2 files changed, 12 insertions, 2 deletions

diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index c5b01da8..f3a76492 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -1027,11 +1027,17 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) {
 
   }
 
-  /* Modulo is biased - we don't want our fuzzing to be biased so let's do it right. */
-  u64 unbiased_rnd; 
+  /* Modulo is biased - we don't want our fuzzing to be biased so let's do it
+   right. See:
+   https://stackoverflow.com/questions/10984974/why-do-people-say-there-is-modulo-bias-when-using-a-random-number-generator
+   */
+  u64 unbiased_rnd;
   do {
+
     unbiased_rnd = rand_next(afl);
+
   } while (unlikely(unbiased_rnd >= (UINT64_MAX - (UINT64_MAX % limit))));
+
   return unbiased_rnd % limit;
 
 }
diff --git a/include/envs.h b/include/envs.h
index c7761e19..2dc1dbbf 100644
--- a/include/envs.h
+++ b/include/envs.h
@@ -112,12 +112,16 @@ static char *afl_environment_variables[] = {
     "AFL_QEMU_COMPCOV_DEBUG",
     "AFL_QEMU_DEBUG_MAPS",
     "AFL_QEMU_DISABLE_CACHE",
+    "AFL_QEMU_DRIVER_NO_HOOK",
     "AFL_QEMU_PERSISTENT_ADDR",
     "AFL_QEMU_PERSISTENT_CNT",
     "AFL_QEMU_PERSISTENT_GPR",
     "AFL_QEMU_PERSISTENT_HOOK",
     "AFL_QEMU_PERSISTENT_RET",
     "AFL_QEMU_PERSISTENT_RETADDR_OFFSET",
+    "AFL_QEMU_PERSISTENT_EXITS",
+    "AFL_QEMU_INST_RANGES",
+    "AFL_QEMU_SNAPSHOT",
     "AFL_QUIET",
     "AFL_RANDOM_ALLOC_CANARY",
     "AFL_REAL_PATH",