about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--docs/parallel_fuzzing.md11
-rw-r--r--src/afl-common.c6
2 files changed, 7 insertions, 10 deletions
diff --git a/docs/parallel_fuzzing.md b/docs/parallel_fuzzing.md
index e37276a5..d24f2837 100644
--- a/docs/parallel_fuzzing.md
+++ b/docs/parallel_fuzzing.md
@@ -27,9 +27,8 @@ will not be able to use that input to guide their work.
 To help with this problem, afl-fuzz offers a simple way to synchronize test
 cases on the fly.
 
-Note that AFL++ has AFLfast's power schedules implemented.
-It is therefore a good idea to use different power schedules if you run
-several instances in parallel. See [power_schedules.md](power_schedules.md)
+It is a good idea to use different power schedules if you run several instances
+in parallel (`-p` option).
 
 Alternatively running other AFL spinoffs in parallel can be of value,
 e.g. Angora (https://github.com/AngoraFuzzer/Angora/)
@@ -39,7 +38,7 @@ e.g. Angora (https://github.com/AngoraFuzzer/Angora/)
 If you wish to parallelize a single job across multiple cores on a local
 system, simply create a new, empty output directory ("sync dir") that will be
 shared by all the instances of afl-fuzz; and then come up with a naming scheme
-for every instance - say, "fuzzer01", "fuzzer02", etc. 
+for every instance - say, "fuzzer01", "fuzzer02", etc.
 
 Run the first one ("main node", -M) like this:
 
@@ -93,7 +92,7 @@ file name.
 
 There is support for parallelizing the deterministic checks.
 This is only needed where
- 
+
  1. many new paths are found fast over a long time and it looks unlikely that
     main node will ever catch up, and
  2. deterministic fuzzing is actively helping path discovery (you can see this
@@ -195,7 +194,7 @@ to keep in mind:
   - You do not want a "main" instance of afl-fuzz on every system; you should
     run them all with -S, and just designate a single process somewhere within
     the fleet to run with -M.
-    
+
   - Syncing is only necessary for the main nodes on a system. It is possible
     to run main-less with only secondaries. However then you need to find out
     which secondary took over the temporary role to be the main node. Look for
diff --git a/src/afl-common.c b/src/afl-common.c
index db19f0a7..26a0d54b 100644
--- a/src/afl-common.c
+++ b/src/afl-common.c
@@ -217,11 +217,10 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
 
   }
 
-  char **new_argv = ck_alloc(sizeof(char *) * (argc + 4));
+  char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
   if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
 
   memcpy(&new_argv[3], &argv[1], (int)(sizeof(char *)) * (argc - 1));
-  new_argv[argc + 3] = NULL;
 
   new_argv[2] = *target_path_p;
   new_argv[1] = "--";
@@ -237,11 +236,10 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
 
 char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
 
-  char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
+  char **new_argv = ck_alloc(sizeof(char *) * (argc + 2));
   if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
 
   memcpy(&new_argv[2], &argv[1], (int)(sizeof(char *)) * (argc - 1));
-  new_argv[argc + 2] = NULL;
 
   new_argv[1] = *target_path_p;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-20 23:25:07 +0000