| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
With CODE_COVERAGE builds, we need to collect the coverage data of each
iteration in a persistant buffer that has the same size as the regular
trace buffer used for fuzzing. We dump this information at the end of
the run and when combined with pointer data and module info, this can be
used to calculate code coverage.
|
|
|
|
|
|
|
|
* fuzzer: init commit based on aflpp 60dc37a8cf09f8e9048e4b6a2204d6c90b27655a
* fuzzers: adding the skip variables and initialize
* log: profile the det/havoc finding
* log: add profile log output
* fuzzers: sperate log/skipdet module
* fuzzers: add quick eff_map calc
* fuzzers: add skip_eff_map in fuzz_one
* fuzzers: mark whole input space in eff_map
* fuzzers: add undet bit threshold to skip some seeds
* fuzzers: fix one byte overflow
* fuzzers: fix overflow
* fix code format
* add havoc only again
* code format
* remove log to INTROSPECTION, rename skipdet module
* rename skipdet module
* remove log to stats
* clean redundant code
* code format
* remove redundant code format check
* remove redundant doc
* remove redundant objects
* clean files
* change -d to default skipdet
* disable deterministic when using CUSTOM_MUTATOR
* revert fix
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fix typo
|
|
|
|
|
|
The AFL_FORK_SERVER_KILL_SIGNAL variable allows to configure the signal
used to kill the fork server on termination.
|
|
This commit contains the following changes:
- Call `waitpid()` on the child and the fork server when terminating the
fuzzer; thus, we do not end up with zombies.
- Rename `fsrv.kill_signal` to `fsrv.child_kill_signal`, since the
documentation states that the signal is used to terminate the *child*.
- Use SIGTERM instead of fsrv.(child)_kill_signal, thus the fork server
can always reap the child.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The original code is:
https://github.com/RICSecLab/AFLplusplus-cs/tree/retrage/coresight-mode-pr
Signed-off-by: Akira Moroo <retrage01@gmail.com>
|
|
|
|
|
|
* FASAN Support
* Fix handling of Address Sanitizer DSO
* Changes to identification of Address Sanitizer DSO
Co-authored-by: Your Name <you@example.com>
|
|
|
|
Frida
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* Adding AFL_KILL_SIGNAL environment variable
Controlling the kill signal used to end forked processes.
* Checking validity of AFL_KILL_SIGNAL env variable
This commit also sets a valid value in the environment to avoid
duplicating code in at_exit(). Changing data type of
fsrv->kill_signal to u8 to match last_kill_signal.
* Adding afl_kill_signal to AFL (environment) state
This commit simply introduces a struct member for future use. The
env variable is not used from the afl struct but from fsrv, where
its validity is checked, resulting in a FATAL in case of errors.
|
|
|
|
|
|
variable (#522)
* Addition of AFL_FORKSRV_INIT_TMOUT env var
This commit introduces a new environment variable which allows to
specify the timespan AFL should wait for initial contact with the
forkserver.
This is useful for fuzz-targets requiring a rather long setup time
before the actual fuzzing can be started (e.g., unicorn).
* add .swp files to .gitignore
* Inherit init_tmout in afl_fsrv_init_dup
Without this patch, the forkserver would spawn with a timeout of 0 in
cmplog mode, leading to an immediate crash.
Additionally, this commit removes a spurious whitespace.
* Initialize afl->fsrv.init_tmout in afl_fsrv_init
Not all afl-components will need the new AFL_FORKSRV_INIT_TMOUT
environment variable. Hence, it's initialized to the safe "default"
value from before in afl_fsrv_init now.
|
|
|
