diff options
| author | van Hauser <vh@thc.org> | 2021-03-15 23:14:07 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-15 23:14:07 +0100 |
| commit | 23f7bee81c46ad4f0f65fa56d08064ab5f1e2e6f (patch) | |
| tree | 79c15c7a4f879c90f683a61a8ad878bd19e2a69e | |
| parent | e5bdba4b9f22c0f2e4ff60ffc9bfa8fbaeb586d2 (diff) | |
| parent | ac795ae1e154df87d422eb9a307ee1f40fcb701f (diff) | |
| download | afl++-23f7bee81c46ad4f0f65fa56d08064ab5f1e2e6f.tar.gz | |
Merge pull request #820 from AFLplusplus/dev 3.11c
push to stable
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | docs/Changelog.md | 5 | ||||
| -rw-r--r-- | include/config.h | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 20 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 5 | ||||
| -rwxr-xr-x | test/test-llvm.sh | 2 | ||||
| -rwxr-xr-x[-rw-r--r--] | unicorn_mode/samples/speedtest/get_offsets.py | 0 | ||||
| m--------- | unicorn_mode/unicornafl | 0 | ||||
| -rw-r--r-- | utils/aflpp_driver/aflpp_driver.c | 2 |
10 files changed, 23 insertions, 19 deletions
diff --git a/README.md b/README.md index 0deaca22..69e5bb74 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ <img align="right" src="https://raw.githubusercontent.com/andreafioraldi/AFLplusplus-website/master/static/logo_256x256.png" alt="AFL++ Logo"> - Release Version: [3.10c](https://github.com/AFLplusplus/AFLplusplus/releases) + Release Version: [3.11c](https://github.com/AFLplusplus/AFLplusplus/releases) - Github Version: 3.11a + Github Version: 3.12a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/docs/Changelog.md b/docs/Changelog.md index c475911d..1c735a70 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,11 +8,14 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to <afl-users+subscribe@googlegroups.com>. -### Version ++3.11a (dev) +### Version ++3.11c (release) - afl-fuzz: + - better auto detection of map size - fix sanitizer settings (bug since 3.10c) + - fix an off-by-one overwrite in cmplog - add non-unicode variants from unicode-looking dictionary entries - Rust custom mutator API improvements + - Imported crash stats painted yellow on resume (only new ones are red) - afl-cc: - added AFL_NOOPT that will just pass everything to the normal gcc/clang compiler without any changes - to pass weird configure diff --git a/include/config.h b/include/config.h index 6ada0fbe..cc8024ea 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++3.11a" +#define VERSION "++3.11c" /****************************************************** * * diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 835aba40..b2f88205 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -325,7 +325,7 @@ static u8 check_if_text(afl_state_t *afl, struct queue_entry *q) { if (len >= MAX_FILE) len = MAX_FILE - 1; if ((fd = open(q->fname, O_RDONLY)) < 0) return 0; - buf = afl_realloc(AFL_BUF_PARAM(in_scratch), len); + buf = afl_realloc(AFL_BUF_PARAM(in_scratch), len + 1); comp = read(fd, buf, len); close(fd); if (comp != (ssize_t)len) return 0; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 2e7de7b3..99059a2d 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -645,6 +645,13 @@ void show_stats(afl_state_t *afl) { #define SP10 SP5 SP5 #define SP20 SP10 SP10 + /* Since `total_crashes` does not get reloaded from disk on restart, + it indicates if we found crashes this round already -> paint red. + If it's 0, but `unique_crashes` is set from a past run, paint in yellow. */ + char *crash_color = afl->total_crashes ? cLRD + : afl->unique_crashes ? cYEL + : cRST; + /* Lord, forgive me this. */ SAYF(SET_G1 bSTG bLT bH bSTOP cCYA @@ -732,7 +739,7 @@ void show_stats(afl_state_t *afl) { u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time); SAYF(bV bSTOP " last uniq crash : " cRST "%-33s " bSTG bV bSTOP " uniq crashes : %s%-6s" bSTG bV "\n", - time_tmp, afl->unique_crashes ? cLRD : cRST, tmp); + time_tmp, crash_color, tmp); sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->unique_hangs), (afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); @@ -815,20 +822,13 @@ void show_stats(afl_state_t *afl) { SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP " new crashes : %s%-22s" bSTG bV "\n", - u_stringify_int(IB(0), afl->fsrv.total_execs), - afl->unique_crashes ? cLRD : cRST, tmp); + u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } else { SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP " total crashes : %s%-22s" bSTG bV "\n", - u_stringify_int(IB(0), afl->fsrv.total_execs), - // New crashes this round -> Red, restored crashes -> yellow, else - // white. - afl->total_crashes ? cLRD - : afl->unique_crashes ? cYEL - : cRST, - tmp); + u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 7fe89c11..64e4b869 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1597,8 +1597,8 @@ int main(int argc, char **argv_orig, char **envp) { // only reinitialize when it makes sense if ((map_size < new_map_size || - (new_map_size != MAP_SIZE && new_map_size < map_size && - map_size - new_map_size > MAP_SIZE))) { + (new_map_size != MAP_SIZE && new_map_size < map_size && + map_size - new_map_size > MAP_SIZE))) { OKF("Re-initializing maps to %u bytes", new_map_size); @@ -1680,6 +1680,7 @@ int main(int argc, char **argv_orig, char **envp) { setenv("AFL_NO_AUTODICT", "1", 1); // loaded already afl->fsrv.trace_bits = afl_shm_init(&afl->shm, new_map_size, afl->non_instrumented_mode); + afl->cmplog_fsrv.trace_bits = afl->fsrv.trace_bits; afl_fsrv_start(&afl->fsrv, afl->argv, &afl->stop_soon, afl->afl_env.afl_debug_child); afl_fsrv_start(&afl->cmplog_fsrv, afl->argv, &afl->stop_soon, diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 6503cd98..aa36af1b 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -164,7 +164,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { echo ZZZZ > in/in $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 45 seconds" { - AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -Z -s 1 -V45 -m ${MEM_LIMIT} -i in -o out -D -- ./test-floatingpoint >>errors 2>&1 + AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -Z -s 123 -V50 -m ${MEM_LIMIT} -i in -o out -D -- ./test-floatingpoint >>errors 2>&1 } >>errors 2>&1 test -n "$( ls out/default/crashes/id:* 2>/dev/null )" && { $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly" diff --git a/unicorn_mode/samples/speedtest/get_offsets.py b/unicorn_mode/samples/speedtest/get_offsets.py index c9dc76df..c9dc76df 100644..100755 --- a/unicorn_mode/samples/speedtest/get_offsets.py +++ b/unicorn_mode/samples/speedtest/get_offsets.py diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl deleted file mode 160000 -Subproject fb2fc9f25df32f17f6b6b859e4dbd70f9a857e0 diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index 6af79e14..9c97607c 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -204,7 +204,7 @@ int main(int argc, char **argv) { "To fuzz with afl-fuzz execute this:\n" " afl-fuzz [afl-flags] -- %s [-N]\n" "afl-fuzz will run N iterations before re-spawning the process (default: " - "1000)\n" + "INT_MAX)\n" "======================================================\n", argv[0], argv[0]); |