void arch_ptraceAnalyze(honggfuzz_t * hfuzz, int status, pid_t pid, fuzzer_t * fuzzer) { /* * It's a ptrace event, deal with it elsewhere */ if (WIFSTOPPED(status) && __WEVENT(status)) { return arch_ptraceEvent(hfuzz, fuzzer, status, pid); } if (WIFSTOPPED(status)) { /* * If it's an interesting signal, save the testcase */ if (arch_sigs[WSTOPSIG(status)].important) { /* * If fuzzer worker is from core fuzzing process run full * analysis. Otherwise just unwind and get stack hash signature. */ if (fuzzer->mainWorker) { arch_ptraceSaveData(hfuzz, pid, fuzzer); } else { arch_ptraceAnalyzeData(hfuzz, pid, fuzzer); } } ptrace(PTRACE_CONT, pid, 0, WSTOPSIG(status)); return; } /* * Resumed by delivery of SIGCONT */ if (WIFCONTINUED(status)) { return; } /* * Process exited */ if (WIFEXITED(status)) { /* * Target exited with sanitizer defined exitcode (used when SIGABRT is not monitored) */ if ((WEXITSTATUS(status) == HF_MSAN_EXIT_CODE) || (WEXITSTATUS(status) == HF_ASAN_EXIT_CODE) || (WEXITSTATUS(status) == HF_UBSAN_EXIT_CODE)) { arch_ptraceExitAnalyze(hfuzz, pid, fuzzer, WEXITSTATUS(status)); } return; } if (WIFSIGNALED(status)) { return; } abort(); /* NOTREACHED */ }
void arch_ptraceAnalyze(honggfuzz_t * hfuzz, int status, pid_t pid, fuzzer_t * fuzzer) { /* * It's a ptrace event, deal with it elsewhere */ if (WIFSTOPPED(status) && __WEVENT(status)) { return arch_ptraceEvent(hfuzz, fuzzer, status, pid); } if (WIFSTOPPED(status)) { int curStatus = WSTOPSIG(status); /* * If it's an interesting signal, save the testcase */ if (arch_sigs[WSTOPSIG(status)].important) { arch_ptraceSaveData(hfuzz, pid, fuzzer); /* * An kind of ugly (although necessary) hack due to custom signal handlers * in Android from debuggerd. If we pass one of the monitored signals, * we'll end-up running the processing routine twice. A cost that we * don't want to pay. */ #if defined(__ANDROID__) curStatus = SIGINT; #endif } ptrace(PT_CONTINUE, pid, 0, curStatus); return; } /* * Resumed by delivery of SIGCONT */ if (WIFCONTINUED(status)) { return; } /* * Process exited */ if (WIFEXITED(status)) { return; } if (WIFSIGNALED(status)) { return; } abort(); /* NOTREACHED */ return; }
void arch_ptraceAnalyze(honggfuzz_t * hfuzz, int status, pid_t pid, fuzzer_t * fuzzer) { /* * It's a ptrace event, deal with it elsewhere */ if (WIFSTOPPED(status) && __WEVENT(status)) { return arch_ptraceEvent(hfuzz, fuzzer, status, pid); } if (WIFSTOPPED(status)) { /* * If it's an interesting signal, save the testcase */ if (arch_sigs[WSTOPSIG(status)].important) { /* * If fuzzer worker is from core fuzzing process run full * analysis. Otherwise just unwind and get stack hash signature. */ if (fuzzer->mainWorker) { arch_ptraceSaveData(hfuzz, pid, fuzzer); } else { arch_ptraceAnalyzeData(pid, fuzzer); } } ptrace(PT_CONTINUE, pid, 0, WSTOPSIG(status)); return; } /* * Resumed by delivery of SIGCONT */ if (WIFCONTINUED(status)) { return; } /* * Process exited */ if (WIFEXITED(status)) { return; } if (WIFSIGNALED(status)) { return; } abort(); /* NOTREACHED */ }