| Age | Commit message (Collapse) | Author |
|---|
|
This environment variable allows rejection of
specific regions from instrumentation.
It takes priority over AFL_INST_LIBS and AFL_QEMU_INST_RANGES,
so it can be used to poke a "hole" in previously included sections.
|
|
|
|
This reverts commit e3a5c31307f323452dc4b5288e0d19a02b596a33.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Adding AFL_KILL_SIGNAL environment variable
Controlling the kill signal used to end forked processes.
* Checking validity of AFL_KILL_SIGNAL env variable
This commit also sets a valid value in the environment to avoid
duplicating code in at_exit(). Changing data type of
fsrv->kill_signal to u8 to match last_kill_signal.
* Adding afl_kill_signal to AFL (environment) state
This commit simply introduces a struct member for future use. The
env variable is not used from the afl struct but from fsrv, where
its validity is checked, resulting in a FATAL in case of errors.
|
|
|
|
|
|
https://github.com/qemu/qemu/blob/bec7edf41d2d0e8006637a739881abcea1d1305c/accel/tcg/cpu-exec.c#L389 and ./qemu_mode/README.persistent.md
|
|
|
|
|
|
|
|
|
|
* cache item number to cache memory size
* reload testcase if trimming changed the size
* fix splicing selection
* slim splicing
* import sync fix
* write testcache stats to fuzzer_stats
* fix new seed selection algo
* malloc+read instead of mmap
* fix
* testcache is configurable now and no reference counts
* fixes compilation, test script
* fixes
* switch TEST_CC to afl-cc in makefile
* code format
* fix
* fix crash
* fix crash
* fix env help output
* remove unnecessary pointer resets
* fix endless loop bug
* actually use the cache if set
* one more fix
* increase default cache entries, add default cache size value to config.h
Co-authored-by: hexcoder- <heiko@hexco.de>
|
|
|
|
|
|
|
|
|
|
When we started using AFL, it did not have an integrated GCC plugin.
There was one proposed by Austin Seipp, but for various reasons we
ended up using some of its infrastructure (runtime and wrapper), but
writing the GCC plugin proper from scratch.
With AFL++'s renewed interest in a GCC plugin, we rebased ours, with
some features that are or were missing in the one that was integrated:
* efficient, fully-functional inline and out-of-line instrumentation
Inline instrumentation was work in progress in the original plugin.
Controlled by AFL_GCC_OUT_OF_LINE.
* reproducible instrumentation
Obey -frandom-seed for pseudorandom number generation.
* licensing clarity and strict compliance
GPLv3+ for the plugin, that uses GCC internals; add a copy of the
license, as required.
* allow/deny list support
Copied and adjusted from the LLVM plugin implementation.
* neverZero support
Not as compact as the asm-wrapper version, but likely more efficient.
Both are quite thread-unsafe, with different caveats.
Controlled with AFL_GCC_SKIP_NEVERZERO.
|
|
|
|
|
|
|
|
|
|
variable (#522)
* Addition of AFL_FORKSRV_INIT_TMOUT env var
This commit introduces a new environment variable which allows to
specify the timespan AFL should wait for initial contact with the
forkserver.
This is useful for fuzz-targets requiring a rather long setup time
before the actual fuzzing can be started (e.g., unicorn).
* add .swp files to .gitignore
* Inherit init_tmout in afl_fsrv_init_dup
Without this patch, the forkserver would spawn with a timeout of 0 in
cmplog mode, leading to an immediate crash.
Additionally, this commit removes a spurious whitespace.
* Initialize afl->fsrv.init_tmout in afl_fsrv_init
Not all afl-components will need the new AFL_FORKSRV_INIT_TMOUT
environment variable. Hence, it's initialized to the safe "default"
value from before in afl_fsrv_init now.
|
|
|
|
This reverts commit a7537b5511ad767d2240cf2dc6d3e261daa676f9, reversing
changes made to 15e799f7ae666418e75c6a79db833c5316b21f97.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Move afl-fuzz related env variables into afl_state_t
* Move the env variables assignment from fuzz_init and code Format
* Fix typo
* Remove redundant env variables from afl_env struct
* Rename function to read_afl_environment
|
|
|
|
|
|
* first new implementation, only works with AFL_DONT_OPTIMIZE
* bug hunting
* interim commit
* finalized LTO non-collision solution
* update documentation
* merge resulted in some problems, fixing these
* added lto env to env check
* fixed llvm weirdness to messes up our instrumentation due CFG rewrite optimizations
* all llvm instrumentation issues have been resolved! :-)
* llvm 9 is required (so far)
* update lto readme
|
|
- Remove AFL_PYTHON_ONLY (env) and python_only (variable)
- Unify fuzz API of the custom mutator and Python module
- Merge the custom mutator into the old python_stage, which is now renamed to custom_mutator_stage
|
|
|
|
and Makefile
|
|
|
|
|
|
we want the cmplog shmem
|
|
|
