Merge branch 'master' of github.com:vanhauser-thc/AFLplusplus

5 files changed, 40 insertions, 5 deletions

diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c
index 1358a1fb..01b242b8 100644
--- a/src/afl-fuzz-globals.c
+++ b/src/afl-fuzz-globals.c
@@ -259,3 +259,7 @@ PyObject *py_functions[PY_FUNC_COUNT];
 
 #endif
 
+#ifdef _AFL_DOCUMENT_MUTATIONS
+  u8 do_document;
+  u32 document_counter;
+#endif
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 4908626a..fab82e2d 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1478,8 +1478,9 @@ void check_cpu_governor(void) {
        "    to make afl-fuzz skip this check - but expect some performance "
        "drop.\n",
        min / 1024, max / 1024);
+  FATAL("Suboptimal CPU scaling governor");
 
-#else
+#elif defined __APPLE__
   u64   min = 0, max = 0;
   size_t mlen = sizeof(min);
   if (getenv("AFL_SKIP_CPUFREQ")) return;
@@ -1510,8 +1511,8 @@ void check_cpu_governor(void) {
        "    to make afl-fuzz skip this check - but expect some performance "
        "drop.\n",
        min / 1024, max / 1024);
-#endif
   FATAL("Suboptimal CPU scaling governor");
+#endif
 }
 
 /* Count the number of logical CPU cores. */
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 59483b8f..1824f0b2 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -4231,6 +4231,7 @@ pacemaker_fuzzing:
 
 #define core_fuzzing(a) common_fuzzing((a), MOpt_globals_core)
 
+
 void pso_updating(void) {
 
   g_now += 1;
@@ -4310,6 +4311,22 @@ void pso_updating(void) {
 u8 fuzz_one(char** argv) {
 
   int key_val_lv = 0;
+
+#ifdef _AFL_DOCUMENT_MUTATIONS
+  if (do_document == 0) {
+    char *fn = alloc_printf("%s/mutations", out_dir);
+    if (fn) {
+      do_document = mkdir(fn, 0700); // if it exists we do not care
+      do_document = 1;
+      ck_free(fn);
+    } else
+      PFATAL("malloc()");
+  } else {
+    do_document = 2;
+    stop_soon = 2;
+  }
+#endif
+
   if (limit_time_sig == 0) {
 
     key_val_lv = fuzz_one_original(argv);
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index f2f663dc..220433fc 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -251,6 +251,18 @@ void write_to_testcase(void* mem, u32 len) {
 
   s32 fd = out_fd;
 
+#ifdef _AFL_DOCUMENT_MUTATIONS
+  s32 doc_fd;
+  char *fn = alloc_printf("%s/mutations/%09u:%s", out_dir, document_counter++, describe_op(0));
+  if (fn != NULL) {
+    if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600)) >= 0) {
+      if (write(doc_fd, mem, len) != len) PFATAL("write to mutation file failed: %s", fn);
+      close(doc_fd);
+    }
+    ck_free(fn);
+  }
+#endif
+
   if (out_file) {
 
     // unlink(out_file);                                     /* Ignore errors.
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index 803faced..5e773e96 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -576,12 +576,13 @@ void show_stats(void) {
                 "  imported : " cRST "%-10s" bSTG       bV "\n",
        tmp, sync_id ? DI(queued_imported) : (u8*)"n/a");
 
-  sprintf(tmp, "%s/%s, %s/%s, %s/%s", DI(stage_finds[STAGE_HAVOC]),
+  sprintf(tmp, "%s/%s, %s/%s, %s/%s, %s/%s", DI(stage_finds[STAGE_HAVOC]),
           DI(stage_cycles[STAGE_HAVOC]), DI(stage_finds[STAGE_SPLICE]),
           DI(stage_cycles[STAGE_SPLICE]), DI(stage_finds[STAGE_PYTHON]),
-          DI(stage_cycles[STAGE_PYTHON]));
+          DI(stage_cycles[STAGE_PYTHON]), DI(stage_finds[STAGE_CUSTOM_MUTATOR]),
+          DI(stage_cycles[STAGE_CUSTOM_MUTATOR]));
 
-  SAYF(bV bSTOP "       havoc : " cRST "%-36s " bSTG bV bSTOP, tmp);
+  SAYF(bV bSTOP "havoc/custom : " cRST "%-36s " bSTG bV bSTOP, tmp);
 
   if (t_bytes)
     sprintf(tmp, "%0.02f%%", stab_ratio);