diff options
Diffstat (limited to 'src/afl-fuzz-one.c')
| -rw-r--r-- | src/afl-fuzz-one.c | 146 |
1 files changed, 73 insertions, 73 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index f4d3b77f..96c32a86 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -423,7 +423,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } else if (!afl->non_instrumented_mode && !afl->queue_cur->favored && - afl->queued_paths > 10) { + afl->queued_items > 10) { /* Otherwise, still possibly skip non-favored cases, albeit less often. The odds of skipping stuff are higher for already-fuzzed inputs and @@ -449,7 +449,7 @@ u8 fuzz_one_original(afl_state_t *afl) { ACTF( "Fuzzing test case #%u (%u total, %llu uniq crashes found, " "perf_score=%0.0f, exec_us=%llu, hits=%u, map=%u, ascii=%u)...", - afl->current_entry, afl->queued_paths, afl->unique_crashes, + afl->current_entry, afl->queued_items, afl->saved_crashes, afl->queue_cur->perf_score, afl->queue_cur->exec_us, likely(afl->n_fuzz) ? afl->n_fuzz[afl->queue_cur->n_fuzz_entry] : 0, afl->queue_cur->bitmap_size, afl->queue_cur->is_ascii); @@ -492,7 +492,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(afl->stop_soon) || res != afl->crash_mode) { - ++afl->cur_skipped_paths; + ++afl->cur_skipped_items; goto abandon_entry; } @@ -519,7 +519,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(afl->stop_soon)) { - ++afl->cur_skipped_paths; + ++afl->cur_skipped_items; goto abandon_entry; } @@ -566,8 +566,8 @@ u8 fuzz_one_original(afl_state_t *afl) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || afl->queue_cur->favored || - !(afl->fsrv.total_execs % afl->queued_paths) || - get_cur_time() - afl->last_path_time > 300000) { // 300 seconds + !(afl->fsrv.total_execs % afl->queued_items) || + get_cur_time() - afl->last_find_time > 300000) { // 300 seconds if (input_to_state_stage(afl, in_buf, out_buf, len)) { @@ -630,7 +630,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_val_type = STAGE_VAL_NONE; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; prev_cksum = afl->queue_cur->exec_cksum; @@ -734,7 +734,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP1] += afl->stage_max; @@ -766,7 +766,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP2] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP2] += afl->stage_max; @@ -802,7 +802,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP4] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP4] += afl->stage_max; @@ -909,7 +909,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->blocks_eff_total += EFF_ALEN(len); - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP8] += afl->stage_max; @@ -952,7 +952,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP16] += afl->stage_max; @@ -995,7 +995,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP32] += afl->stage_max; @@ -1087,7 +1087,7 @@ skip_bitflip: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH8] += afl->stage_max; @@ -1217,7 +1217,7 @@ skip_bitflip: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH16] += afl->stage_max; @@ -1346,7 +1346,7 @@ skip_bitflip: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH32] += afl->stage_max; @@ -1412,7 +1412,7 @@ skip_arith: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST8] += afl->stage_max; @@ -1500,7 +1500,7 @@ skip_arith: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST16] += afl->stage_max; @@ -1589,7 +1589,7 @@ skip_arith: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST32] += afl->stage_max; @@ -1662,7 +1662,7 @@ skip_interest: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_UO] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_UO] += afl->stage_max; @@ -1718,7 +1718,7 @@ skip_interest: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_UI] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_UI] += afl->stage_max; @@ -1776,7 +1776,7 @@ skip_user_extras: } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max; @@ -1806,7 +1806,7 @@ custom_mutator_stage: const u32 max_seed_size = MAX_FILE, saved_max = afl->stage_max; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; #ifdef INTROSPECTION afl->mutation[0] = 0; @@ -1850,7 +1850,7 @@ custom_mutator_stage: do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (unlikely(tid == afl->current_entry || @@ -1890,7 +1890,7 @@ custom_mutator_stage: /* If we're finding new stuff, let's run for a bit longer, limits permitting. */ - if (afl->queued_paths != havoc_queued) { + if (afl->queued_items != havoc_queued) { if (perf_score <= afl->havoc_max_mult * 100) { @@ -1899,7 +1899,7 @@ custom_mutator_stage: } - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; } @@ -1926,7 +1926,7 @@ custom_mutator_stage: if (!has_custom_fuzz) goto havoc_stage; - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_CUSTOM_MUTATOR] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_CUSTOM_MUTATOR] += afl->stage_max; @@ -1972,9 +1972,9 @@ havoc_stage: temp_len = len; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; if (afl->custom_mutators_count) { @@ -2023,7 +2023,7 @@ havoc_stage: } - if (unlikely(get_cur_time() - afl->last_path_time > 5000 /* 5 seconds */ && + if (unlikely(get_cur_time() - afl->last_find_time > 5000 /* 5 seconds */ && afl->ready_for_splicing_count > 1)) { /* add expensive havoc cases here if there is no findings in the last 5s */ @@ -2669,7 +2669,7 @@ havoc_stage: u32 tid; do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); @@ -2757,7 +2757,7 @@ havoc_stage: /* If we're finding new stuff, let's run for a bit longer, limits permitting. */ - if (afl->queued_paths != havoc_queued) { + if (afl->queued_items != havoc_queued) { if (perf_score <= afl->havoc_max_mult * 100) { @@ -2766,13 +2766,13 @@ havoc_stage: } - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; } } - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; if (!splice_cycle) { @@ -2821,7 +2821,7 @@ retry_splicing: do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); @@ -2945,7 +2945,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } else if (!afl->non_instrumented_mode && !afl->queue_cur->favored && - afl->queued_paths > 10) { + afl->queued_items > 10) { /* Otherwise, still possibly skip non-favored cases, albeit less often. The odds of skipping stuff are higher for already-fuzzed inputs and @@ -2969,7 +2969,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->not_on_tty) { ACTF("Fuzzing test case #%u (%u total, %llu uniq crashes found)...", - afl->current_entry, afl->queued_paths, afl->unique_crashes); + afl->current_entry, afl->queued_items, afl->saved_crashes); fflush(stdout); } @@ -3010,7 +3010,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->stop_soon || res != afl->crash_mode) { - ++afl->cur_skipped_paths; + ++afl->cur_skipped_items; goto abandon_entry; } @@ -3037,7 +3037,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (unlikely(afl->stop_soon)) { - ++afl->cur_skipped_paths; + ++afl->cur_skipped_items; goto abandon_entry; } @@ -3082,8 +3082,8 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || - !(afl->fsrv.total_execs % afl->queued_paths) || - get_cur_time() - afl->last_path_time > 300000) { // 300 seconds + !(afl->fsrv.total_execs % afl->queued_items) || + get_cur_time() - afl->last_find_time > 300000) { // 300 seconds if (input_to_state_stage(afl, in_buf, out_buf, len)) { @@ -3101,10 +3101,10 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { cur_ms_lv = get_cur_time(); if (!(afl->key_puppet == 0 && - ((cur_ms_lv - afl->last_path_time < (u32)afl->limit_time_puppet) || + ((cur_ms_lv - afl->last_find_time < (u32)afl->limit_time_puppet) || (afl->last_crash_time != 0 && cur_ms_lv - afl->last_crash_time < (u32)afl->limit_time_puppet) || - afl->last_path_time == 0))) { + afl->last_find_time == 0))) { afl->key_puppet = 1; goto pacemaker_fuzzing; @@ -3156,7 +3156,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { afl->stage_val_type = STAGE_VAL_NONE; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; prev_cksum = afl->queue_cur->exec_cksum; @@ -3259,7 +3259,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for afl->stage_cur */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP1] += afl->stage_max; @@ -3290,7 +3290,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for afl->stage_cur */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP2] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP2] += afl->stage_max; @@ -3325,7 +3325,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for afl->stage_cur */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP4] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP4] += afl->stage_max; @@ -3431,7 +3431,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { afl->blocks_eff_total += EFF_ALEN(len); - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP8] += afl->stage_max; @@ -3473,7 +3473,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP16] += afl->stage_max; @@ -3515,7 +3515,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { } /* for i = 0; i < len - 3 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_FLIP32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP32] += afl->stage_max; @@ -3605,7 +3605,7 @@ skip_bitflip: } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH8] += afl->stage_max; @@ -3731,7 +3731,7 @@ skip_bitflip: } /* for i = 0; i < len - 1 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH16] += afl->stage_max; @@ -3856,7 +3856,7 @@ skip_bitflip: } /* for i = 0; i < len - 3 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_ARITH32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_ARITH32] += afl->stage_max; @@ -3921,7 +3921,7 @@ skip_arith: } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST8] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST8] += afl->stage_max; @@ -4007,7 +4007,7 @@ skip_arith: } /* for i = 0; i < len - 1 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST16] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST16] += afl->stage_max; @@ -4094,7 +4094,7 @@ skip_arith: } /* for i = 0; i < len - 3 */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_INTEREST32] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_INTEREST32] += afl->stage_max; @@ -4167,7 +4167,7 @@ skip_interest: } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_UO] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_UO] += afl->stage_max; @@ -4223,7 +4223,7 @@ skip_interest: } /* for i = 0; i <= len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_UI] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_UI] += afl->stage_max; @@ -4282,7 +4282,7 @@ skip_user_extras: } /* for i = 0; i < len */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max; @@ -4335,7 +4335,7 @@ pacemaker_fuzzing: if (unlikely(afl->orig_hit_cnt_puppet == 0)) { - afl->orig_hit_cnt_puppet = afl->queued_paths + afl->unique_crashes; + afl->orig_hit_cnt_puppet = afl->queued_items + afl->saved_crashes; afl->last_limit_time_start = get_cur_time(); afl->SPLICE_CYCLES_puppet = (rand_below( @@ -4380,9 +4380,9 @@ pacemaker_fuzzing: temp_len = len; - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; + orig_hit_cnt = afl->queued_items + afl->saved_crashes; - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; u32 r_max; @@ -4948,7 +4948,7 @@ pacemaker_fuzzing: u32 tid; do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (tid == afl->current_entry || @@ -5029,7 +5029,7 @@ pacemaker_fuzzing: ++*MOpt_globals.pTime; - u64 temp_total_found = afl->queued_paths + afl->unique_crashes; + u64 temp_total_found = afl->queued_items + afl->saved_crashes; if (common_fuzz_stuff(afl, out_buf, temp_len)) { @@ -5048,7 +5048,7 @@ pacemaker_fuzzing: /* If we're finding new stuff, let's run for a bit longer, limits permitting. */ - if (afl->queued_paths != havoc_queued) { + if (afl->queued_items != havoc_queued) { if (perf_score <= afl->havoc_max_mult * 100) { @@ -5057,15 +5057,15 @@ pacemaker_fuzzing: } - havoc_queued = afl->queued_paths; + havoc_queued = afl->queued_items; } - if (unlikely(afl->queued_paths + afl->unique_crashes > + if (unlikely(afl->queued_items + afl->saved_crashes > temp_total_found)) { u64 temp_temp_puppet = - afl->queued_paths + afl->unique_crashes - temp_total_found; + afl->queued_items + afl->saved_crashes - temp_total_found; afl->total_puppet_find = afl->total_puppet_find + temp_temp_puppet; if (MOpt_globals.is_pilot_mode) { @@ -5099,7 +5099,7 @@ pacemaker_fuzzing: ++afl->stage_cur) { */ - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; if (MOpt_globals.is_pilot_mode) { @@ -5149,7 +5149,7 @@ pacemaker_fuzzing: do { - tid = rand_below(afl, afl->queued_paths); + tid = rand_below(afl, afl->queued_items); } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); @@ -5235,8 +5235,8 @@ pacemaker_fuzzing: if (afl->key_puppet == 1) { if (unlikely( - afl->queued_paths + afl->unique_crashes > - ((afl->queued_paths + afl->unique_crashes) * limit_time_bound + + afl->queued_items + afl->saved_crashes > + ((afl->queued_items + afl->saved_crashes) * limit_time_bound + afl->orig_hit_cnt_puppet))) { afl->key_puppet = 0; @@ -5251,7 +5251,7 @@ pacemaker_fuzzing: afl->total_pacemaker_time += *MOpt_globals.pTime; *MOpt_globals.pTime = 0; - new_hit_cnt = afl->queued_paths + afl->unique_crashes; + new_hit_cnt = afl->queued_items + afl->saved_crashes; if (MOpt_globals.is_pilot_mode) { |