about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-cc.c5
-rw-r--r--src/afl-fuzz-bitmap.c13
-rw-r--r--src/afl-fuzz-mutators.c1
-rw-r--r--src/afl-fuzz-one.c10
-rw-r--r--src/afl-fuzz-queue.c4
-rw-r--r--src/afl-showmap.c25
-rw-r--r--src/afl-tmin.c11
7 files changed, 47 insertions, 22 deletions
diff --git a/src/afl-cc.c b/src/afl-cc.c
index d35b177d..9899f973 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -767,6 +767,11 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
         cc_params[cc_par_cnt++] = afllib;
 
+#ifdef __APPLE__
+        cc_params[cc_par_cnt++] = "-undefined";
+        cc_params[cc_par_cnt++] = "dynamic_lookup";
+#endif
+
       }
 
       continue;
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index 97f10e6f..0a9242a5 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -551,19 +551,18 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
     }
 
-    if (cksum)
-      afl->queue_top->exec_cksum = cksum;
-    else
-      cksum = afl->queue_top->exec_cksum =
-          hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
-
-    if (afl->schedule >= FAST && afl->schedule <= RARE) {
+    /* AFLFast schedule? update the new queue entry */
+    if (cksum) {
 
       afl->queue_top->n_fuzz_entry = cksum % N_FUZZ_SIZE;
       afl->n_fuzz[afl->queue_top->n_fuzz_entry] = 1;
 
     }
 
+    /* due to classify counts we have to recalculate the checksum */
+    cksum = afl->queue_top->exec_cksum =
+        hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
+
     /* Try to calibrate inline; this also calls update_bitmap_score() when
        successful. */
 
diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c
index 91bae48e..5332b9fe 100644
--- a/src/afl-fuzz-mutators.c
+++ b/src/afl-fuzz-mutators.c
@@ -432,6 +432,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,
 
       if (afl->stop_soon || fault == FSRV_RUN_ERROR) { goto abort_trimming; }
 
+      classify_counts(&afl->fsrv);
       cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
 
     }
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index f03249e9..7274f679 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -2057,7 +2057,7 @@ havoc_stage:
               temp_len = new_len;
               if (out_buf != custom_havoc_buf) {
 
-                afl_realloc(AFL_BUF_PARAM(out), temp_len);
+                out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len);
                 if (unlikely(!afl->out_buf)) { PFATAL("alloc"); }
                 memcpy(out_buf, custom_havoc_buf, temp_len);
 
@@ -2102,7 +2102,7 @@ havoc_stage:
 
         case 8 ... 9: {
 
-          /* Set word to interesting value, randomly choosing endian. */
+          /* Set word to interesting value, little endian. */
 
           if (temp_len < 2) { break; }
 
@@ -2119,7 +2119,7 @@ havoc_stage:
 
         case 10 ... 11: {
 
-          /* Set word to interesting value, randomly choosing endian. */
+          /* Set word to interesting value, big endian. */
 
           if (temp_len < 2) { break; }
 
@@ -2136,7 +2136,7 @@ havoc_stage:
 
         case 12 ... 13: {
 
-          /* Set dword to interesting value, randomly choosing endian. */
+          /* Set dword to interesting value, little endian. */
 
           if (temp_len < 4) { break; }
 
@@ -2153,7 +2153,7 @@ havoc_stage:
 
         case 14 ... 15: {
 
-          /* Set dword to interesting value, randomly choosing endian. */
+          /* Set dword to interesting value, big endian. */
 
           if (temp_len < 4) { break; }
 
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 8080775f..16af2c6b 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -1123,12 +1123,10 @@ inline u8 *queue_testcase_get(afl_state_t *afl, struct queue_entry *q) {
 
         do_once = 1;
         // release unneeded memory
-        u8 *ptr = ck_realloc(
+        afl->q_testcase_cache = ck_realloc(
             afl->q_testcase_cache,
             (afl->q_testcase_max_cache_entries + 1) * sizeof(size_t));
 
-        if (ptr) { afl->q_testcase_cache = (struct queue_entry **)ptr; }
-
       }
 
       /* Cache full. We neet to evict one or more to map one.
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 936d3bc4..5c899e69 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -401,14 +401,23 @@ static u32 read_file(u8 *in_file) {
 
   if (fstat(fd, &st) || !st.st_size) {
 
-    WARNF("Zero-sized input file '%s'.", in_file);
+    if (!be_quiet && !quiet_mode) {
+
+      WARNF("Zero-sized input file '%s'.", in_file);
+
+    }
 
   }
 
   if (st.st_size > MAX_FILE) {
 
-    WARNF("Input file '%s' is too large, only reading %u bytes.", in_file,
-          MAX_FILE);
+    if (!be_quiet && !quiet_mode) {
+
+      WARNF("Input file '%s' is too large, only reading %u bytes.", in_file,
+            MAX_FILE);
+
+    }
+
     in_len = MAX_FILE;
 
   } else {
@@ -748,7 +757,7 @@ u32 execute_testcases(u8 *dir) {
 
     }
 
-    if (st.st_size > MAX_FILE && !be_quiet) {
+    if (st.st_size > MAX_FILE && !be_quiet && !quiet_mode) {
 
       WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2,
             stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size),
@@ -853,7 +862,8 @@ static void usage(u8 *argv0) {
       "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
       "AFL_PRINT_FILENAMES: If set, the filename currently processed will be "
       "printed to stdout\n"
-      "AFL_QUIET: do not print extra informational output\n",
+      "AFL_QUIET: do not print extra informational output\n"
+      "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n",
       argv0, MEM_LIMIT, doc_path);
 
   exit(1);
@@ -1097,6 +1107,11 @@ int main(int argc, char **argv_orig, char **envp) {
 
   check_environment_vars(envp);
 
+  if (getenv("AFL_NO_FORKSRV")) {             /* if set, use the fauxserver */
+    fsrv->use_fauxsrv = true;
+
+  }
+
   if (getenv("AFL_DEBUG")) {
 
     DEBUGF("");
diff --git a/src/afl-tmin.c b/src/afl-tmin.c
index 6656712a..2d80abe4 100644
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@@ -877,12 +877,13 @@ static void usage(u8 *argv0) {
       "              the target was compiled for\n"
       "AFL_PRELOAD:  LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
       "AFL_TMIN_EXACT: require execution paths to match for crashing inputs\n"
+      "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n"
       "ASAN_OPTIONS: custom settings for ASAN\n"
       "              (must contain abort_on_error=1 and symbolize=0)\n"
       "MSAN_OPTIONS: custom settings for MSAN\n"
       "              (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n"
-      "TMPDIR: directory to use for temporary input files\n"
-      , argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path);
+      "TMPDIR: directory to use for temporary input files\n",
+      argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path);
 
   exit(1);
 
@@ -1104,6 +1105,12 @@ int main(int argc, char **argv_orig, char **envp) {
   if (optind == argc || !in_file || !output_file) { usage(argv[0]); }
 
   check_environment_vars(envp);
+
+  if (getenv("AFL_NO_FORKSRV")) {             /* if set, use the fauxserver */
+    fsrv->use_fauxsrv = true;
+
+  }
+
   setenv("AFL_NO_AUTODICT", "1", 1);
 
   /* initialize cmplog_mode */
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-06-06 21:48:01 +0000