about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-fuzz-init.c23
-rw-r--r--src/afl-fuzz-one.c13
2 files changed, 27 insertions, 9 deletions
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index fed58eb6..2cb152a9 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1026,6 +1026,14 @@ void perform_dry_run(afl_state_t *afl) {
         /* Remove from fuzzing queue but keep for splicing */
 
         struct queue_entry *p = afl->queue;
+
+        if (!p->disabled && !p->was_fuzzed) {
+
+          --afl->pending_not_fuzzed;
+          --afl->active_paths;
+
+        }
+
         p->disabled = 1;
         p->perf_score = 0;
         while (p && p->next != q)
@@ -1036,9 +1044,6 @@ void perform_dry_run(afl_state_t *afl) {
         else
           afl->queue = q->next;
 
-        --afl->pending_not_fuzzed;
-        --afl->active_paths;
-
         afl->max_depth = 0;
         p = afl->queue;
         while (p) {
@@ -1123,8 +1128,16 @@ restart_outer_cull_loop:
       if (!p->cal_failed && p->exec_cksum == q->exec_cksum) {
 
         duplicates = 1;
-        --afl->pending_not_fuzzed;
-        afl->active_paths--;
+        if (!p->disabled && !q->disabled && !p->was_fuzzed && !q->was_fuzzed) {
+
+          --afl->pending_not_fuzzed;
+          afl->active_paths--;
+
+        } else {
+        
+          FATAL("disabled entry? this should not happen, please report!");
+        
+        }
 
         // We do not remove any of the memory allocated because for
         // splicing the data might still be interesting.
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index a7262eec..af768183 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -2782,11 +2782,16 @@ abandon_entry:
      cycle and have not seen this entry before. */
 
   if (!afl->stop_soon && !afl->queue_cur->cal_failed &&
-      (afl->queue_cur->was_fuzzed == 0 || afl->queue_cur->fuzz_level == 0)) {
+      (afl->queue_cur->was_fuzzed == 0 || afl->queue_cur->fuzz_level == 0) &&
+      !afl->queue_cur->disabled) {
 
-    --afl->pending_not_fuzzed;
-    afl->queue_cur->was_fuzzed = 1;
-    if (afl->queue_cur->favored) { --afl->pending_favored; }
+    if (!afl->queue_cur->was_fuzzed) {
+
+      --afl->pending_not_fuzzed;
+      afl->queue_cur->was_fuzzed = 1;
+      if (afl->queue_cur->favored) { --afl->pending_favored; }
+
+    }
 
   }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 14:12:51 +0000