aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--.gitignore1
-rw-r--r--include/afl-fuzz.h3
-rw-r--r--include/envs.h1
-rw-r--r--include/forkserver.h1
-rw-r--r--src/afl-forkserver.c6
-rw-r--r--src/afl-fuzz-state.c7
-rw-r--r--src/afl-fuzz.c17
7 files changed, 33 insertions, 3 deletions
diff --git a/.gitignore b/.gitignore
index b2c2fc62..4307fc4c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@
.sync_tmp
*.o
*.so
+*.swp
*.pyc
*.dSYM
as
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 148e6e84..1f1dda3a 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -353,7 +353,8 @@ typedef struct afl_env_vars {
afl_cal_fast, afl_cycle_schedules, afl_expand_havoc;
u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
- *afl_hang_tmout, *afl_skip_crashes, *afl_preload, *afl_max_det_extras;
+ *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload,
+ *afl_max_det_extras;
} afl_env_vars_t;
diff --git a/include/envs.h b/include/envs.h
index 4d50d0ff..c7761e19 100644
--- a/include/envs.h
+++ b/include/envs.h
@@ -48,6 +48,7 @@ static char *afl_environment_variables[] = {
"AFL_GCC_INSTRUMENT_FILE",
"AFL_GCJ",
"AFL_HANG_TMOUT",
+ "AFL_FORKSRV_INIT_TMOUT",
"AFL_HARDEN",
"AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES",
"AFL_IMPORT_FIRST",
diff --git a/include/forkserver.h b/include/forkserver.h
index d824c1c9..300ecffc 100644
--- a/include/forkserver.h
+++ b/include/forkserver.h
@@ -56,6 +56,7 @@ typedef struct afl_forkserver {
u8 no_unlink; /* do not unlink cur_input */
u32 exec_tmout; /* Configurable exec timeout (ms) */
+ u32 init_tmout; /* Configurable init timeout (ms) */
u32 map_size; /* map size used by the target */
u32 snapshot; /* is snapshot feature used */
u64 mem_limit; /* Memory cap for child (MB) */
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 9d9e81cd..51734579 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -79,6 +79,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) {
fsrv->use_stdin = 1;
fsrv->no_unlink = 0;
fsrv->exec_tmout = EXEC_TIMEOUT;
+ fsrv->init_tmout = EXEC_TIMEOUT * FORK_WAIT_MULT;
fsrv->mem_limit = MEM_LIMIT;
fsrv->out_file = NULL;
@@ -101,6 +102,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) {
fsrv_to->out_fd = from->out_fd;
fsrv_to->dev_null_fd = from->dev_null_fd;
fsrv_to->exec_tmout = from->exec_tmout;
+ fsrv_to->init_tmout = from->init_tmout;
fsrv_to->mem_limit = from->mem_limit;
fsrv_to->map_size = from->map_size;
fsrv_to->support_shmem_fuzz = from->support_shmem_fuzz;
@@ -519,13 +521,13 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
u32 time_ms =
read_s32_timed(fsrv->fsrv_st_fd, &status,
- fsrv->exec_tmout * FORK_WAIT_MULT, stop_soon_p);
+ fsrv->init_tmout, stop_soon_p);
if (!time_ms) {
kill(fsrv->fsrv_pid, SIGKILL);
- } else if (time_ms > fsrv->exec_tmout * FORK_WAIT_MULT) {
+ } else if (time_ms > fsrv->init_tmout) {
fsrv->last_run_timed_out = 1;
kill(fsrv->fsrv_pid, SIGKILL);
diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c
index 74798584..a8db8578 100644
--- a/src/afl-fuzz-state.c
+++ b/src/afl-fuzz-state.c
@@ -356,6 +356,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
afl->afl_env.afl_max_det_extras =
(u8 *)get_afl_env(afl_environment_variables[i]);
+ } else if (!strncmp(env, "AFL_FORKSRV_INIT_TMOUT",
+
+ afl_environment_variable_len)) {
+
+ afl->afl_env.afl_forksrv_init_tmout =
+ (u8 *) get_afl_env(afl_environment_variables[i]);
+
}
} else {
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 664cc076..ae5cb087 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -173,6 +173,7 @@ static void usage(u8 *argv0, int more_help) {
"AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n"
"AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n"
"AFL_HANG_TMOUT: override timeout value (in milliseconds)\n"
+ "AFL_FORKSRV_INIT_TMOUT: time spent waiting for forkserver during startup (in milliseconds)\n"
"AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: don't warn about core dump handlers\n"
"AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n"
"AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n"
@@ -969,6 +970,22 @@ int main(int argc, char **argv_orig, char **envp) {
}
+ if (afl->afl_env.afl_forksrv_init_tmout) {
+
+ afl->fsrv.init_tmout = atoi(afl->afl_env.afl_forksrv_init_tmout);
+ if (!afl->fsrv.init_tmout) {
+
+ FATAL("Invalid value of AFL_FORKSRV_INIT_TMOUT");
+
+ }
+
+ } else {
+
+ afl->fsrv.init_tmout = afl->fsrv.exec_tmout * FORK_WAIT_MULT;
+
+ }
+
+
if (afl->non_instrumented_mode == 2 && afl->no_forkserver) {
FATAL("AFL_DUMB_FORKSRV and AFL_NO_FORKSRV are mutually exclusive");
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-23 23:07:23 +0000