Define AFL_CRASHING_SEEDS_AS_NEW_CRASH as env variable

- and fix typo Signed-off-by: Junwha <qbit@unist.ac.kr>
author: Junwha <qbit@unist.ac.kr> 2023-08-04 18:36:58 +0900
committer: Junwha <qbit@unist.ac.kr> 2023-08-04 18:36:58 +0900
commit: fcdfe9e990d84ab477cd3c571cbf540e8bc8e15a (patch)
tree: fa5e386c1a5730137bebd1b8c1d0228f243a382a
parent: a61e1ffe4dceb5b4dec3409faf037bea4c05bef9 (diff)
download: afl++-fcdfe9e990d84ab477cd3c571cbf540e8bc8e15a.tar.gz
4 files changed, 26 insertions, 18 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 7bedc98f..18352acb 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -1,3 +1,4 @@
+
 /*
    american fuzzy lop++ - fuzzer header
    ------------------------------------
@@ -408,7 +409,7 @@ typedef struct afl_env_vars {
       *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port,
       *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size,
       *afl_testcache_entries, *afl_child_kill_signal, *afl_fsrv_kill_signal,
-      *afl_target_env, *afl_persistent_record, *afl_exit_on_time;
+      *afl_target_env, *afl_persistent_record, *afl_exit_on_time, *afl_crashing_seeds_as_new_crash;
 
   s32 afl_pizza_mode;
 
@@ -539,8 +540,7 @@ typedef struct afl_state {
       expand_havoc,                /* perform expensive havoc after no find */
       cycle_schedules,                  /* cycle power schedules?           */
       old_seed_selection,               /* use vanilla afl seed selection   */
-      reinit_table,                     /* reinit the queue weight table    */
-      crashing_seeds_as_new_crash; /* treat crashing seeds as normal corpus */
+      reinit_table;                     /* reinit the queue weight table    */
 
   u8 *virgin_bits,                      /* Regions yet untouched by fuzzing */
       *virgin_tmout,                    /* Bits we haven't seen in tmouts   */
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 6b7f3036..d994d749 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1056,17 +1056,19 @@ void perform_dry_run(afl_state_t *afl) {
               "skipping",
               fn, (int)(s8)afl->fsrv.crash_exitcode);
 
-        } else if (afl->crashing_seeds_as_new_crash) {
-          
-          WARNF(
-              "Test case '%s' results in a crash,"
-              "as AFL_CRASHING_SEEDS_AS_NEW_CRASH is set, "
-              "saving as a crash", fn);
-
         } else {
+          if (afl->afl_env.afl_crashing_seeds_as_new_crash) {
+          
+            WARNF(
+                "Test case '%s' results in a crash, "
+                "as AFL_CRASHING_SEEDS_AS_NEW_CRASH is set, "
+                "saving as a new crash", fn);
+            
+          } else {
 
-          WARNF("Test case '%s' results in a crash, skipping", fn);
-
+            WARNF("Test case '%s' results in a crash, skipping", fn);
+          
+          }
         }
 
         if (afl->afl_env.afl_exit_on_seed_issues) {
@@ -1085,8 +1087,8 @@ void perform_dry_run(afl_state_t *afl) {
 
         }
 
-        /* Crashing corpus will regrad as normal, and categorized as new crash at fuzzing  */
-        if (afl->crashing_seeds_as_new_crash) {
+        /* Crashing seeds will be regarded as new crashes on startup */
+        if (afl->afl_env.afl_crashing_seeds_as_new_crash) {
           
           ++afl->total_crashes;
 
@@ -1139,9 +1141,6 @@ void perform_dry_run(afl_state_t *afl) {
 
         } else {
 
-          q->disabled = 1;
-          q->perf_score = 0;
-
           u32 i = 0;
           while (unlikely(i < afl->queued_items && afl->queue_buf[i] &&
                           afl->queue_buf[i]->disabled)) {
@@ -1171,6 +1170,9 @@ void perform_dry_run(afl_state_t *afl) {
 
         }
         
+        q->disabled = 1;
+        q->perf_score = 0;
+
         break;  
       
       case FSRV_RUN_ERROR:
diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c
index 99f69314..5a6b95cf 100644
--- a/src/afl-fuzz-state.c
+++ b/src/afl-fuzz-state.c
@@ -200,6 +200,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
             afl->afl_env.afl_exit_on_time =
                 (u8 *)get_afl_env(afl_environment_variables[i]);
 
+          } else if (!strncmp(env, "AFL_CRASHING_SEEDS_AS_NEW_CRASH",
+
+                              afl_environment_variable_len)) {
+
+            afl->afl_env.afl_crashing_seeds_as_new_crash =
+                atoi((u8 *)get_afl_env(afl_environment_variables[i]));
+
           } else if (!strncmp(env, "AFL_NO_AFFINITY",
 
                               afl_environment_variable_len)) {
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 5cbebb0e..51ca4ee6 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -1573,7 +1573,6 @@ int main(int argc, char **argv_orig, char **envp) {
   if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; }
   if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; }
   if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; }
-  if (get_afl_env("AFL_CRASHING_SEEDS_AS_NEW_CRASH")) { afl->crashing_seeds_as_new_crash = 1; }
   
   if (afl->afl_env.afl_autoresume) {
author	Junwha <qbit@unist.ac.kr>	2023-08-04 18:36:58 +0900
committer	Junwha <qbit@unist.ac.kr>	2023-08-04 18:36:58 +0900
commit	fcdfe9e990d84ab477cd3c571cbf540e8bc8e15a (patch)
tree	fa5e386c1a5730137bebd1b8c1d0228f243a382a
parent	a61e1ffe4dceb5b4dec3409faf037bea4c05bef9 (diff)
download	afl++-fcdfe9e990d84ab477cd3c571cbf540e8bc8e15a.tar.gz