diff options
| -rw-r--r-- | src/afl-fuzz-cmplog.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 14 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 2 |
3 files changed, 8 insertions, 14 deletions
diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 6f201013..e2747097 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -37,13 +37,9 @@ void cmplog_exec_child(afl_forkserver_t *fsrv, char **argv) { setenv("___AFL_EINS_ZWEI_POLIZEI___", "1", 1); - if (!fsrv->qemu_mode && argv[0] != fsrv->cmplog_binary) { - - ck_free(argv[0]); + if (!fsrv->qemu_mode && argv[0] != fsrv->cmplog_binary) argv[0] = fsrv->cmplog_binary; - } - execv(argv[0], argv); } diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 9f79a5c9..1ddd7e1a 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -46,10 +46,10 @@ u8 run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { must prevent any earlier operations from venturing into that territory. */ - if (fsrv->trace_bits) memset(fsrv->trace_bits, 0, fsrv->map_size); + memset(fsrv->trace_bits, 0, fsrv->map_size); MEM_BARRIER(); - + /* we have the fork server (or faux server) up and running, so simply tell it to have at it, and then read back PID. */ @@ -120,18 +120,14 @@ u8 run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { MEM_BARRIER(); - if (fsrv->trace_bits) { - - tb4 = *(u32 *)fsrv->trace_bits; + tb4 = *(u32 *)fsrv->trace_bits; #ifdef WORD_SIZE_64 - classify_counts(afl, (u64 *)fsrv->trace_bits); + classify_counts(afl, (u64 *)fsrv->trace_bits); #else - classify_counts(afl, (u32 *)fsrv->trace_bits); + classify_counts(afl, (u32 *)fsrv->trace_bits); #endif /* ^WORD_SIZE_64 */ - } - fsrv->prev_timed_out = fsrv->child_timed_out; /* Report outcome to caller. */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a813906c..136a9519 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1022,6 +1022,8 @@ int main(int argc, char **argv_orig, char **envp) { ACTF("Spawning cmplog forkserver"); afl_fsrv_init_dup(&afl->cmplog_fsrv, &afl->fsrv); // TODO: this is semi-nice + afl->cmplog_fsrv.trace_bits = afl->fsrv.trace_bits; + afl->cmplog_fsrv.qemu_mode = afl->fsrv.qemu_mode; afl->cmplog_fsrv.cmplog_binary = afl->cmplog_binary; afl->cmplog_fsrv.init_child_func = cmplog_exec_child; afl_fsrv_start(&afl->cmplog_fsrv, afl->argv, &afl->stop_soon, |