about summary refs log tree commit diff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/Changelog.md5
-rw-r--r--docs/custom_mutators.md35
-rw-r--r--docs/env_variables.md5
-rw-r--r--docs/sister_projects.md7
4 files changed, 28 insertions, 24 deletions
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 0b5c11e8..ef5759c8 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -9,12 +9,14 @@ Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
 
-### Version ++2.64d (develop):
+### Version ++2.65c (release):
   - afl-fuzz:
      - AFL_MAP_SIZE was not working correctly
      - better python detection
      - an old, old bug in afl that would show negative stability in rare
        circumstances is now hopefully fixed
+     - AFL_POST_LIBRARY was deprecated, use AFL_CUSTOM_MUTATOR_LIBRARY
+       instead (see docs/custom_mutators.md)
   - llvm_mode:
      - afl-clang-fast/lto now do not skip single block functions. This
        behaviour can be reactivated with AFL_LLVM_SKIPSINGLEBLOCK
@@ -35,6 +37,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - gcc_plugin:
     - better dependency checks
   - unicorn_mode:
+    - validate_crash_callback can now count non-crashing inputs as crash as well
     - better submodule handling
   - afl-showmap: fix for -Q mode
   - added examples/afl_network_proxy which allows to fuzz a target over the
diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md
index 3cd874b9..464acbee 100644
--- a/docs/custom_mutators.md
+++ b/docs/custom_mutators.md
@@ -33,13 +33,14 @@ C/C++:
 ```c
 void *afl_custom_init(afl_t *afl, unsigned int seed);
 size_t afl_custom_fuzz(void *data, uint8_t *buf, size_t buf_size, u8 **out_buf, uint8_t *add_buf, size_t add_buf_size, size_t max_size);
-size_t afl_custom_pre_save(void *data, uint8_t *buf, size_t buf_size, uint8_t **out_buf);
+size_t afl_custom_post_process(void *data, uint8_t *buf, size_t buf_size, uint8_t **out_buf);
 int32_t afl_custom_init_trim(void *data, uint8_t *buf, size_t buf_size);
 size_t afl_custom_trim(void *data, uint8_t **out_buf);
 int32_t afl_custom_post_trim(void *data, int success) {
 size_t afl_custom_havoc_mutation(void *data, u8 *buf, size_t buf_size, u8 **out_buf, size_t max_size);
 uint8_t afl_custom_havoc_mutation_probability(void *data);
-uint8_t afl_custom_queue_get(void *data, const uint8_t *filename); void afl_custom_queue_new_entry(void *data, const uint8_t *filename_new_queue, const uint8_t *filename_orig_queue);
+uint8_t afl_custom_queue_get(void *data, const uint8_t *filename);
+void afl_custom_queue_new_entry(void *data, const uint8_t *filename_new_queue, const uint8_t *filename_orig_queue);
 void afl_custom_deinit(void *data);
 ```
 
@@ -51,7 +52,7 @@ def init(seed):
 def fuzz(buf, add_buf, max_size):
     return mutated_out
 
-def pre_save(buf):
+def post_process(buf):
     return out_buf
 
 def init_trim(buf):
@@ -84,13 +85,16 @@ def queue_new_entry(filename_new_queue, filename_orig_queue):
 
 - `queue_get` (optional):
 
-    This method determines whether the fuzzer should fuzz the current queue
-    entry or not
+    This method determines whether the custom fuzzer should fuzz the current
+    queue entry or not
 
-- `fuzz` (required):
+- `fuzz` (optional):
 
     This method performs custom mutations on a given input. It also accepts an
     additional test case.
+    Note that this function is optional - but it makes sense to use it.
+    You would only skip this if `post_process` is used to fix checksums etc.
+    so you are using it e.g. as a post processing library.
 
 - `havoc_mutation` and `havoc_mutation_probability` (optional):
 
@@ -99,7 +103,7 @@ def queue_new_entry(filename_new_queue, filename_orig_queue):
     `havoc_mutation_probability`, returns the probability that `havoc_mutation`
     is called in havoc. By default, it is 6%.
 
-- `pre_save` (optional):
+- `post_process` (optional):
 
     For some cases, the format of the mutated data returned from the custom
     mutator is not suitable to directly execute the target with this input.
@@ -107,13 +111,20 @@ def queue_new_entry(filename_new_queue, filename_orig_queue):
     protobuf format which corresponds to a given grammar. In order to execute
     the target, the protobuf data must be converted to the plain-text format
     expected by the target. In such scenarios, the user can define the
-    `pre_save` function. This function is then transforms the data into the
+    `post_process` function. This function is then transforming the data into the
     format expected by the API before executing the target.
 
 - `queue_new_entry` (optional):
 
     This methods is called after adding a new test case to the queue.
 
+- `deinit`:
+
+    The last method to be called, deinitializing the state.
+
+Note that there are also three functions for trimming as described in the
+next section.
+
 ### Trimming Support
 
 The generic trimming routines implemented in AFL++ can easily destroy the
@@ -160,10 +171,8 @@ trimmed input. Here's a quick API description:
     In any case, this method must return the next trim iteration index (from 0
     to the maximum amount of steps you returned in `init_trim`).
 
-`deinit` the last method to be called, deinitializing the state.
-
-Omitting any of three methods will cause the trimming to be disabled and trigger
-a fallback to the builtin default trimming routine.
+Omitting any of three trimming methods will cause the trimming to be disabled
+and trigger a fallback to the builtin default trimming routine.
 
 ### Environment Variables
 
@@ -214,7 +223,7 @@ For C/C++ mutator, the source code must be compiled as a shared object:
 gcc -shared -Wall -O3 example.c -o example.so
 ```
 Note that if you specify multiple custom mutators, the corresponding functions will
-be called in the order in which they are specified. e.g first `pre_save` function of
+be called in the order in which they are specified. e.g first `post_process` function of
 `example_first.so` will be called and then that of `example_second.so`
 
 ### Run
diff --git a/docs/env_variables.md b/docs/env_variables.md
index 36e5a432..2668be7d 100644
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@@ -310,9 +310,8 @@ checks or alter some of the more exotic semantics of the tool:
     else. This makes the "own finds" counter in the UI more accurate.
     Beyond counter aesthetics, not much else should change.
 
-  - Setting AFL_POST_LIBRARY allows you to configure a postprocessor for
-    mutated files - say, to fix up checksums. See examples/post_library/
-    for more.
+  - Note that AFL_POST_LIBRARY is deprecated, use AFL_CUSTOM_MUTATOR_LIBRARY
+    instead (see below).
 
   - Setting AFL_CUSTOM_MUTATOR_LIBRARY to a shared library with
     afl_custom_fuzz() creates additional mutations through this library.
diff --git a/docs/sister_projects.md b/docs/sister_projects.md
index 1625044c..a501ecbd 100644
--- a/docs/sister_projects.md
+++ b/docs/sister_projects.md
@@ -56,13 +56,6 @@ functionality is now available as the "persistent" feature described in
 
 http://llvm.org/docs/LibFuzzer.html
 
-## AFL fixup shim (Ben Nagy)
-
-Allows AFL_POST_LIBRARY postprocessors to be written in arbitrary languages
-that don't have C / .so bindings. Includes examples in Go.
-
-https://github.com/bnagy/aflfix
-
 ## TriforceAFL (Tim Newsham and Jesse Hertz)
 
 Leverages QEMU full system emulation mode to allow AFL to target operating
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-22 18:16:36 +0000