about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-cc.c3
-rw-r--r--src/afl-forkserver.c9
-rw-r--r--src/afl-fuzz.c11
3 files changed, 15 insertions, 8 deletions
diff --git a/src/afl-cc.c b/src/afl-cc.c
index 6aa0da6a..faa46103 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -828,7 +828,8 @@ static void instrument_mode_old_environ(aflcc_state_t *aflcc) {
   }
 
   if (getenv("AFL_LLVM_CTX")) aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CTX;
-  if (getenv("AFL_LLVM_CALLER") || getenv("AFL_LLVM_LTO_CALLER") || getenv("AFL_LLVM_LTO_CTX"))
+  if (getenv("AFL_LLVM_CALLER") || getenv("AFL_LLVM_LTO_CALLER") ||
+      getenv("AFL_LLVM_LTO_CTX"))
     aflcc->instrument_opt_mode |= INSTRUMENT_OPT_CALLER;
 
   if (getenv("AFL_LLVM_NGRAM_SIZE")) {
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 0d7c19c6..4877843d 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -1152,12 +1152,11 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
 
         }
 
-        while (dict_size != 0) {
+        while (offset < dict_size) {
 
-          rlen = read(fsrv->fsrv_st_fd, dict + offset, dict_size);
+          rlen = read(fsrv->fsrv_st_fd, dict + offset, dict_size - offset);
           if (rlen > 0) {
 
-            dict_size -= rlen;
             offset += rlen;
 
           } else {
@@ -1165,7 +1164,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
             FATAL(
                 "Reading autodictionary fail at position %u with %u bytes "
                 "left.",
-                offset, dict_size);
+                offset, dict_size - offset);
 
           }
 
@@ -1931,7 +1930,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
 
   if (exec_ms > timeout) {
 
-    /* If there was no response from forkserver after timeout seconds,
+    /* If there was no response from forkserver after timeout milliseconds,
     we kill the child. The forkserver should inform us afterwards */
 
     s32 tmp_pid = fsrv->child_pid;
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 9c89b2a1..443d93b0 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -2493,8 +2493,15 @@ int main(int argc, char **argv_orig, char **envp) {
 
       for (entry = 0; entry < afl->queued_items; ++entry)
         if (!afl->queue_buf[entry]->disabled)
-          if (afl->queue_buf[entry]->exec_us > max_ms)
-            max_ms = afl->queue_buf[entry]->exec_us;
+          if ((afl->queue_buf[entry]->exec_us / 1000) > max_ms)
+            max_ms = afl->queue_buf[entry]->exec_us / 1000;
+
+      // Add 20% as a safety margin, capped to exec_tmout given in -t option
+      max_ms *= 1.2;
+      if (max_ms > afl->fsrv.exec_tmout) max_ms = afl->fsrv.exec_tmout;
+
+      // Ensure that there is a sensible timeout even for very fast binaries
+      if (max_ms < 5) max_ms = 5;
 
       afl->fsrv.exec_tmout = max_ms;
       afl->timeout_given = 1;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-24 01:22:19 +0000