diff options
| -rw-r--r-- | docs/env_variables.md | 1 | ||||
| -rw-r--r-- | src/afl-common.c | 4 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 8 |
3 files changed, 8 insertions, 5 deletions
diff --git a/docs/env_variables.md b/docs/env_variables.md index c3efa0c0..def1e297 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -355,6 +355,7 @@ checks or alter some of the more exotic semantics of the tool: and shell scripts; and `AFL_DUMB_FORKSRV` in conjunction with the `-n` setting to instruct afl-fuzz to still follow the fork server protocol without expecting any instrumentation data in return. + Note that this also turns off auto map size detection. - When running in the `-M` or `-S` mode, setting `AFL_IMPORT_FIRST` causes the fuzzer to import test cases from other instances before doing anything diff --git a/src/afl-common.c b/src/afl-common.c index 0fb1462e..8826de70 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -1110,6 +1110,10 @@ u32 get_map_size(void) { if (map_size % 64) { map_size = (((map_size >> 6) + 1) << 6); } + } else if (getenv("AFL_SKIP_BIN_CHECK")) { + + map_size = MAP_SIZE; + } return map_size; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 37659831..76c4ca37 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -238,7 +238,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TARGET_ENV: pass extra environment variables to target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" - "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n" + "AFL_SKIP_BIN_CHECK: skip afl compatability checks, also disables auto map size\n" "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n" "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" "AFL_STATSD: enables StatsD metrics collection\n" @@ -1718,8 +1718,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!afl->non_instrumented_mode && !afl->fsrv.qemu_mode && !afl->unicorn_mode && !afl->fsrv.frida_mode && - !((map_size == MAP_SIZE || map_size == 65536) && - afl->afl_env.afl_skip_bin_check)) { + !afl->afl_env.afl_skip_bin_check) { if (map_size <= DEFAULT_SHMEM_SIZE) { @@ -1780,8 +1779,7 @@ int main(int argc, char **argv_orig, char **envp) { afl->cmplog_fsrv.map_size < map_size) && !afl->non_instrumented_mode && !afl->fsrv.qemu_mode && !afl->fsrv.frida_mode && !afl->unicorn_mode && - !((map_size == MAP_SIZE || map_size == 65536) && - afl->afl_env.afl_skip_bin_check)) { + !afl->afl_env.afl_skip_bin_check) { afl->cmplog_fsrv.map_size = MAX(map_size, (u32)DEFAULT_SHMEM_SIZE); char vbuf[16]; |