Merge pull request #1392 from AFLplusplus/dev

push to stable
author: van Hauser <vh@thc.org> 2022-04-25 10:14:19 +0200
committer: GitHub <noreply@github.com> 2022-04-25 10:14:19 +0200
commit: c7bb0a9638a8929a5b664f16032c23a55a84be70 (patch)
tree: 2fb8cee9897c46a53e756e898de732c63f2a8842 /src/afl-fuzz-bitmap.c
parent: ac80678592ea4a790ab2eedccfec4e3bc9f96447 (diff)
parent: ee409d18a6678c3f5948f51db8964148cae021dc (diff)
download: afl++-c7bb0a9638a8929a5b664f16032c23a55a84be70.tar.gz
1 files changed, 34 insertions, 6 deletions
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index e4124bf5..7c2b35d6 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -292,6 +292,15 @@ void minimize_bits(afl_state_t *afl, u8 *dst, u8 *src) {
 
 u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) {
 
+  u8 is_timeout = 0;
+
+  if (new_bits & 0xf0) {
+
+    new_bits -= 0x80;
+    is_timeout = 1;
+
+  }
+
   size_t real_max_len =
       MIN(max_description_len, sizeof(afl->describe_op_buf_256));
   u8 *ret = afl->describe_op_buf_256;
@@ -325,6 +334,7 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) {
       ret[len_current] = '\0';
 
       ssize_t size_left = real_max_len - len_current - strlen(",+cov") - 2;
+      if (is_timeout) { size_left -= strlen(",+tout"); }
       if (unlikely(size_left <= 0)) FATAL("filename got too long");
 
       const char *custom_description =
@@ -370,6 +380,8 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) {
 
   }
 
+  if (is_timeout) { strcat(ret, ",+tout"); }
+
   if (new_bits == 2) { strcat(ret, ",+cov"); }
 
   if (unlikely(strlen(ret) >= max_description_len))
@@ -447,7 +459,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
   u8  fn[PATH_MAX];
   u8 *queue_fn = "";
-  u8  new_bits = 0, keeping = 0, res, classified = 0;
+  u8  new_bits = 0, keeping = 0, res, classified = 0, is_timeout = 0;
   s32 fd;
   u64 cksum = 0;
 
@@ -481,11 +493,14 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
     classified = new_bits;
 
+  save_to_queue:
+
 #ifndef SIMPLE_FILES
 
-    queue_fn = alloc_printf(
-        "%s/queue/id:%06u,%s", afl->out_dir, afl->queued_items,
-        describe_op(afl, new_bits, NAME_MAX - strlen("id:000000,")));
+    queue_fn =
+        alloc_printf("%s/queue/id:%06u,%s", afl->out_dir, afl->queued_items,
+                     describe_op(afl, new_bits + is_timeout,
+                                 NAME_MAX - strlen("id:000000,")));
 
 #else
 
@@ -596,7 +611,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
       }
 
-      ++afl->saved_tmouts;
+      is_timeout = 0x80;
 #ifdef INTROSPECTION
       if (afl->custom_mutators_count && afl->current_custom_fuzz) {
 
@@ -647,7 +662,20 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
         }
 
-        if (afl->stop_soon || new_fault != FSRV_RUN_TMOUT) { return keeping; }
+        if (afl->stop_soon || new_fault != FSRV_RUN_TMOUT) {
+
+          if (afl->afl_env.afl_keep_timeouts) {
+
+            ++afl->saved_tmouts;
+            goto save_to_queue;
+
+          } else {
+
+            return keeping;
+
+          }
+
+        }
 
       }
author	van Hauser <vh@thc.org>	2022-04-25 10:14:19 +0200
committer	GitHub <noreply@github.com>	2022-04-25 10:14:19 +0200
commit	c7bb0a9638a8929a5b664f16032c23a55a84be70 (patch)
tree	2fb8cee9897c46a53e756e898de732c63f2a8842 /src/afl-fuzz-bitmap.c
parent	ac80678592ea4a790ab2eedccfec4e3bc9f96447 (diff)
parent	ee409d18a6678c3f5948f51db8964148cae021dc (diff)
download	afl++-c7bb0a9638a8929a5b664f16032c23a55a84be70.tar.gz