about summary refs log tree commit diff
path: root/src/afl-forkserver.c
diff options
context:
space:
mode:
authorNils Bars <nils.bars@rub.de>2022-10-20 13:14:29 +0200
committerNils Bars <nils.bars@rub.de>2022-10-20 18:08:07 +0200
commitf84ea696606b3dd6ae40006e5efb9f178651e916 (patch)
tree3989c18c5f2705925d012b1ca4a6bd3bfa9f2c83 /src/afl-forkserver.c
parent5ccf38941472bda9415d14edc4ecefaa43c79d67 (diff)
downloadafl++-f84ea696606b3dd6ae40006e5efb9f178651e916.tar.gz
Fix child reaping on fuzzer termination
This commit contains the following changes:
    - Call `waitpid()` on the child and the fork server when terminating the
      fuzzer; thus, we do not end up with zombies.
    - Rename `fsrv.kill_signal` to `fsrv.child_kill_signal`, since the
      documentation states that the signal is used to terminate the *child*.
    - Use SIGTERM instead of fsrv.(child)_kill_signal, thus the fork server
      can always reap the child.
Diffstat (limited to 'src/afl-forkserver.c')
-rw-r--r--src/afl-forkserver.c17
1 files changed, 8 insertions, 9 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 628ff590..71da7fde 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -100,7 +100,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) {
   fsrv->init_tmout = EXEC_TIMEOUT * FORK_WAIT_MULT;
   fsrv->mem_limit = MEM_LIMIT;
   fsrv->out_file = NULL;
-  fsrv->kill_signal = SIGKILL;
+  fsrv->child_kill_signal = SIGKILL;
 
   /* exec related stuff */
   fsrv->child_pid = -1;
@@ -134,7 +134,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) {
   fsrv_to->no_unlink = from->no_unlink;
   fsrv_to->uses_crash_exitcode = from->uses_crash_exitcode;
   fsrv_to->crash_exitcode = from->crash_exitcode;
-  fsrv_to->kill_signal = from->kill_signal;
+  fsrv_to->child_kill_signal = from->child_kill_signal;
   fsrv_to->debug = from->debug;
 
   // These are forkserver specific.
@@ -793,7 +793,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
       s32 tmp_pid = fsrv->fsrv_pid;
       if (tmp_pid > 0) {
 
-        kill(tmp_pid, fsrv->kill_signal);
+        kill(tmp_pid, fsrv->child_kill_signal);
         fsrv->fsrv_pid = -1;
 
       }
@@ -804,7 +804,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
       s32 tmp_pid = fsrv->fsrv_pid;
       if (tmp_pid > 0) {
 
-        kill(tmp_pid, fsrv->kill_signal);
+        kill(tmp_pid, fsrv->child_kill_signal);
         fsrv->fsrv_pid = -1;
 
       }
@@ -1242,10 +1242,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
 
 void afl_fsrv_kill(afl_forkserver_t *fsrv) {
 
-  if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->kill_signal); }
+  if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->child_kill_signal); }
   if (fsrv->fsrv_pid > 0) {
 
-    kill(fsrv->fsrv_pid, fsrv->kill_signal);
+    kill(fsrv->fsrv_pid, SIGTERM);
     if (waitpid(fsrv->fsrv_pid, NULL, 0) <= 0) { WARNF("error waitpid\n"); }
 
   }
@@ -1545,7 +1545,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
     s32 tmp_pid = fsrv->child_pid;
     if (tmp_pid > 0) {
 
-      kill(tmp_pid, fsrv->kill_signal);
+      kill(tmp_pid, fsrv->child_kill_signal);
       fsrv->child_pid = -1;
 
     }
@@ -1605,7 +1605,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
   /* Did we timeout? */
   if (unlikely(fsrv->last_run_timed_out)) {
 
-    fsrv->last_kill_signal = fsrv->kill_signal;
+    fsrv->last_kill_signal = fsrv->child_kill_signal;
     return FSRV_RUN_TMOUT;
 
   }
@@ -1688,4 +1688,3 @@ void afl_fsrv_deinit(afl_forkserver_t *fsrv) {
   list_remove(&fsrv_list, fsrv);
 
 }
-