diff options
Diffstat (limited to 'src/afl-fuzz-run.c')
| -rw-r--r-- | src/afl-fuzz-run.c | 50 |
1 files changed, 28 insertions, 22 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index a1e8417f..2a1664e2 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -156,16 +156,22 @@ static void write_with_gap(afl_state_t *afl, void *mem, u32 len, u32 skip_at, *afl->fsrv.shmem_fuzz_len = len - skip_len; #ifdef _DEBUG - fprintf(stderr, "FS crc: %08x len: %u\n", - hash64(fsrv->shmem_fuzz, *fsrv->shmem_fuzz_len, 0xa5b35705), - *fsrv->shmem_fuzz_len); - fprintf(stderr, "SHM :"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", fsrv->shmem_fuzz[i]); - fprintf(stderr, "\nORIG:"); - for (int i = 0; i < *fsrv->shmem_fuzz_len; i++) - fprintf(stderr, "%02x", buf[i]); - fprintf(stderr, "\n"); + if (afl->debug) { + + fprintf( + stderr, "FS crc: %16llx len: %u\n", + hash64(afl->fsrv.shmem_fuzz, *afl->fsrv.shmem_fuzz_len, 0xa5b35705), + *afl->fsrv.shmem_fuzz_len); + fprintf(stderr, "SHM :"); + for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++) + fprintf(stderr, "%02x", afl->fsrv.shmem_fuzz[i]); + fprintf(stderr, "\nORIG:"); + for (int i = 0; i < *afl->fsrv.shmem_fuzz_len; i++) + fprintf(stderr, "%02x", (u8)((u8 *)mem)[i]); + fprintf(stderr, "\n"); + + } + #endif return; @@ -262,6 +268,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, if (afl->fsrv.support_shmem_fuzz && !afl->fsrv.use_shmem_fuzz) { + unsetenv(SHM_FUZZ_ENV_VAR); afl_shm_deinit(afl->shm_fuzz); ck_free(afl->shm_fuzz); afl->shm_fuzz = NULL; @@ -286,12 +293,6 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, u64 cksum; - if (!first_run && !(afl->stage_cur % afl->stats_update_freq)) { - - show_stats(afl); - - } - write_to_testcase(afl, use_mem, q->len); fault = fuzz_run_target(afl, &afl->fsrv, use_tmout); @@ -413,7 +414,7 @@ void sync_fuzzers(afl_state_t *afl) { DIR * sd; struct dirent *sd_ent; u32 sync_cnt = 0, synced = 0, entries = 0; - u8 path[PATH_MAX]; + u8 path[PATH_MAX + 256]; sd = opendir(afl->sync_dir); if (!sd) { PFATAL("Unable to open '%s'", afl->sync_dir); } @@ -427,7 +428,7 @@ void sync_fuzzers(afl_state_t *afl) { while ((sd_ent = readdir(sd))) { u8 qd_synced_path[PATH_MAX], qd_path[PATH_MAX]; - u32 min_accept = 0, next_min_accept; + u32 min_accept = 0, next_min_accept = 0; s32 id_fd; @@ -466,6 +467,12 @@ void sync_fuzzers(afl_state_t *afl) { synced++; + /* document the attempt to sync to this instance */ + + sprintf(qd_synced_path, "%s/.synced/%s.last", afl->out_dir, sd_ent->d_name); + id_fd = open(qd_synced_path, O_RDWR | O_CREAT | O_TRUNC, 0600); + if (id_fd >= 0) close(id_fd); + /* Skip anything that doesn't have a queue/ subdirectory. */ sprintf(qd_path, "%s/%s/queue", afl->sync_dir, sd_ent->d_name); @@ -490,14 +497,13 @@ void sync_fuzzers(afl_state_t *afl) { if (id_fd < 0) { PFATAL("Unable to create '%s'", qd_synced_path); } - if (read(id_fd, &min_accept, sizeof(u32)) > 0) { + if (read(id_fd, &min_accept, sizeof(u32)) == sizeof(u32)) { + next_min_accept = min_accept; lseek(id_fd, 0, SEEK_SET); } - next_min_accept = min_accept; - /* Show stats */ snprintf(afl->stage_name_buf, STAGE_BUF_SIZE, "sync %u", ++sync_cnt); @@ -533,7 +539,7 @@ void sync_fuzzers(afl_state_t *afl) { s32 fd; struct stat st; - sprintf(path, "%s/%s", qd_path, namelist[o]->d_name); + snprintf(path, sizeof(path), "%s/%s", qd_path, namelist[o]->d_name); afl->syncing_case = next_min_accept; next_min_accept++; o--; |