Merge pull request #1563 from nbars/stable

Fix child reaping on fuzzer termination

1 files changed, 14 insertions, 5 deletions

diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c
index 5199f7e6..ae6cb6c7 100644
--- a/src/afl-fuzz-state.c
+++ b/src/afl-fuzz-state.c
@@ -23,6 +23,7 @@
 
  */
 
+#include <signal.h>
 #include "afl-fuzz.h"
 #include "envs.h"
 
@@ -484,10 +485,15 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
 #endif
 
           } else if (!strncmp(env, "AFL_KILL_SIGNAL",
+                              afl_environment_variable_len)) {
+
+            afl->afl_env.afl_child_kill_signal =
+                (u8 *)get_afl_env(afl_environment_variables[i]);
 
+          } else if (!strncmp(env, "AFL_FORK_SERVER_KILL_SIGNAL",
                               afl_environment_variable_len)) {
 
-            afl->afl_env.afl_kill_signal =
+            afl->afl_env.afl_fsrv_kill_signal =
                 (u8 *)get_afl_env(afl_environment_variables[i]);
 
           } else if (!strncmp(env, "AFL_TARGET_ENV",
@@ -653,9 +659,13 @@ void afl_states_stop(void) {
   });
 
   LIST_FOREACH(&afl_states, afl_state_t, {
-
-    if (el->fsrv.child_pid > 0) kill(el->fsrv.child_pid, el->fsrv.kill_signal);
-    if (el->fsrv.fsrv_pid > 0) kill(el->fsrv.fsrv_pid, el->fsrv.kill_signal);
+    /* NOTE: We need to make sure that the parent (the forkserver) reap the child (see below). */
+    if (el->fsrv.child_pid > 0) kill(el->fsrv.child_pid, el->fsrv.child_kill_signal);
+    if (el->fsrv.fsrv_pid > 0) {
+      kill(el->fsrv.fsrv_pid, el->fsrv.fsrv_kill_signal);
+      /* Make sure the forkserver does not end up as zombie. */
+      waitpid(el->fsrv.fsrv_pid, NULL, 0);
+    }
 
   });
 
@@ -672,4 +682,3 @@ void afl_states_request_skip(void) {
   LIST_FOREACH(&afl_states, afl_state_t, { el->skip_requested = 1; });
 
 }
-