fix negative stability bug (hopefully)

2 files changed, 6 insertions, 3 deletions

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 71de0984..da28ce53 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -13,6 +13,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - afl-fuzz:
      - AFL_MAP_SIZE was not working correctly
      - better python detection
+     - an old, old bug in afl that would show negative stability in rare
+       circumstances is now hopefully fixed
   - llvm_mode:
      - if LLVM 11 is installed the posix shm_open+mmap is used and a fixed
        address for the shared memory map is used as this increases the
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index bf8c4ec0..692026d4 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -193,6 +193,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
   if (q->exec_cksum) {
 
     memcpy(afl->first_trace, afl->fsrv.trace_bits, afl->fsrv.map_size);
+    u8 hnb = has_new_bits(afl, afl->virgin_bits);
+    if (hnb > new_bits) { new_bits = hnb; }
 
   }
 
@@ -226,12 +228,11 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
     }
 
     cksum = hash32(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
+    u8 hnb = has_new_bits(afl, afl->virgin_bits);
+    if (hnb > new_bits) { new_bits = hnb; }
 
     if (q->exec_cksum != cksum) {
 
-      u8 hnb = has_new_bits(afl, afl->virgin_bits);
-      if (hnb > new_bits) { new_bits = hnb; }
-
       if (q->exec_cksum) {
 
         u32 i;