add env info to afl-fuzz (please review!), small clarifications in docs/env_variables.md

3 files changed, 54 insertions, 9 deletions

diff --git a/docs/env_variables.md b/docs/env_variables.md
index 9fc60187..7ac69e8b 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -223,12 +223,12 @@ checks or alter some of the more exotic semantics of the tool:
     for more.
 
   - Setting AFL_CUSTOM_MUTATOR_LIBRARY to a shared library with
-    afl_custom_mutator() export run additional mutations though this library.
+    afl_custom_mutator() creates additional mutations through this library.
     If AFL_CUSTOM_MUTATOR_ONLY is also set, all mutations will solely be
-    performed with/from the libary. see [custom_mutator.md](custom_mutator.md)
+    performed with/from the library. See [custom_mutator.md](custom_mutator.md)
 
-  - For AFL_PYTHON_MODULE and AFL_PYTHON_ONLY - they require to be compiled
-    with -DUSE_PYTHON. Please see [python_mutators.md](python_mutators.md)
+  - For AFL_PYTHON_MODULE and AFL_PYTHON_ONLY - they require afl-fuzz to
+    be compiled with -DUSE_PYTHON. Please see [python_mutators.md](python_mutators.md).
     This feature allows to configure custom mutators which can be very helpful
     in e.g. fuzzing XML or other highly flexible structured input.
 
@@ -262,6 +262,12 @@ checks or alter some of the more exotic semantics of the tool:
   - Setting AFL_DEBUG_CHILD_OUTPUT will not suppress the child output.
     Not pretty but good for debugging purposes.
 
+  - Setting AFL_NO_CPU_RED will not display very high cpu usages in red color.
+
+  - Outdated environment variables are:
+    AFL_DEFER_FORKSRV
+    AFL_PERSISTENT
+
 ## 4) Settings for afl-qemu-trace
 
 The QEMU wrapper used to instrument binary-only code supports several settings:
@@ -408,3 +414,4 @@ optimal values if not already present in the environment:
     Be sure to include the first one when customizing anything, since some
     MSAN versions don't call abort() on error, and we need a way to detect
     faults.
+
diff --git a/gcc_plugin/afl-gcc-pass.so.cc b/gcc_plugin/afl-gcc-pass.so.cc
index 9c08cec4..1346979c 100644
--- a/gcc_plugin/afl-gcc-pass.so.cc
+++ b/gcc_plugin/afl-gcc-pass.so.cc
@@ -52,8 +52,8 @@
 #include "../config.h"
 #include "../include/debug.h"
 
-/* clear helper AFL types pulls in, which intervene with gcc-plugin geaders from
- * GCC-8 */
+/* clear helper macros AFL types pull in, which intervene with gcc-plugin 
+ * headers from GCC-8 */
 #ifdef likely
 #undef likely
 #endif
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index dc033713..24491998 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -143,9 +143,47 @@ static void usage(u8* argv0) {
       "file\n"
       "  -C            - crash exploration mode (the peruvian rabbit thing)\n"
       "  -e ext        - File extension for the temporarily generated test "
-      "case\n\n",
-
-      argv0, EXEC_TIMEOUT, MEM_LIMIT);
+      "case\n\n"
+
+      "Environment variables used:\n"
+      "AFL_PATH: path to AFL support binaries\n"
+      "AFL_QUIET: suppress forkserver status messages\n"
+      "AFL_DEBUG_CHILD_OUTPUT: do not suppress stdout/stderr from target\n"
+      "LD_BIND_LAZY: do not set LD_BIND_NOW env var for target\n"
+      "AFL_BENCH_JUST_ONE: run the target just once\n"
+      "AFL_DUMB_FORKSRV: use fork server without feedback from target\n"
+      "AFL_CUSTOM_MUTATOR_LIBRARY: lib with afl_custom_mutator() to mutate inputs\n"
+      "AFL_CUSTOM_MUTATOR_ONLY: avoid AFL++'s internal mutators\n"
+      "AFL_PYTHON_MODULE: mutate and trim inputs with the specified Python module\n"
+      "AFL_PYTHON_ONLY: skip AFL++'s own mutators\n"
+      "AFL_DEBUG: extra debugging output for Python mode trimming\n"
+      "AFL_DISABLE_TRIM: disable the trimming of test cases\n"
+      "AFL_NO_UI: switch status screen off\n"
+      "AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n"
+      "AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n"
+      "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n"
+      "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n"
+      "AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n"
+      "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n"
+      "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n"
+      "AFL_HANG_TMOUT: override timeout value (in milliseconds)\n"
+      "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
+      "AFL_TMPDIR: directory to use for input file generation (ramdisk recommended)\n"
+      "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n"
+      "AFL_NO_AFFINITY: do not check for an unused cpu core to use for fuzzing\n"
+      "AFL_POST_LIBRARY: postprocess generated test cases before use as target input\n"
+      "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n"
+      "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: don't warn about core dump handlers\n"
+      "ASAN_OPTIONS: custom settings for ASAN\n"
+      "              (must contain abort_on_error=1 and symbolize=0)\n"
+      "MSAN_OPTIONS: custom settings for MSAN\n"
+      "              (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n"
+      "AFL_SKIP_BIN_CHECK: skip the check, if the target is an excutable\n"
+      "AFL_PERSISTENT: not supported anymore -> no effect, just a warning\n"
+      "AFL_DEFER_FORKSRV: not supported anymore -> no effect, just a warning\n"
+      "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"
+      "AFL_BENCH_UNTIL_CRASH: exit soon when the first crashing input has been found\n"
+      , argv0, EXEC_TIMEOUT, MEM_LIMIT);
 
 #ifdef USE_PYTHON
   SAYF("Compiled with %s module support, see docs/python_mutators.md\n",