diff options
| author | van Hauser <vh@thc.org> | 2021-01-26 12:15:13 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2021-01-26 12:15:13 +0100 |
| commit | e0663c91b9cbf1bdc46593dec4ba11224e6847d7 (patch) | |
| tree | 96a92fa3da08b6c90e0d8004132f5a35a41c678d | |
| parent | 7c381a782e3bb05335df745ea6130c0a668463da (diff) | |
| download | afl++-e0663c91b9cbf1bdc46593dec4ba11224e6847d7.tar.gz | |
wip fix
| -rw-r--r-- | src/afl-fuzz-init.c | 23 | ||||
| -rw-r--r-- | src/afl-fuzz-one.c | 13 |
2 files changed, 27 insertions, 9 deletions
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index fed58eb6..2cb152a9 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1026,6 +1026,14 @@ void perform_dry_run(afl_state_t *afl) { /* Remove from fuzzing queue but keep for splicing */ struct queue_entry *p = afl->queue; + + if (!p->disabled && !p->was_fuzzed) { + + --afl->pending_not_fuzzed; + --afl->active_paths; + + } + p->disabled = 1; p->perf_score = 0; while (p && p->next != q) @@ -1036,9 +1044,6 @@ void perform_dry_run(afl_state_t *afl) { else afl->queue = q->next; - --afl->pending_not_fuzzed; - --afl->active_paths; - afl->max_depth = 0; p = afl->queue; while (p) { @@ -1123,8 +1128,16 @@ restart_outer_cull_loop: if (!p->cal_failed && p->exec_cksum == q->exec_cksum) { duplicates = 1; - --afl->pending_not_fuzzed; - afl->active_paths--; + if (!p->disabled && !q->disabled && !p->was_fuzzed && !q->was_fuzzed) { + + --afl->pending_not_fuzzed; + afl->active_paths--; + + } else { + + FATAL("disabled entry? this should not happen, please report!"); + + } // We do not remove any of the memory allocated because for // splicing the data might still be interesting. diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index a7262eec..af768183 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2782,11 +2782,16 @@ abandon_entry: cycle and have not seen this entry before. */ if (!afl->stop_soon && !afl->queue_cur->cal_failed && - (afl->queue_cur->was_fuzzed == 0 || afl->queue_cur->fuzz_level == 0)) { + (afl->queue_cur->was_fuzzed == 0 || afl->queue_cur->fuzz_level == 0) && + !afl->queue_cur->disabled) { - --afl->pending_not_fuzzed; - afl->queue_cur->was_fuzzed = 1; - if (afl->queue_cur->favored) { --afl->pending_favored; } + if (!afl->queue_cur->was_fuzzed) { + + --afl->pending_not_fuzzed; + afl->queue_cur->was_fuzzed = 1; + if (afl->queue_cur->favored) { --afl->pending_favored; } + + } } |