diff options
| author | van Hauser <vh@thc.org> | 2020-11-06 09:37:14 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-11-06 09:37:14 +0100 |
| commit | 3b799c09cd68bb68b26784261f1fbaa3e737c747 (patch) | |
| tree | e581c3689d5fe231678464bb6bd48cab75c7db41 /src/afl-fuzz-run.c | |
| parent | 5ee63a6e6267e448342ccb28cc8d3c0d34ffc1cd (diff) | |
| parent | 50c98445fe74b92d2e6ab784def3e8b26a662b36 (diff) | |
| download | afl++-3b799c09cd68bb68b26784261f1fbaa3e737c747.tar.gz | |
Merge pull request #594 from AFLplusplus/dev
push to stable
Diffstat (limited to 'src/afl-fuzz-run.c')
| -rw-r--r-- | src/afl-fuzz-run.c | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index d71ec339..e969994d 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -243,7 +243,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, } else if (afl->fsrv.out_file) { - if (afl->no_unlink) { + if (unlikely(afl->no_unlink)) { fd = open(afl->fsrv.out_file, O_WRONLY | O_CREAT | O_TRUNC, 0600); @@ -394,6 +394,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, unlikely(afl->first_trace[i] != afl->fsrv.trace_bits[i])) { afl->var_bytes[i] = 1; + // ignore the variable edge by setting it to fully discovered + afl->virgin_bits[i] = 0; } @@ -585,9 +587,10 @@ void sync_fuzzers(afl_state_t *afl) { u8 entry[12]; sprintf(entry, "id:%06u", next_min_accept); + while (m < n) { - if (memcmp(namelist[m]->d_name, entry, 9)) { + if (strcmp(namelist[m]->d_name, entry)) { m++; @@ -690,6 +693,8 @@ void sync_fuzzers(afl_state_t *afl) { u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { + u32 orig_len = q->len; + /* Custom mutator trimmer */ if (afl->custom_mutators_count) { @@ -707,6 +712,12 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { }); + if (orig_len != q->len || custom_trimmed) { + + queue_testcase_retake(afl, q, orig_len); + + } + if (custom_trimmed) return trimmed_case; } @@ -813,7 +824,7 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { s32 fd; - if (afl->no_unlink) { + if (unlikely(afl->no_unlink)) { fd = open(q->fname, O_WRONLY | O_CREAT | O_TRUNC, 0600); @@ -840,6 +851,8 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { close(fd); + queue_testcase_retake_mem(afl, q, in_buf, q->len, orig_len); + memcpy(afl->fsrv.trace_bits, afl->clean_trace, afl->fsrv.map_size); update_bitmap_score(afl, q); |