Merge pull request #2012 from clesmian/dev

Fix bug where `-t 1000+` may result in enormous timeouts
author: van Hauser <vh@thc.org> 2024-02-23 13:53:15 +0100
committer: GitHub <noreply@github.com> 2024-02-23 13:53:15 +0100
commit: 1286d1906fd3eca18225089ae790e6ae53aff609 (patch)
tree: 6ed1e0f8a6556f1539ff342405ad47d87776bb47 /src/afl-fuzz.c
parent: 340d6aa97cd8fa18e8c7650ac9067e1b2688e8bb (diff)
parent: fae760fc9e4c63385c24fe07e5d5c3ab077b56bf (diff)
download: afl++-1286d1906fd3eca18225089ae790e6ae53aff609.tar.gz
1 files changed, 11 insertions, 2 deletions
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 9c89b2a1..08f716fa 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -2493,8 +2493,17 @@ int main(int argc, char **argv_orig, char **envp) {
 
       for (entry = 0; entry < afl->queued_items; ++entry)
         if (!afl->queue_buf[entry]->disabled)
-          if (afl->queue_buf[entry]->exec_us > max_ms)
-            max_ms = afl->queue_buf[entry]->exec_us;
+          if ((afl->queue_buf[entry]->exec_us/1000) > max_ms)
+            max_ms = afl->queue_buf[entry]->exec_us/1000;
+      
+      // Add 20% as a safety margin, capped to exec_tmout given in -t option
+      max_ms *= 1.2;
+      if(max_ms > afl->fsrv.exec_tmout)
+        max_ms = afl->fsrv.exec_tmout;
+      
+      // Ensure that there is a sensible timeout even for very fast binaries
+      if(max_ms < 5)
+        max_ms = 5;
 
       afl->fsrv.exec_tmout = max_ms;
       afl->timeout_given = 1;
author	van Hauser <vh@thc.org>	2024-02-23 13:53:15 +0100
committer	GitHub <noreply@github.com>	2024-02-23 13:53:15 +0100
commit	1286d1906fd3eca18225089ae790e6ae53aff609 (patch)
tree	6ed1e0f8a6556f1539ff342405ad47d87776bb47 /src/afl-fuzz.c
parent	340d6aa97cd8fa18e8c7650ac9067e1b2688e8bb (diff)
parent	fae760fc9e4c63385c24fe07e5d5c3ab077b56bf (diff)
download	afl++-1286d1906fd3eca18225089ae790e6ae53aff609.tar.gz