about summary refs log tree commit diff
path: root/src/afl-fuzz-init.c
diff options
context:
space:
mode:
authorvan Hauser <vh@thc.org>2020-09-05 16:16:56 +0200
committervan Hauser <vh@thc.org>2020-09-05 16:16:56 +0200
commitded4d093ff59b4459b04aaae9b3b7bbcdaadcdef (patch)
tree44270c99c699735ee19bc66d971f9b6af5447f88 /src/afl-fuzz-init.c
parent250892228888277262958d1b01b005e14440274e (diff)
downloadafl++-ded4d093ff59b4459b04aaae9b3b7bbcdaadcdef.tar.gz
skip crashes but keep for splices
Diffstat (limited to 'src/afl-fuzz-init.c')
-rw-r--r--src/afl-fuzz-init.c35


1 files changed, 29 insertions, 6 deletions
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index c834e5db..a5ebbcd8 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -713,11 +713,9 @@ void read_testcases(afl_state_t *afl, u8 *directory) {
 
     if (st.st_size > MAX_FILE) {
 
-      WARNF("Test case '%s' is too big (%s, limit is %s), skipping", fn2,
+      WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2,
             stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size),
             stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE));
-      ck_free(fn2);
-      continue;
 
     }
 
@@ -728,7 +726,8 @@ void read_testcases(afl_state_t *afl, u8 *directory) {
 
     if (!access(dfn, F_OK)) { passed_det = 1; }
 
-    add_to_queue(afl, fn2, st.st_size, passed_det);
+    add_to_queue(afl, fn2, st.st_size >= MAX_FILE ? MAX_FILE : st.st_size,
+                 passed_det);
 
   }
 
@@ -947,7 +946,31 @@ void perform_dry_run(afl_state_t *afl) {
 #undef MSG_ULIMIT_USAGE
 #undef MSG_FORK_ON_APPLE
 
-        FATAL("Test case '%s' results in a crash", fn);
+        WARNF("Test case '%s' results in a crash, skipping", fn);
+
+        /* Remove from fuzzing queue but keep for splicing */
+
+        struct queue_entry *p = afl->queue;
+        while (p && p->next != q)
+          p = p->next;
+
+        if (p)
+          p->next = q->next;
+        else
+          afl->queue = q->next;
+
+        --afl->pending_not_fuzzed;
+
+        afl->max_depth = 0;
+        p = afl->queue;
+        while (p) {
+
+          if (p->depth > afl->max_depth) afl->max_depth = p->depth;
+          p = p->next;
+
+        }
+
+        break;
 
       case FSRV_RUN_ERROR:
 
@@ -1067,7 +1090,7 @@ restart_outer_cull_loop:
 
     }
 
-    afl->queue = afl->queue_top = afl->queue;
+    afl->queue_top = afl->queue;
 
   }
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 23:03:25 +0000