Merge branch 'master' of github.com:vanhauser-thc/AFLplusplus

4 files changed, 14 insertions, 3 deletions

diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index d867a318..746fc982 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -683,6 +683,10 @@ u8 save_if_interesting(char** argv, void* mem, u32 len, u8 fault) {
 #endif                                                    /* ^!SIMPLE_FILES */
 
       ++unique_crashes;
+      
+      if (infoexec) // if the user wants to be informed on new crashes - do that
+        if (system(infoexec) == -1)
+          hnb += 0; // we dont care if system errors, but we dont want a compiler warning either
 
       last_crash_time = get_cur_time();
       last_crash_execs = total_execs;
diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c
index a8c17922..a5ccfdf9 100644
--- a/src/afl-fuzz-globals.c
+++ b/src/afl-fuzz-globals.c
@@ -74,7 +74,8 @@ u8 *in_dir,                             /* Input directory with test cases  */
     *file_extension,                    /* File extension                   */
     *orig_cmdline;                      /* Original command line            */
 u8 *doc_path,                           /* Path to documentation dir        */
-    *out_file;                          /* File to fuzz, if any             */
+   *infoexec,				/* Command to execute on a new crash */
+   *out_file;                           /* File to fuzz, if any             */
 
 u32 exec_tmout = EXEC_TIMEOUT;          /* Configurable exec timeout (ms)   */
 u32 hang_tmout = EXEC_TIMEOUT;          /* Timeout used for hang det (ms)   */
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index 5e773e96..f1bc1c8a 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -421,7 +421,7 @@ void show_stats(void) {
      together, but then cram them into a fixed-width field - so we need to
      put them in a temporary buffer first. */
 
-  sprintf(tmp, "%s%s%u (%0.02f%%)", DI(current_entry),
+  sprintf(tmp, "%s%s%u (%0.01f%%)", DI(current_entry),
           queue_cur->favored ? "." : "*", queue_cur->fuzz_level,
           ((double)current_entry * 100) / queued_paths);
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 027db2f0..3460f91d 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -76,6 +76,7 @@ static void usage(u8* argv0) {
       "Other stuff:\n"
       "  -T text       - text banner to show on the screen\n"
       "  -M / -S id    - distributed mode (see parallel_fuzzing.txt)\n"
+      "  -I command    - execute this command/script when a new crash is found\n"
       "  -B bitmap.txt - mutate a specific test case, use the out/fuzz_bitmap "
       "file\n"
       "  -C            - crash exploration mode (the peruvian rabbit thing)\n"
@@ -133,10 +134,15 @@ int main(int argc, char** argv) {
   init_seed = tv.tv_sec ^ tv.tv_usec ^ getpid();
 
   while ((opt = getopt(argc, argv,
-                       "+i:o:f:m:t:T:dnCB:S:M:x:QUWe:p:s:V:E:L:h")) > 0)
+                       "+i:I:o:f:m:t:T:dnCB:S:M:x:QUWe:p:s:V:E:L:h")) > 0)
 
     switch (opt) {
 
+      case 'I':
+
+        infoexec = optarg;
+        break;
+
       case 's': {
 
         init_seed = strtoul(optarg, 0L, 10);