aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-analyze.c5
-rw-r--r--src/afl-forkserver.c17
-rw-r--r--src/afl-fuzz-init.c1
-rw-r--r--src/afl-fuzz-state.c13
-rw-r--r--src/afl-fuzz.c3
-rw-r--r--src/afl-showmap.c5
-rw-r--r--src/afl-tmin.c5
7 files changed, 24 insertions, 25 deletions
diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index a21f014f..f21acd7f 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -114,7 +114,7 @@ static void kill_child() {
if (fsrv.child_pid > 0) {
- kill(fsrv.child_pid, fsrv.kill_signal);
+ kill(fsrv.child_pid, fsrv.child_kill_signal);
fsrv.child_pid = -1;
}
@@ -1115,7 +1115,7 @@ int main(int argc, char **argv_orig, char **envp) {
}
- fsrv.kill_signal =
+ fsrv.child_kill_signal =
parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL);
read_initial_file();
@@ -1151,4 +1151,3 @@ int main(int argc, char **argv_orig, char **envp) {
exit(0);
}
-
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 628ff590..71da7fde 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -100,7 +100,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) {
fsrv->init_tmout = EXEC_TIMEOUT * FORK_WAIT_MULT;
fsrv->mem_limit = MEM_LIMIT;
fsrv->out_file = NULL;
- fsrv->kill_signal = SIGKILL;
+ fsrv->child_kill_signal = SIGKILL;
/* exec related stuff */
fsrv->child_pid = -1;
@@ -134,7 +134,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) {
fsrv_to->no_unlink = from->no_unlink;
fsrv_to->uses_crash_exitcode = from->uses_crash_exitcode;
fsrv_to->crash_exitcode = from->crash_exitcode;
- fsrv_to->kill_signal = from->kill_signal;
+ fsrv_to->child_kill_signal = from->child_kill_signal;
fsrv_to->debug = from->debug;
// These are forkserver specific.
@@ -793,7 +793,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
s32 tmp_pid = fsrv->fsrv_pid;
if (tmp_pid > 0) {
- kill(tmp_pid, fsrv->kill_signal);
+ kill(tmp_pid, fsrv->child_kill_signal);
fsrv->fsrv_pid = -1;
}
@@ -804,7 +804,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
s32 tmp_pid = fsrv->fsrv_pid;
if (tmp_pid > 0) {
- kill(tmp_pid, fsrv->kill_signal);
+ kill(tmp_pid, fsrv->child_kill_signal);
fsrv->fsrv_pid = -1;
}
@@ -1242,10 +1242,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
void afl_fsrv_kill(afl_forkserver_t *fsrv) {
- if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->kill_signal); }
+ if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->child_kill_signal); }
if (fsrv->fsrv_pid > 0) {
- kill(fsrv->fsrv_pid, fsrv->kill_signal);
+ kill(fsrv->fsrv_pid, SIGTERM);
if (waitpid(fsrv->fsrv_pid, NULL, 0) <= 0) { WARNF("error waitpid\n"); }
}
@@ -1545,7 +1545,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
s32 tmp_pid = fsrv->child_pid;
if (tmp_pid > 0) {
- kill(tmp_pid, fsrv->kill_signal);
+ kill(tmp_pid, fsrv->child_kill_signal);
fsrv->child_pid = -1;
}
@@ -1605,7 +1605,7 @@ afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
/* Did we timeout? */
if (unlikely(fsrv->last_run_timed_out)) {
- fsrv->last_kill_signal = fsrv->kill_signal;
+ fsrv->last_kill_signal = fsrv->child_kill_signal;
return FSRV_RUN_TMOUT;
}
@@ -1688,4 +1688,3 @@ void afl_fsrv_deinit(afl_forkserver_t *fsrv) {
list_remove(&fsrv_list, fsrv);
}
-
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index e41d29fd..fded44ac 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -2963,4 +2963,3 @@ void save_cmdline(afl_state_t *afl, u32 argc, char **argv) {
*buf = 0;
}
-
diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c
index 5199f7e6..8bbef87c 100644
--- a/src/afl-fuzz-state.c
+++ b/src/afl-fuzz-state.c
@@ -23,6 +23,7 @@
*/
+#include <signal.h>
#include "afl-fuzz.h"
#include "envs.h"
@@ -653,9 +654,14 @@ void afl_states_stop(void) {
});
LIST_FOREACH(&afl_states, afl_state_t, {
-
- if (el->fsrv.child_pid > 0) kill(el->fsrv.child_pid, el->fsrv.kill_signal);
- if (el->fsrv.fsrv_pid > 0) kill(el->fsrv.fsrv_pid, el->fsrv.kill_signal);
+ /* NOTE: We need to make sure that the parent (the forkserver) reap the child (see below). */
+ if (el->fsrv.child_pid > 0) kill(el->fsrv.child_pid, el->fsrv.child_kill_signal);
+ if (el->fsrv.fsrv_pid > 0) {
+ /* This must be SIGTERM, to allow the forkserver to reap the child before exiting. */
+ kill(el->fsrv.fsrv_pid, SIGTERM);
+ /* Make sure the forkserver does not end up as zombie. */
+ waitpid(el->fsrv.fsrv_pid, NULL, 0);
+ }
});
@@ -672,4 +678,3 @@ void afl_states_request_skip(void) {
LIST_FOREACH(&afl_states, afl_state_t, { el->skip_requested = 1; });
}
-
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index d116822a..c9eeeca1 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -1358,7 +1358,7 @@ int main(int argc, char **argv_orig, char **envp) {
#endif
- afl->fsrv.kill_signal =
+ afl->fsrv.child_kill_signal =
parse_afl_kill_signal_env(afl->afl_env.afl_kill_signal, SIGKILL);
setup_signal_handlers();
@@ -2683,4 +2683,3 @@ stop_fuzzing:
}
#endif /* !AFL_LIB */
-
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 5e3fb67d..730a4ff1 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -129,7 +129,7 @@ static void kill_child() {
timed_out = 1;
if (fsrv->child_pid > 0) {
- kill(fsrv->child_pid, fsrv->kill_signal);
+ kill(fsrv->child_pid, fsrv->child_kill_signal);
fsrv->child_pid = -1;
}
@@ -1258,7 +1258,7 @@ int main(int argc, char **argv_orig, char **envp) {
: 0);
be_quiet = save_be_quiet;
- fsrv->kill_signal =
+ fsrv->child_kill_signal =
parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL);
if (new_map_size) {
@@ -1472,4 +1472,3 @@ int main(int argc, char **argv_orig, char **envp) {
exit(ret);
}
-
diff --git a/src/afl-tmin.c b/src/afl-tmin.c
index 694c9c21..e2145c32 100644
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@@ -113,7 +113,7 @@ static void kill_child() {
if (fsrv->child_pid > 0) {
- kill(fsrv->child_pid, fsrv->kill_signal);
+ kill(fsrv->child_pid, fsrv->child_kill_signal);
fsrv->child_pid = -1;
}
@@ -1195,7 +1195,7 @@ int main(int argc, char **argv_orig, char **envp) {
}
- fsrv->kill_signal =
+ fsrv->child_kill_signal =
parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL);
if (getenv("AFL_CRASH_EXITCODE")) {
@@ -1351,4 +1351,3 @@ int main(int argc, char **argv_orig, char **envp) {
exit(0);
}
-
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-14 16:23:33 +0000