ele7enxxh,
Could you give a help as i met blow issue when build android 7.0 modules by afl-gcc and afl-clang-fast:
[!] WARNING: -B is already set, overriding
/usr/local/bin/afl-gcc afl-test-module.c -o 1.out -g -O3 -funroll-loops -D__AFL_COMPILER=1 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1
[-] PROGRAM ABORT : Oops, failed to execute '/usr/local/bin/afl-gcc' - check your PATH
Location : main(), afl-gcc.c:359
Thank you.
how to fuzz a shared library, like libstagefright.so, with android-afl
how to fuzz libstagefright.so?
compile libstagefright.so and program with afl-gcc, dlopen it and call some function using its symbol in the program?
shm.h not found
Hi,
first of all, I wanna tell you that this is an amazing project! 😄
I read your post here and I could compile libstagefright successfully, but now I'm trying to compile android-afl and the compilation process emit the following error
In file included from android-afl/afl-analyze.c:25:
android-afl/android-ashmem.h:16:11: fatal error: 'sys/shm.h' file not found
#include <sys/shm.h>
^
1 error generated.
I tryed to add manually the include path for gcc in Android.mk, but another errors were raised.
Conflict between llvm internal function and afl-llvm-pass
Hi,
I have a compilation issue, an llvm function seems overridden with a different return type :
$ mm -B
============================================
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=4.4.2
TARGET_PRODUCT=full
TARGET_BUILD_VARIANT=eng
TARGET_BUILD_TYPE=release
TARGET_BUILD_APPS=
TARGET_ARCH=arm
TARGET_ARCH_VARIANT=armv7-a
TARGET_CPU_VARIANT=generic
HOST_ARCH=x86
HOST_OS=linux
HOST_OS_EXTRA=Linux-4.4.0-x86_64-Intel-R-_Core-TM-_i7-4600U_CPU_@_2.10GHz-with-slackware-14.2
HOST_BUILD_TYPE=release
BUILD_ID=KOT49H
OUT_DIR=out
============================================
Generating afl-llvm-pass.so
android-afl/llvm_mode/afl-llvm-pass.so.cc:52:19: error: virtual function 'getPassName' has a different return type ('const char *') than the function it overrides (which has return type 'llvm::StringRef')
const char *getPassName() const override {
~~~~~~^
/usr/include/llvm/Pass.h:100:21: note: overridden virtual function is here
virtual StringRef getPassName() const;
~~~~~~~~~ ^
1 error generated.
make: Entering directory `/opt/android-source/androsource'
build/core/base_rules.mk:134: *** android-afl: MODULE.HOST.SHARED_LIBRARIES.afl-llvm-rt already defined by android-afl. Stop.
make: Leaving directory `/opt/android-source/androsource'
Do you know how to fix this ?
Cheers.,
compile fail: cp: cannot stat `out/target/product/spwhale2_fpga/obj_arm/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o': No such file or directory
linux:
$ uname -aprecise1-Ubuntu SMP Fri Jan 25 17:13:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
Linux tj05002pcu 3.5.0-23-generic #35
android source:
6.0
clang&llvm: 3.9
and I changed 3.8 to 3.9 in android.mk
error info of "mm -B" command:
target Symbolic: afl-llvm-rt (out/target/product/spwhale2_fpga/symbols/system/lib64/afl-llvm-rt.so)
Export includes file: android-afl/Android.mk -- out/target/product/spwhale2_fpga/obj/SHARED_LIBRARIES/afl-llvm-rt_intermediates/export_includes
target Strip: afl-llvm-rt (out/target/product/spwhale2_fpga/obj/lib/afl-llvm-rt.so)
Install: out/target/product/spwhale2_fpga/system/lib64/afl-llvm-rt.so
cp: cannot stat out/target/product/spwhale2_fpga/obj_arm/SHARED_LIBRARIES/afl-llvm-rt_intermediates/llvm_mode/afl-llvm-rt.o.o': No such file or directory make: *** [out/target/product/spwhale2_fpga/system/lib64/afl-llvm-rt.so] Error 1 make: *** Deleting file out/target/product/spwhale2_fpga/system/lib64/afl-llvm-rt.so'
How to fix this problem?
