diff options
| author | Dominik Maier <domenukk@gmail.com> | 2020-03-31 04:22:22 +0200 |
|---|---|---|
| committer | Dominik Maier <domenukk@gmail.com> | 2020-04-01 13:10:07 +0200 |
| commit | 5a4d4ad7360875fea9efb330a55afe4771e1a428 (patch) | |
| tree | 7cc25f56b37ca8a8a67f3ba427fddb590344b694 | |
| parent | 5bc6dccbbd6167b556af751755f0ae02c1ca2a8f (diff) | |
| download | afl++-5a4d4ad7360875fea9efb330a55afe4771e1a428.tar.gz | |
fixed bug in cmplog
| -rw-r--r-- | include/afl-fuzz.h | 14 | ||||
| -rw-r--r-- | src/afl-fuzz-cmplog.c | 16 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 10 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 2 |
4 files changed, 21 insertions, 21 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index e750d7c9..47aad5af 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -484,11 +484,6 @@ typedef struct afl_state { unique_tmouts, /* Timeouts with unique signatures */ unique_hangs, /* Hangs with unique signatures */ total_execs, /* Total execve() calls */ - slowest_exec_ms, /* Slowest testcase non hang in ms */ - start_time, /* Unix start time (ms) */ - last_path_time, /* Time for most recent path (ms) */ - last_crash_time, /* Time for most recent crash (ms) */ - last_hang_time, /* Time for most recent hang (ms) */ last_crash_execs, /* Exec counter at last crash */ queue_cycle, /* Queue round counter */ cycles_wo_finds, /* Cycles without any new paths */ @@ -496,9 +491,14 @@ typedef struct afl_state { bytes_trim_in, /* Bytes coming into the trimmer */ bytes_trim_out, /* Bytes coming outa the trimmer */ blocks_eff_total, /* Blocks subject to effector maps */ - blocks_eff_select; /* Blocks selected as fuzzable */ + blocks_eff_select, /* Blocks selected as fuzzable */ + start_time, /* Unix start time (ms) */ + last_path_time, /* Time for most recent path (ms) */ + last_crash_time, /* Time for most recent crash (ms) */ + last_hang_time; /* Time for most recent hang (ms) */ - u32 subseq_tmouts; /* Number of timeouts in a row */ + u32 slowest_exec_ms, /* Slowest testcase non hang in ms */ + subseq_tmouts; /* Number of timeouts in a row */ u8 *stage_name, /* Name of the current fuzz stage */ *stage_short, /* Short stage name */ diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 08ac15c7..f932f33b 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -187,13 +187,13 @@ void init_cmplog_forkserver(afl_state_t *afl) { rlen = 4; u32 timeout_ms = afl->fsrv.exec_tmout * FORK_WAIT_MULT; /* Reuse readfds as exceptfds to see when the child closed the pipe */ - u32 time_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, rlen, timeout_ms); + u32 exec_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, rlen, timeout_ms); - if (!time_ms) { + if (!exec_ms) { PFATAL("Error in timed read"); - } else if (time_ms > timeout_ms) { + } else if (exec_ms > timeout_ms) { afl->fsrv.child_timed_out = 1; kill(afl->cmplog_fsrv_pid, SIGKILL); @@ -377,7 +377,7 @@ void init_cmplog_forkserver(afl_state_t *afl) { u8 run_cmplog_target(afl_state_t *afl, u32 timeout) { int status = 0; - u64 exec_ms; + u32 exec_ms; u32 tb4; s32 res; @@ -416,9 +416,9 @@ u8 run_cmplog_target(afl_state_t *afl, u32 timeout) { /* Configure timeout, as requested by user, then wait for child to terminate. */ - u32 time_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, 4, timeout); + exec_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, 4, timeout); - if (time_ms > timeout) { + if (exec_ms > timeout) { /* If there was no response from forkserver after timeout seconds, we kill the child. The forkserver should inform us afterwards */ @@ -427,11 +427,11 @@ u8 run_cmplog_target(afl_state_t *afl, u32 timeout) { afl->fsrv.child_timed_out = 1; /* After killing the child, the forkserver should tell us */ - if (!read(afl->cmplog_fsrv_st_fd, &status, 4)) time_ms = 0; + if (!read(afl->cmplog_fsrv_st_fd, &status, 4)) exec_ms = 0; } - if (!time_ms) { // Something went wrong. + if (!exec_ms) { // Something went wrong. if (afl->stop_soon) return 0; SAYF("\n" cLRD "[-] " cRST diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index f58e1a33..8cef78b9 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -33,7 +33,7 @@ u8 run_target(afl_state_t *afl, u32 timeout) { s32 res; - u32 time_ms; + u32 exec_ms; int status = 0; u32 tb4; @@ -67,20 +67,20 @@ u8 run_target(afl_state_t *afl, u32 timeout) { if (afl->fsrv.child_pid <= 0) FATAL("Fork server is misbehaving (OOM?)"); - time_ms = read_timed(afl->fsrv.fsrv_st_fd, &status, 4, timeout); + exec_ms = read_timed(afl->fsrv.fsrv_st_fd, &status, 4, timeout); - if (time_ms > timeout) { + if (exec_ms > timeout) { /* If there was no response from forkserver after timeout seconds, we kill the child. The forkserver should inform us afterwards */ kill(afl->fsrv.child_pid, SIGKILL); afl->fsrv.child_timed_out = 1; - if (read(afl->fsrv.fsrv_st_fd, &status, 4) < 4) time_ms = 0; + if (read(afl->fsrv.fsrv_st_fd, &status, 4) < 4) exec_ms = 0; } - if (!time_ms) { + if (!exec_ms) { if (afl->stop_soon) return 0; SAYF("\n" cLRD "[-] " cRST diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 7fde2fdc..98a97a34 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -95,7 +95,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability, "last_hang : %llu\n" "execs_since_crash : %llu\n" "exec_timeout : %u\n" - "slowest_exec_ms : %llu\n" + "slowest_exec_ms : %u\n" "peak_rss_mb : %lu\n" "afl_banner : %s\n" "afl_version : " VERSION |