diff options
| author | van Hauser <vh@thc.org> | 2023-08-09 14:39:25 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-08-09 14:39:25 +0000 |
| commit | b4bd33961c645b1fed059d5ff8269911bc941cc9 (patch) | |
| tree | f8e77e6b0d5411cd831bd7a644c23b17ef89af37 /src/afl-fuzz-init.c | |
| parent | 7f3b0a9503f90b86e8c196c6b405f0a4c8a7babc (diff) | |
| parent | fcdfe9e990d84ab477cd3c571cbf540e8bc8e15a (diff) | |
| download | afl++-b4bd33961c645b1fed059d5ff8269911bc941cc9.tar.gz | |
Merge pull request #1821 from junwha0511/crashing-seeds-as-new-crash
Implement an option for treating crashing seeds as new crash
Diffstat (limited to 'src/afl-fuzz-init.c')
| -rw-r--r-- | src/afl-fuzz-init.c | 107 |
1 files changed, 86 insertions, 21 deletions
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 24fd7077..d994d749 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1057,9 +1057,18 @@ void perform_dry_run(afl_state_t *afl) { fn, (int)(s8)afl->fsrv.crash_exitcode); } else { - - WARNF("Test case '%s' results in a crash, skipping", fn); - + if (afl->afl_env.afl_crashing_seeds_as_new_crash) { + + WARNF( + "Test case '%s' results in a crash, " + "as AFL_CRASHING_SEEDS_AS_NEW_CRASH is set, " + "saving as a new crash", fn); + + } else { + + WARNF("Test case '%s' results in a crash, skipping", fn); + + } } if (afl->afl_env.afl_exit_on_seed_issues) { @@ -1078,38 +1087,94 @@ void perform_dry_run(afl_state_t *afl) { } - q->disabled = 1; - q->perf_score = 0; + /* Crashing seeds will be regarded as new crashes on startup */ + if (afl->afl_env.afl_crashing_seeds_as_new_crash) { + + ++afl->total_crashes; - u32 i = 0; - while (unlikely(i < afl->queued_items && afl->queue_buf[i] && - afl->queue_buf[i]->disabled)) { + if (likely(!afl->non_instrumented_mode)) { - ++i; + classify_counts(&afl->fsrv); + + simplify_trace(afl, afl->fsrv.trace_bits); - } + if (!has_new_bits(afl, afl->virgin_crash)) { break; } + + } + + + if (unlikely(!afl->saved_crashes) && + (afl->afl_env.afl_no_crash_readme != 1)) { + + write_crash_readme(afl); + + } + + u8 crash_fn[PATH_MAX]; + u8 *use_name = strstr(q->fname, ",orig:"); + + afl->stage_name = "dry_run"; + afl->stage_short = "dry_run"; + + #ifndef SIMPLE_FILES + + snprintf(crash_fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s", afl->out_dir, + afl->saved_crashes, afl->fsrv.last_kill_signal, + describe_op(afl, 0, NAME_MAX - strlen("id:000000,sig:00,") - strlen(use_name)), use_name); + + #else - if (i < afl->queued_items && afl->queue_buf[i]) { + snprintf(crash_fn, PATH_MAX, "%s/crashes/id_%06llu_%02u", afl->out_dir, + afl->saved_crashes, afl->fsrv.last_kill_signal); - afl->queue = afl->queue_buf[i]; + #endif + + ++afl->saved_crashes; + + fd = open(crash_fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + if (unlikely(fd < 0)) { PFATAL("Unable to create '%s'", crash_fn); } + ck_write(fd, use_mem, read_len, crash_fn); + close(fd); + + afl->last_crash_time = get_cur_time(); + afl->last_crash_execs = afl->fsrv.total_execs; } else { - afl->queue = afl->queue_buf[0]; + u32 i = 0; + while (unlikely(i < afl->queued_items && afl->queue_buf[i] && + afl->queue_buf[i]->disabled)) { - } + ++i; - afl->max_depth = 0; - for (i = 0; i < afl->queued_items && likely(afl->queue_buf[i]); i++) { + } - if (!afl->queue_buf[i]->disabled && - afl->queue_buf[i]->depth > afl->max_depth) - afl->max_depth = afl->queue_buf[i]->depth; + if (i < afl->queued_items && afl->queue_buf[i]) { - } + afl->queue = afl->queue_buf[i]; - break; + } else { + + afl->queue = afl->queue_buf[0]; + + } + + afl->max_depth = 0; + for (i = 0; i < afl->queued_items && likely(afl->queue_buf[i]); i++) { + + if (!afl->queue_buf[i]->disabled && + afl->queue_buf[i]->depth > afl->max_depth) + afl->max_depth = afl->queue_buf[i]->depth; + + } + + } + + q->disabled = 1; + q->perf_score = 0; + break; + case FSRV_RUN_ERROR: FATAL("Unable to execute target application ('%s')", afl->argv[0]); |