nixpkgs: afl 1.57b -> 1.58b

Signed-off-by: Austin Seipp <aseipp@pobox.com>

4 files changed, 32 insertions, 3 deletions

diff --git a/pkgs/tools/security/afl/default.nix b/pkgs/tools/security/afl/default.nix
index ed9b6d56edb..93c5988b55d 100644
--- a/pkgs/tools/security/afl/default.nix
+++ b/pkgs/tools/security/afl/default.nix
@@ -8,11 +8,11 @@ let
 in
 stdenv.mkDerivation rec {
   name    = "afl-${version}";
-  version = "1.57b";
+  version = "1.58b";
 
   src = fetchurl {
     url    = "http://lcamtuf.coredump.cx/afl/releases/${name}.tgz";
-    sha256 = "05dwh2kgz31702y339bvbs0b3ffadxgxk8cqqhs2i0ggx5bnl5p4";
+    sha256 = "1szggm4x9i9bsrcb99s5vbgncagp7jvhz8cg9amkx7p6mp2x4pld";
   };
 
   buildInputs  = [ makeWrapper ];
diff --git a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h b/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h
index 7d5a47669e4..c6ebc873ae0 100644
--- a/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h
+++ b/pkgs/tools/security/afl/qemu-patches/afl-qemu-cpu-inl.h
@@ -69,9 +69,10 @@ abi_ulong afl_entry_point, /* ELF entry point (_start) */
           afl_start_code,  /* .text start pointer      */
           afl_end_code;    /* .text end pointer        */
 
-/* Set on the child in forkserver mode: */
+/* Set in the child process in forkserver mode: */
 
 static unsigned char afl_fork_child;
+unsigned int afl_forksrv_pid;
 
 /* Instrumentation ratio: */
 
@@ -158,6 +159,8 @@ static void afl_forkserver(CPUArchState *env) {
 
   if (write(FORKSRV_FD + 1, tmp, 4) != 4) return;
 
+  afl_forksrv_pid = getpid();
+
   /* All right, let's await orders... */
 
   while (1) {
diff --git a/pkgs/tools/security/afl/qemu-patches/syscall.patch b/pkgs/tools/security/afl/qemu-patches/syscall.patch
new file mode 100644
index 00000000000..c8ffb61ba2c
--- /dev/null
+++ b/pkgs/tools/security/afl/qemu-patches/syscall.patch
@@ -0,0 +1,25 @@
+--- qemu-2.2.0/linux-user/syscall.c.orig	2014-12-09 14:45:43.000000000 +0000
++++ qemu-2.2.0/linux-user/syscall.c	2015-03-27 06:33:00.736000000 +0000
+@@ -227,7 +227,21 @@
+ _syscall3(int,sys_rt_sigqueueinfo,int,pid,int,sig,siginfo_t *,uinfo)
+ _syscall3(int,sys_syslog,int,type,char*,bufp,int,len)
+ #if defined(TARGET_NR_tgkill) && defined(__NR_tgkill)
+-_syscall3(int,sys_tgkill,int,tgid,int,pid,int,sig)
++
++extern unsigned int afl_forksrv_pid;
++
++static int sys_tgkill(int tgid, int pid, int sig) {
++
++  /* Workaround for -lpthread to make abort() work properly, without
++     killing the forkserver due to a prematurely cached PID. */
++
++  if (afl_forksrv_pid && afl_forksrv_pid == pid && sig == SIGABRT)
++    pid = tgid = getpid();
++
++  return syscall(__NR_sys_tgkill, pid, tgid, sig);
++
++}
++
+ #endif
+ #if defined(TARGET_NR_tkill) && defined(__NR_tkill)
+ _syscall2(int,sys_tkill,int,tid,int,sig)
diff --git a/pkgs/tools/security/afl/qemu.nix b/pkgs/tools/security/afl/qemu.nix
index 929f9fba9a6..441d64415cb 100644
--- a/pkgs/tools/security/afl/qemu.nix
+++ b/pkgs/tools/security/afl/qemu.nix
@@ -42,6 +42,7 @@ stdenv.mkDerivation rec {
       ./qemu-patches/cpu-exec.patch
       ./qemu-patches/no-etc-install.patch
       ./qemu-patches/translate-all.patch
+      ./qemu-patches/syscall.patch
     ];
 
   preConfigure = ''