Thanks!
stagefright编译问题
在android8上尝试afl;
PLATFORM_VERSION_CODENAME=REL
PLATFORM_VERSION=8.0.0
TARGET_PRODUCT=aosp_bullhead
TARGET_BUILD_VARIANT=userdebug
TARGET_BUILD_TYPE=release
TARGET_ARCH=arm64
TARGET_ARCH_VARIANT=armv8-a
TARGET_CPU_VARIANT=cortex-a53
TARGET_2ND_ARCH=arm
TARGET_2ND_ARCH_VARIANT=armv7-a-neon
TARGET_2ND_CPU_VARIANT=cortex-a53.a57
HOST_ARCH=x86_64
HOST_2ND_ARCH=x86
HOST_OS=linux
HOST_OS_EXTRA=Linux-4.13.16-x86_64-with-Ubuntu-16.04-xenial
HOST_CROSS_OS=windows
HOST_CROSS_ARCH=x86
HOST_CROSS_2ND_ARCH=x86_64
HOST_BUILD_TYPE=release
BUILD_ID=OPR6.170623.013
OUT_DIR=out
android-afl可以编译成功,且生成的目标文件可在真机上执行。
尝试编译stagefright进行插桩,Android.mk里更改如下:
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
LOCAL_SRC_FILES:=
stagefright.cpp
jpeg.cpp
SineSource.cpp
LOCAL_SHARED_LIBRARIES :=
libstagefright libmedia libutils libbinder libstagefright_foundation
libjpeg libgui libcutils liblog
libhidlmemory
[email protected] \
LOCAL_C_INCLUDES:=
frameworks/av/media/libstagefright
frameworks/av/media/libstagefright/include
$(TOP)/frameworks/native/include/media/openmax
external/jpeg \
LOCAL_CFLAGS += -Wno-multichar -Werror -Wall
LOCAL_MODULE_TAGS := optional
LOCAL_MODULE:= stagefright
LOCAL_CLANG := true
export AFL_CC := /usr/bin/clang
LOCAL_CC := afl-clang-fast
export AFL_CXX := /usr/bin/clang++
LOCAL_CXX := afl-clang-fast++
include $(BUILD_EXECUTABLE)
并且在编译时设置 AFL_PATH为 out/target/product/bullhead/system 因为android-afl编译完成后在这个目录生成afl-llvm-pass.so,编译时报错如下:
error: unable to load plugin '/android8/out/target/product/bullhead/system/afl-llvm-pass.so': '/android8/out/target/product/bullhead/system/afl-llvm-pass.so: undefined symbol: _ZN4llvm24DisableABIBreakingChecksE'
ninja: build stopped: subcommand failed.
14:54:42 ninja failed with: exit status 1
build/core/main.mk:21: recipe for target 'run_soong_ui' failed
make: *** [run_soong_ui] Error 1
Compile error
android-afl/android-ashmem.h:14:57: error: declaration of 'struct shmid_ds' will not be visible outside of this function
It seems like an include error. But I see the program use the prebuild clang in aosp, so I don't know how to fix it.
System: Ubuntu14.04
AOSP:7.0
Any help will be appreciated.
Thank you.
issue with export environment
hi.
thank you for this fork.
have question about environment.
cloned and installed android-afl (
git clone ***
make & make install
)
after use export CC=afl-gcc and export CXX=afl-g++, but in compilation time Ubuntu choose default gcc compilation and don't use afl-gcc. how i can fix it, what I do wrong?
thank you
CANNOT LINK EXECUTABLE "./crash": /data/local/tmp/crash: has text relocations
i complie crash in AOSP/android-afl/android-test/ with command "TEST_GCC_ARM=true mm -B"
and i got crash file in (TARGET_OUT)/target/product/shamu/system/bin/crash.
then, i adb push crash to my phone, run the crash file, and got an error as below :
134|shamu:/data/local/tmp # ./crash 12
CANNOT LINK EXECUTABLE "./crash": /data/local/tmp/crash: has text relocations
Aborted
what is the problem?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.