diff options
| author | van Hauser <vh@thc.org> | 2024-02-23 13:53:15 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-23 13:53:15 +0100 |
| commit | 1286d1906fd3eca18225089ae790e6ae53aff609 (patch) | |
| tree | 6ed1e0f8a6556f1539ff342405ad47d87776bb47 | |
| parent | 340d6aa97cd8fa18e8c7650ac9067e1b2688e8bb (diff) | |
| parent | fae760fc9e4c63385c24fe07e5d5c3ab077b56bf (diff) | |
| download | afl++-1286d1906fd3eca18225089ae790e6ae53aff609.tar.gz | |
Merge pull request #2012 from clesmian/dev
Fix bug where `-t 1000+` may result in enormous timeouts
| -rw-r--r-- | src/afl-forkserver.c | 2 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 13 |
2 files changed, 12 insertions, 3 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 508b5fa7..1381236c 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1931,7 +1931,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, if (exec_ms > timeout) { - /* If there was no response from forkserver after timeout seconds, + /* If there was no response from forkserver after timeout milliseconds, we kill the child. The forkserver should inform us afterwards */ s32 tmp_pid = fsrv->child_pid; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9c89b2a1..08f716fa 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2493,8 +2493,17 @@ int main(int argc, char **argv_orig, char **envp) { for (entry = 0; entry < afl->queued_items; ++entry) if (!afl->queue_buf[entry]->disabled) - if (afl->queue_buf[entry]->exec_us > max_ms) - max_ms = afl->queue_buf[entry]->exec_us; + if ((afl->queue_buf[entry]->exec_us/1000) > max_ms) + max_ms = afl->queue_buf[entry]->exec_us/1000; + + // Add 20% as a safety margin, capped to exec_tmout given in -t option + max_ms *= 1.2; + if(max_ms > afl->fsrv.exec_tmout) + max_ms = afl->fsrv.exec_tmout; + + // Ensure that there is a sensible timeout even for very fast binaries + if(max_ms < 5) + max_ms = 5; afl->fsrv.exec_tmout = max_ms; afl->timeout_given = 1; |