Merge branch 'master' of github.com:vanhauser-thc/AFLplusplus

10 files changed, 35 insertions, 24 deletions

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 5d781545..2f8674c8 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -1,7 +1,7 @@
 # Changelog
 
   This is the list of all noteworthy changes made in every public release of
-  the tool. See README for the general instruction manual.
+  the tool. See README.md for the general instruction manual.
 
 ## Staying informed
 
@@ -9,7 +9,12 @@ Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
 
-### Version ++2.60d (develop):
+### Version ++2.61d (develop):
+
+  - ...
+
+
+### Version ++2.61c (release):
 
   - use -march=native if available
   - most tools now check for mistyped environment variables
@@ -17,6 +22,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - the memory safety checks are now disabled for a little more speed during
     fuzzing (only affects creating queue entries), can be toggled in config.h
   - afl-fuzz:
+     - MOpt out of bounds writing crash fixed
      - now prints the real python version support compiled in
      - set stronger performance compile options and little tweaks
      - Android: prefer bigcores when selecting a CPU
@@ -28,13 +34,18 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
      - bugfix for dictionary insert stage count (fix via Google repo PR)
      - added warning if -M is used together with custom mutators with _ONLY option
      - AFL_TMPDIR checks are now later and better explained if they fail
-  - llvm_mode InsTrim: no pointless instrumentation of 1 block functions
+  - llvm_mode 
+     - InsTrim: three bug fixes:
+        1. (minor) no pointless instrumentation of 1 block functions
+        2. (medium) path bug that leads a few blocks not instrumented that
+           should be
+        3. (major) incorrect prev_loc was written, fixed!
   - afl-clang-fast:
      - show in the help output for which llvm version it was compiled for
      - now does not need to be recompiled between trace-pc and pass
        instrumentation. compile normally and set AFL_LLVM_USE_TRACE_PC :)
      - LLVM 11 is supported
-     - CmpLog instrumentation using SanCov (see llvm_mode/README.cmplog)
+     - CmpLog instrumentation using SanCov (see llvm_mode/README.cmplog.md)
   - afl-gcc, afl-clang-fast, afl-gcc-fast:
      - experimental support for undefined behaviour sanitizer UBSAN
        (set AFL_USE_UBSAN=1)
@@ -178,7 +189,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - fix llvm_mode AFL_TRACE_PC with modern llvm
   - fix a crash in qemu_mode which also exists in stock afl
   - added libcompcov, a laf-intel implementation for qemu! :)
-    see qemu_mode/libcompcov/README.libcompcov
+    see qemu_mode/libcompcov/README.libcompcov.md
   - afl-fuzz now displays the selected core in the status screen (blue {#})
   - updated afl-fuzz and afl-system-config for new scaling governor location
     in modern kernels
@@ -187,8 +198,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - if llvm_mode was compiled, afl-clang/afl-clang++ will point to these
     instead of afl-gcc
   - added instrim, a much faster llvm_mode instrumentation at the cost of
-    path discovery. See llvm_mode/README.instrim (https://github.com/csienslab/instrim)
-  - added MOpt (github.com/puppet-meteor/MOpt-AFL) mode, see docs/README.MOpt
+    path discovery. See llvm_mode/README.instrim.md (https://github.com/csienslab/instrim)
+  - added MOpt (github.com/puppet-meteor/MOpt-AFL) mode, see docs/README.MOpt.md
   - added code to make it more portable to other platforms than Intel Linux
   - added never zero counters for afl-gcc and optionally (because of an
     optimization issue in llvm < 9) for llvm_mode (AFL_LLVM_NEVER_ZERO=1)
@@ -218,11 +229,11 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     LLVM and Qemu modes are now faster.
     Important changes:
       afl-fuzz: -e EXTENSION commandline option
-      llvm_mode: LAF-intel performance (needs activation, see llvm/README.laf-intel)
-      a few new environment variables for afl-fuzz, llvm and qemu, see docs/env_variables.txt
+      llvm_mode: LAF-intel performance (needs activation, see llvm/README.laf-intel.md)
+      a few new environment variables for afl-fuzz, llvm and qemu, see docs/env_variables.md
   - Added the power schedules of AFLfast by Marcel Boehme, but set the default
     to the AFL schedule, not to the FAST schedule. So nothing changes unless
-    you use the new -p option :-) - see docs/power_schedules.txt
+    you use the new -p option :-) - see docs/power_schedules.md
   - added afl-system-config script to set all system performance options for fuzzing
   - llvm_mode works with llvm 3.9 up to including 8 !
   - qemu_mode got upgraded from 2.1 to 3.1 - incorporated from 
@@ -465,7 +476,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - Added libtokencap, a simple feature to intercept strcmp / memcmp and
     generate dictionary entries that can help extend coverage.
 
-  - Moved libdislocator to its own dir, added README.
+  - Moved libdislocator to its own dir, added README.md.
 
   - The demo in examples/instrumented_cmp is no more.
 
diff --git a/docs/QuickStartGuide.md b/docs/QuickStartGuide.md
index f9e3b256..1e1d60b7 100644
--- a/docs/QuickStartGuide.md
+++ b/docs/QuickStartGuide.md
@@ -27,7 +27,7 @@ how to hit the ground running:
 
 4) Get a small but valid input file that makes sense to the program. When
    fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described in
-   dictionaries/README.dictionaries, too.
+   dictionaries/README.md, too.
 
