From 3ccebbf9c5b19c0afd1ad72114b61057db290d55 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Wed, 6 Apr 2022 17:30:27 +0200 Subject: Typo --- docs/Changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'docs/Changelog.md') diff --git a/docs/Changelog.md b/docs/Changelog.md index d50a679b..2406e7ba 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -20,7 +20,7 @@ sending a mail to . - reintroduced AFL_PERSISTENT and AFL_DEFER_FORKSRV to allow persistent mode and manual forkserver support if these are not in the target binary (e.g. are in a shared library) - - add AFL_EARY_FORKSERVER to install the forkserver as earliest as + - add AFL_EARLY_FORKSERVER to install the forkserver as earliest as possible in the target (for afl-gcc-fast/afl-clang-fast/ afl-clang-lto) - document and auto-activate pizza mode on condition -- cgit 1.4.1 From e9288bcfad6e350b6f3e85d45a42bae5aea480c1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 8 Apr 2022 22:44:10 +0200 Subject: add AFL_KEEP_TIMEOUTS --- docs/Changelog.md | 3 +++ docs/env_variables.md | 3 +++ include/afl-fuzz.h | 2 +- include/envs.h | 1 + src/afl-fuzz-bitmap.c | 12 ++++++++++-- src/afl-fuzz-state.c | 7 +++++++ 6 files changed, 25 insertions(+), 3 deletions(-) (limited to 'docs/Changelog.md') diff --git a/docs/Changelog.md b/docs/Changelog.md index 2406e7ba..689cc94b 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -23,6 +23,9 @@ sending a mail to . - add AFL_EARLY_FORKSERVER to install the forkserver as earliest as possible in the target (for afl-gcc-fast/afl-clang-fast/ afl-clang-lto) + - "saved timeouts" was wrong information, timeouts are still thrown + away by default even if they have new coverage (hangs are always + kept), unless AFL_KEEP_TIMEOUTS are set - document and auto-activate pizza mode on condition - afl-cc: - converted all passed to use the new llvm pass manager for llvm 11+ diff --git a/docs/env_variables.md b/docs/env_variables.md index 9ffb08e7..fe9c6e07 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -349,6 +349,9 @@ checks or alter some of the more exotic semantics of the tool: - Setting `AFL_DISABLE_TRIM` tells afl-fuzz not to trim test cases. This is usually a bad idea! + - Setting `AFL_KEEP_TIMEOUTS` will keep longer running inputs if they reach + new coverage + - `AFL_EXIT_ON_SEED_ISSUES` will restore the vanilla afl-fuzz behavior which does not allow crashes or timeout seeds in the initial -i corpus. diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 4f4d63b2..8bb61e22 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -385,7 +385,7 @@ typedef struct afl_env_vars { afl_bench_until_crash, afl_debug_child, afl_autoresume, afl_cal_fast, afl_cycle_schedules, afl_expand_havoc, afl_statsd, afl_cmplog_only_new, afl_exit_on_seed_issues, afl_try_affinity, afl_ignore_problems, - afl_pizza_mode; + afl_keep_timeouts, afl_pizza_mode; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, diff --git a/include/envs.h b/include/envs.h index 1746f946..25b792fa 100644 --- a/include/envs.h +++ b/include/envs.h @@ -106,6 +106,7 @@ static char *afl_environment_variables[] = { "AFL_INPUT_LEN_MAX", "AFL_INST_LIBS", "AFL_INST_RATIO", + "AFL_KEEP_TIMEOUTS", "AFL_KILL_SIGNAL", "AFL_KEEP_TRACES", "AFL_KEEP_ASSEMBLY", diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 0f6f0778..7c2b35d6 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -664,8 +664,16 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { if (afl->stop_soon || new_fault != FSRV_RUN_TMOUT) { - ++afl->saved_tmouts; - goto save_to_queue; + if (afl->afl_env.afl_keep_timeouts) { + + ++afl->saved_tmouts; + goto save_to_queue; + + } else { + + return keeping; + + } } diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 5924dd7b..47e39762 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -222,6 +222,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_hang_tmout = (u8 *)get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_KEEP_TIMEOUTS", + + afl_environment_variable_len)) { + + afl->afl_env.afl_keep_timeouts = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_SKIP_BIN_CHECK", afl_environment_variable_len)) { -- cgit 1.4.1 From 5d5aa430d2328e247ffbad45f486a835f5dc8852 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 25 Apr 2022 09:10:59 +0200 Subject: add changelog --- docs/Changelog.md | 2 ++ unicorn_mode/unicornafl | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'docs/Changelog.md') diff --git a/docs/Changelog.md b/docs/Changelog.md index 689cc94b..a841cca3 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -32,6 +32,8 @@ sending a mail to . - AFL++ PCGUARD mode is not available for 10.0.1 anymore (11+ only) - frida_mode: - update to new frida release, handles now c++ throw/catch + - unicorn_mode: + - update unicorn engine, fix C example ### Version ++4.00c (release) diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 09ad7d47..c3e15a7d 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 09ad7d4784e50ec4ddf590a2c29764e2a7f37442 +Subproject commit c3e15a7d44101ff288abe114b7954ce6cfa070b1 -- cgit 1.4.1