about summary refs log tree commit diff
path: root/src/afl-fuzz.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/afl-fuzz.c')
-rw-r--r--src/afl-fuzz.c33
1 files changed, 23 insertions, 10 deletions
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index aa36a6c6..dc0eb4a7 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -90,13 +90,13 @@ static void usage(u8 *argv0, int more_help) {
 
       "Execution control settings:\n"
       "  -p schedule   - power schedules compute a seed's performance score:\n"
-      "                  <seek (default), explore, rare, exploit, mmopt, coe, "
+      "                  <explore(default), rare, exploit, seek, mmopt, coe, "
       "fast,\n"
       "                  lin, quad> -- see docs/power_schedules.md\n"
       "  -f file       - location read by the fuzzed program (default: stdin "
       "or @@)\n"
       "  -t msec       - timeout for each run (auto-scaled, 50-%d ms)\n"
-      "  -m megs       - memory limit for child process (%d MB)\n"
+      "  -m megs       - memory limit for child process (%d MB, 0 = no limit)\n"
       "  -Q            - use binary-only instrumentation (QEMU mode)\n"
       "  -U            - use unicorn-based instrumentation (Unicorn mode)\n"
       "  -W            - use qemu-based instrumentation with Wine (Wine "
@@ -251,7 +251,8 @@ int main(int argc, char **argv_orig, char **envp) {
   u64 prev_queued = 0;
   u32 sync_interval_cnt = 0, seek_to, show_help = 0, map_size = MAP_SIZE;
   u8 *extras_dir[4];
-  u8 mem_limit_given = 0, exit_1 = 0, debug = 0, extras_dir_cnt = 0, have_p = 0;
+  u8  mem_limit_given = 0, exit_1 = 0, debug = 0,
+     extras_dir_cnt = 0 /*, have_p = 0*/;
   char **use_argv;
 
   struct timeval  tv;
@@ -369,7 +370,7 @@ int main(int argc, char **argv_orig, char **envp) {
 
         }
 
-        have_p = 1;
+        // have_p = 1;
 
         break;
 
@@ -934,7 +935,7 @@ int main(int argc, char **argv_orig, char **envp) {
       OKF("Using seek power schedule (SEEK)");
       break;
     case EXPLORE:
-      OKF("Using exploration-based constant power schedule (EXPLORE, default)");
+      OKF("Using exploration-based constant power schedule (EXPLORE)");
       break;
     default:
       FATAL("Unknown power schedule");
@@ -942,6 +943,13 @@ int main(int argc, char **argv_orig, char **envp) {
 
   }
 
+  /* Dynamically allocate memory for AFLFast schedules */
+  if (afl->schedule >= FAST && afl->schedule <= RARE) {
+
+    afl->n_fuzz = ck_alloc(N_FUZZ_SIZE * sizeof(u32));
+
+  }
+
   if (get_afl_env("AFL_NO_FORKSRV")) { afl->no_forkserver = 1; }
   if (get_afl_env("AFL_NO_CPU_RED")) { afl->no_cpu_meter_red = 1; }
   if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; }
@@ -1330,11 +1338,11 @@ int main(int argc, char **argv_orig, char **envp) {
       afl->cur_skipped_paths = 0;
       afl->queue_cur = afl->queue;
 
-      while (seek_to) {
+      if (seek_to) {
 
-        ++afl->current_entry;
-        --seek_to;
-        afl->queue_cur = afl->queue_cur->next;
+        afl->current_entry = seek_to;
+        afl->queue_cur = afl->queue_buf[seek_to];
+        seek_to = 0;
 
       }
 
@@ -1373,10 +1381,15 @@ int main(int argc, char **argv_orig, char **envp) {
               afl->expand_havoc = 2;
               break;
             case 2:
-              if (!have_p) afl->schedule = EXPLOIT;
+              // if (!have_p) afl->schedule = EXPLOIT;
+              afl->havoc_stack_pow2++;
               afl->expand_havoc = 3;
               break;
             case 3:
+              afl->havoc_stack_pow2++;
+              afl->expand_havoc = 4;
+              break;
+            case 4:
               // nothing else currently
               break;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-01 18:20:35 +0000