 5) If the program reads from stdin, run 'afl-fuzz' like so:
 
diff --git a/docs/env_variables.md b/docs/env_variables.md
index c60821dc..9fc60187 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -2,7 +2,7 @@
 
   This document discusses the environment variables used by American Fuzzy Lop++
   to expose various exotic functions that may be (rarely) useful for power
-  users or for some types of custom fuzzing setups. See README for the general
+  users or for some types of custom fuzzing setups. See README.md for the general
   instruction manual.
 
 ## 1) Settings for afl-gcc, afl-clang, and afl-as - and gcc_plugin afl-gcc-fast
diff --git a/docs/life_pro_tips.md b/docs/life_pro_tips.md
index a0d90659..0724e83c 100644
--- a/docs/life_pro_tips.md
+++ b/docs/life_pro_tips.md
@@ -62,7 +62,7 @@ Specify `AFL_HARDEN=1` in the environment to enable hardening flags.
 
 ## Bumping into problems with non-reproducible crashes? 
 It happens, but usually
-isn't hard to diagnose. See section #7 in README for tips.
+isn't hard to diagnose. See section #7 in README.md for tips.
 
 ## Fuzzing is not just about memory corruption issues in the codebase. 
 Add some
@@ -87,4 +87,4 @@ use a postprocessor! See examples/post_library/ for more.
 
 ## Dealing with a very slow target or hoping for instant results? 
 
-Specify `-d` when calling afl-fuzz!
\ No newline at end of file
+Specify `-d` when calling afl-fuzz!
diff --git a/docs/notes_for_asan.md b/docs/notes_for_asan.md
index 9c49dc1f..feac49f9 100644
--- a/docs/notes_for_asan.md
+++ b/docs/notes_for_asan.md
@@ -1,7 +1,7 @@
 # Notes for using ASAN with afl-fuzz
 
   This file discusses some of the caveats for fuzzing under ASAN, and suggests
-  a handful of alternatives. See README for the general instruction manual.
+  a handful of alternatives. See README.md for the general instruction manual.
 
 ## 1) Short version
 
diff --git a/docs/parallel_fuzzing.md b/docs/parallel_fuzzing.md
index 0a2863fe..8b39df04 100644
--- a/docs/parallel_fuzzing.md
+++ b/docs/parallel_fuzzing.md
@@ -1,7 +1,7 @@
 # Tips for parallel fuzzing
 
   This document talks about synchronizing afl-fuzz jobs on a single machine
-  or across a fleet of systems. See README for the general instruction manual.
+  or across a fleet of systems. See README.md for the general instruction manual.
 
 ## 1) Introduction
 
diff --git a/docs/perf_tips.md b/docs/perf_tips.md
index 41d74447..fcd03db7 100644
--- a/docs/perf_tips.md
+++ b/docs/perf_tips.md
@@ -1,7 +1,7 @@
 ## Tips for performance optimization
 
   This file provides tips for troubleshooting slow or wasteful fuzzing jobs.
-  See README for the general instruction manual.
+  See README.md for the general instruction manual.
 
 ## 1. Keep your test cases small
 
@@ -221,4 +221,4 @@ early on, you can always resort to the `-d` mode.
 The mode causes `afl-fuzz` to skip all the deterministic fuzzing steps, which
 makes output a lot less neat and can ultimately make the testing a bit less
 in-depth, but it will give you an experience more familiar from other fuzzing
-tools.
\ No newline at end of file
+tools.
diff --git a/docs/sister_projects.md b/docs/sister_projects.md
index ecc3b924..1625044c 100644
--- a/docs/sister_projects.md
+++ b/docs/sister_projects.md
@@ -1,7 +1,7 @@
 # Sister projects
 
 This doc lists some of the projects that are inspired by, derived from,
-designed for, or meant to integrate with AFL. See README for the general
+designed for, or meant to integrate with AFL. See README.md for the general
 instruction manual.
 
 !!!
@@ -252,7 +252,7 @@ https://code.google.com/p/address-sanitizer/wiki/AsanCoverage#Coverage_counters
 ### AFL JS (Han Choongwoo)
 
 One-off optimizations to speed up the fuzzing of JavaScriptCore (now likely
-superseded by LLVM deferred forkserver init - see llvm_mode/README.llvm).
+superseded by LLVM deferred forkserver init - see llvm_mode/README.md).
 
 https://github.com/tunz/afl-fuzz-js
 
diff --git a/docs/status_screen.md b/docs/status_screen.md
index 066c2c07..0bc636c4 100644
--- a/docs/status_screen.md
+++ b/docs/status_screen.md
@@ -1,7 +1,7 @@
 # Understanding the status screen
 
 This document provides an overview of the status screen - plus tips for
-troubleshooting any warnings and red text shown in the UI. See README for
+troubleshooting any warnings and red text shown in the UI. See README.md for
 the general instruction manual.
 
 ## A note about colors
diff --git a/docs/technical_details.md b/docs/technical_details.md
index d53b30e3..996bf162 100644
--- a/docs/technical_details.md
+++ b/docs/technical_details.md
@@ -1,7 +1,7 @@
 # Technical "whitepaper" for afl-fuzz
 
 This document provides a quick overview of the guts of American Fuzzy Lop.
-See README for the general instruction manual; and for a discussion of
+See README.md for the general instruction manual; and for a discussion of
 motivations and design goals behind AFL, see historical_notes.md.
 
 ## 0. Design statement
@@ -542,4 +542,4 @@ It uses the following classification scheme:
     takes place.
   - "Magic value section" - a generic token where changes cause the type
     of binary behavior outlined earlier, but that doesn't meet any of the
-    other criteria. May be an atomically compared keyword or so.
\ No newline at end of file
+    other criteria. May be an atomically compared keyword or so.