| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
* FASAN Support
* Fix handling of Address Sanitizer DSO
* Changes to identification of Address Sanitizer DSO
Co-authored-by: Your Name <you@example.com>
|
|
* Variable AFL_EXIT_ON_TIME description has been added.
Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added.
afl->exit_on_time variable initialization has been added.
The asignment of a value to the afl->afl_env.afl_exit_on_time variable from
environment variables has been added.
Code to exit on timeout if new path not found has been added.
* Type of afl_exit_on_time variable has been changed.
Variable exit_on_time has been added to the afl_state_t structure.
* Command `export AFL_EXIT_WHEN_DONE=1` has been added.
* Millisecond to second conversion has been added.
Call get_cur_time() has been added.
* Revert to using the saved current time value.
* Useless check has been removed.
|
|
* Added x64 support for persistent mode (function call only), in-memory teest cases and complog
* Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC
* Various minor fixes and finished support for AFL_INST_LIBS
* Review changes
Co-authored-by: Your Name <you@example.com>
|
|
|
|
|
|
Add support for standalone leak-sanitizer
|
|
variable AFL_USE_LSAN.
AFL_USE_LSAN introduces the macro __AFL_CHECK_LEAK() which will check
for a memory leak when the macro is run. This is especially helpful
when using __AFL_LOOP().
If __AFL_LEAK_CHECK() is not used when AFL_USE_LSAN=1 is set,
the leak checker will run when the program exits.
|
|
Frida
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In QEMU mode (-Q), setting AFL_QEMU_CUSTOM_BIN cause afl-fuzz to skip
prepending afl-qemu-trace to your command line. Use this if you wish to use a
custom afl-qemu-trace or if you need to modify the afl-qemu-trace arguments.
|
|
|
|
|
|
|
|
|
|
This environment variable allows rejection of
specific regions from instrumentation.
It takes priority over AFL_INST_LIBS and AFL_QEMU_INST_RANGES,
so it can be used to poke a "hole" in previously included sections.
|
|
|
|
This reverts commit e3a5c31307f323452dc4b5288e0d19a02b596a33.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Adding AFL_KILL_SIGNAL environment variable
Controlling the kill signal used to end forked processes.
* Checking validity of AFL_KILL_SIGNAL env variable
This commit also sets a valid value in the environment to avoid
duplicating code in at_exit(). Changing data type of
fsrv->kill_signal to u8 to match last_kill_signal.
* Adding afl_kill_signal to AFL (environment) state
This commit simply introduces a struct member for future use. The
env variable is not used from the afl struct but from fsrv, where
its validity is checked, resulting in a FATAL in case of errors.
|
|
|
|
|
|
https://github.com/qemu/qemu/blob/bec7edf41d2d0e8006637a739881abcea1d1305c/accel/tcg/cpu-exec.c#L389 and ./qemu_mode/README.persistent.md
|
|
|
|
|
|
|
|
|
|
* cache item number to cache memory size
* reload testcase if trimming changed the size
* fix splicing selection
* slim splicing
* import sync fix
* write testcache stats to fuzzer_stats
* fix new seed selection algo
* malloc+read instead of mmap
* fix
* testcache is configurable now and no reference counts
* fixes compilation, test script
* fixes
* switch TEST_CC to afl-cc in makefile
* code format
* fix
* fix crash
* fix crash
* fix env help output
* remove unnecessary pointer resets
* fix endless loop bug
* actually use the cache if set
* one more fix
* increase default cache entries, add default cache size value to config.h
Co-authored-by: hexcoder- <heiko@hexco.de>
|
|
|
|
|
|
|
|
|
|
When we started using AFL, it did not have an integrated GCC plugin.
There was one proposed by Austin Seipp, but for various reasons we
ended up using some of its infrastructure (runtime and wrapper), but
writing the GCC plugin proper from scratch.
With AFL++'s renewed interest in a GCC plugin, we rebased ours, with
some features that are or were missing in the one that was integrated:
* efficient, fully-functional inline and out-of-line instrumentation
Inline instrumentation was work in progress in the original plugin.
Controlled by AFL_GCC_OUT_OF_LINE.
* reproducible instrumentation
Obey -frandom-seed for pseudorandom number generation.
* licensing clarity and strict compliance
GPLv3+ for the plugin, that uses GCC internals; add a copy of the
license, as required.
* allow/deny list support
Copied and adjusted from the LLVM plugin implementation.
* neverZero support
Not as compact as the asm-wrapper version, but likely more efficient.
Both are quite thread-unsafe, with different caveats.
Controlled with AFL_GCC_SKIP_NEVERZERO.
|
|
|
|
|
|
|
|
|
|
variable (#522)
* Addition of AFL_FORKSRV_INIT_TMOUT env var
This commit introduces a new environment variable which allows to
specify the timespan AFL should wait for initial contact with the
forkserver.
This is useful for fuzz-targets requiring a rather long setup time
before the actual fuzzing can be started (e.g., unicorn).
* add .swp files to .gitignore
* Inherit init_tmout in afl_fsrv_init_dup
Without this patch, the forkserver would spawn with a timeout of 0 in
cmplog mode, leading to an immediate crash.
Additionally, this commit removes a spurious whitespace.
* Initialize afl->fsrv.init_tmout in afl_fsrv_init
Not all afl-components will need the new AFL_FORKSRV_INIT_TMOUT
environment variable. Hence, it's initialized to the safe "default"
value from before in afl_fsrv_init now.
|
