3 files changed, 39 insertions, 12 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 2ad4697e..ae39abe8 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -3442,7 +3442,12 @@ abandon_entry:
     --afl->pending_not_fuzzed;
     afl->queue_cur->was_fuzzed = 1;
     afl->reinit_table = 1;
-    if (afl->queue_cur->favored) { --afl->pending_favored; }
+    if (afl->queue_cur->favored) {
+
+      --afl->pending_favored;
+      afl->smallest_favored = -1;
+
+    }
 
   }
 
@@ -5905,7 +5910,8 @@ pacemaker_fuzzing:
 
             --afl->pending_not_fuzzed;
             afl->queue_cur->was_fuzzed = 1;
-            if (afl->queue_cur->favored) { --afl->pending_favored; }
+            if (afl->queue_cur->favored) { --afl->pending_favored;
+        afl->smallest_favored = -1; }
 
           }
 
diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 14ba1ace..5f915c9a 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -826,6 +826,8 @@ void cull_queue(afl_state_t *afl) {
   /* Let's see if anything in the bitmap isn't captured in temp_v.
      If yes, and if it has a afl->top_rated[] contender, let's use it. */
 
+  afl->smallest_favored = -1;
+
   for (i = 0; i < afl->fsrv.map_size; ++i) {
 
     if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) {
@@ -849,7 +851,16 @@ void cull_queue(afl_state_t *afl) {
         afl->top_rated[i]->favored = 1;
         ++afl->queued_favored;
 
-        if (!afl->top_rated[i]->was_fuzzed) { ++afl->pending_favored; }
+        if (!afl->top_rated[i]->was_fuzzed) {
+
+          ++afl->pending_favored;
+          if (unlikely(afl->smallest_favored > (s64)afl->top_rated[i]->id)) {
+
+            afl->smallest_favored = (s64)afl->top_rated[i]->id;
+
+          }
+
+        }
 
       }
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index c8cc7da6..d34b52db 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -2707,20 +2707,30 @@ int main(int argc, char **argv_orig, char **envp) {
 
       if (likely(!afl->old_seed_selection)) {
 
-        if (likely(afl->pending_favored)) {
+        if (likely(afl->pending_favored && afl->smallest_favored >= 0)) {
 
-          for (u32 iter = 0; iter < afl->queued_items; ++iter) {
+          afl->current_entry = afl->smallest_favored;
 
-            if (unlikely(afl->queue_buf[iter]->favored &&
-                !afl->queue_buf[iter]->was_fuzzed)) {
+          /*
 
-              afl->current_entry = iter;
-              afl->queue_cur = afl->queue_buf[afl->current_entry];
-              break;
+                    } else {
 
-            }
+                      for (s32 iter = afl->queued_items - 1; iter >= 0; --iter)
+             {
 
-          }
+                        if (unlikely(afl->queue_buf[iter]->favored &&
+                                     !afl->queue_buf[iter]->was_fuzzed)) {
+
+                          afl->current_entry = iter;
+                          break;
+
+                        }
+
+                      }
+
+          */
+
+          afl->queue_cur = afl->queue_buf[afl->current_entry];
 
         } else {