diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/Changelog.md | 9 | ||||
| -rw-r--r-- | docs/env_variables.md | 8 | ||||
| -rw-r--r-- | docs/fuzzing_binary-only_targets.md | 2 | ||||
| -rw-r--r-- | docs/fuzzing_in_depth.md | 4 |
4 files changed, 15 insertions, 8 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md index 5e4de45a..71607542 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -18,8 +18,10 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. to variables queue items instead of 12. - afl-cc: - fixed off-by-one bug in our pcguard implemenation, thanks for - @toka for reporting + @tokatoka for reporting + - fix for llvm 15 and reenabling LTO, thanks to nikic for the PR! - better handling of -fsanitize=..,...,.. lists + - support added for LLVMFuzzerRunDriver() - fix gcc_mode cmplog - obtain the map size of a target with setting AFL_DUMP_MAP_SIZE=1 note that this will exit the target before main() @@ -27,6 +29,11 @@ sending a mail to <afl-users+subscribe@googlegroups.com>. - added AFL_QEMU_TRACK_UNSTABLE to log the addresses of unstable edges (together with AFL_DEBUG=1 afl-fuzz). thanks to worksbutnottested! + - afl-analyze broke at some point, fix by CodeLogicError, thank you! + - unicorn_mode: + - updated upstream unicorn version + - fixed builds for aarch64 + - build now uses all available cores ### Version ++4.02c (release) diff --git a/docs/env_variables.md b/docs/env_variables.md index bb54357b..1abe9438 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -455,7 +455,7 @@ checks or alter some of the more exotic semantics of the tool: normally done when starting up the forkserver and causes a pretty significant performance drop. - - `AFL_NO_SNAPSHOT` will advice afl-fuzz not to use the snapshot feature if + - `AFL_NO_SNAPSHOT` will advise afl-fuzz not to use the snapshot feature if the snapshot lkm is loaded. - Setting `AFL_NO_UI` inhibits the UI altogether and just periodically prints @@ -473,7 +473,7 @@ checks or alter some of the more exotic semantics of the tool: some targets keep inherent state due which a detected crash test case does not crash the target again when the test case is given. To be able to still re-trigger these crashes, you can use the `AFL_PERSISTENT_RECORD` variable - with a value of how many previous fuzz cases to keep prio a crash. If set to + with a value of how many previous fuzz cases to keep prior a crash. If set to e.g., 10, then the 9 previous inputs are written to out/default/crashes as RECORD:000000,cnt:000000 to RECORD:000000,cnt:000008 and RECORD:000000,cnt:000009 being the crash case. NOTE: This option needs to be @@ -694,8 +694,8 @@ support. * `AFL_FRIDA_STALKER_ADJACENT_BLOCKS` - Configure the number of adjacent blocks to fetch when generating instrumented code. By fetching blocks in the same order they appear in the original program, rather than the order of execution - should help reduce locallity and adjacency. This includes allowing us to - vector between adjancent blocks using a NOP slide rather than an immediate + should help reduce locality and adjacency. This includes allowing us to + vector between adjacent blocks using a NOP slide rather than an immediate branch. * `AFL_FRIDA_STALKER_IC_ENTRIES` - Configure the number of inline cache entries stored along-side branch instructions which provide a cache to avoid having to diff --git a/docs/fuzzing_binary-only_targets.md b/docs/fuzzing_binary-only_targets.md index c97af1b9..266920e6 100644 --- a/docs/fuzzing_binary-only_targets.md +++ b/docs/fuzzing_binary-only_targets.md @@ -291,7 +291,7 @@ its IPT performance is just 6%! There are many binary-only fuzzing frameworks. Some are great for CTFs but don't work with large binaries, others are very slow but have good path discovery, -some are very hard to set-up... +some are very hard to set up... * Jackalope: [https://github.com/googleprojectzero/Jackalope](https://github.com/googleprojectzero/Jackalope) diff --git a/docs/fuzzing_in_depth.md b/docs/fuzzing_in_depth.md index 92c9910b..a0bf1566 100644 --- a/docs/fuzzing_in_depth.md +++ b/docs/fuzzing_in_depth.md @@ -523,7 +523,7 @@ mode!) and switch the input directory with a dash (`-`): afl-fuzz -i - -o output -- bin/target -someopt @@ ``` -Adding a dictionary is helpful. You have to following options: +Adding a dictionary is helpful. You have the following options: * See the directory [dictionaries/](../dictionaries/), if something is already included for your @@ -672,7 +672,7 @@ The syncing process itself is very simple. As the `-M main-$HOSTNAME` instance syncs to all `-S` secondaries as well as to other fuzzers, you have to copy only this directory to the other machines. -Lets say all servers have the `-o out` directory in /target/foo/out, and you +Let's say all servers have the `-o out` directory in /target/foo/out, and you created a file `servers.txt` which contains the hostnames of all participating servers, plus you have an ssh key deployed to all of them, then run: |