From 98238ed7630e6a5b135f520b8511548776b1b2ff Mon Sep 17 00:00:00 2001 From: Leon Weiß Date: Thu, 22 Feb 2024 15:28:55 +0100 Subject: Convert from microseconds (us) to milliseconds (ms) --- src/afl-fuzz.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9c89b2a1..30babad3 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2493,8 +2493,8 @@ int main(int argc, char **argv_orig, char **envp) { for (entry = 0; entry < afl->queued_items; ++entry) if (!afl->queue_buf[entry]->disabled) - if (afl->queue_buf[entry]->exec_us > max_ms) - max_ms = afl->queue_buf[entry]->exec_us; + if ((afl->queue_buf[entry]->exec_us/1000) > max_ms) + max_ms = afl->queue_buf[entry]->exec_us/1000; afl->fsrv.exec_tmout = max_ms; afl->timeout_given = 1; -- cgit 1.4.1 From 07e0b391260d007f9dc52329dc51887fe568f109 Mon Sep 17 00:00:00 2001 From: Leon Weiß Date: Thu, 22 Feb 2024 15:55:18 +0100 Subject: Do not circumvent sanity checks from arg parsing --- src/afl-fuzz.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 30babad3..0ddb8880 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2495,8 +2495,9 @@ int main(int argc, char **argv_orig, char **envp) { if (!afl->queue_buf[entry]->disabled) if ((afl->queue_buf[entry]->exec_us/1000) > max_ms) max_ms = afl->queue_buf[entry]->exec_us/1000; - - afl->fsrv.exec_tmout = max_ms; + + if (max_ms > afl->fsrv.exec_tmout) + afl->fsrv.exec_tmout = max_ms; afl->timeout_given = 1; } -- cgit 1.4.1 From eaedf2e62f77310fc0981c1c6d3ca573662d1522 Mon Sep 17 00:00:00 2001 From: Leon Weiß Date: Fri, 23 Feb 2024 12:52:11 +0100 Subject: Adhere to documented behavior --- src/afl-fuzz.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 0ddb8880..803a1acc 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2496,8 +2496,7 @@ int main(int argc, char **argv_orig, char **envp) { if ((afl->queue_buf[entry]->exec_us/1000) > max_ms) max_ms = afl->queue_buf[entry]->exec_us/1000; - if (max_ms > afl->fsrv.exec_tmout) - afl->fsrv.exec_tmout = max_ms; + afl->fsrv.exec_tmout = max_ms; afl->timeout_given = 1; } -- cgit 1.4.1 From fae760fc9e4c63385c24fe07e5d5c3ab077b56bf Mon Sep 17 00:00:00 2001 From: Leon Weiß Date: Fri, 23 Feb 2024 13:39:46 +0100 Subject: Add upper and lower safety margins --- src/afl-fuzz.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 803a1acc..08f716fa 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2496,6 +2496,15 @@ int main(int argc, char **argv_orig, char **envp) { if ((afl->queue_buf[entry]->exec_us/1000) > max_ms) max_ms = afl->queue_buf[entry]->exec_us/1000; + // Add 20% as a safety margin, capped to exec_tmout given in -t option + max_ms *= 1.2; + if(max_ms > afl->fsrv.exec_tmout) + max_ms = afl->fsrv.exec_tmout; + + // Ensure that there is a sensible timeout even for very fast binaries + if(max_ms < 5) + max_ms = 5; + afl->fsrv.exec_tmout = max_ms; afl->timeout_given = 1; -- cgit 1.4.1