From 3200e6515b9cc988d0d8dccd27257baccc8df021 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 14 Aug 2022 12:24:42 +0200 Subject: add AFL_NO_STARTUP_CALIBRATION feature --- src/afl-fuzz.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 2e151abb..e3851473 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -273,6 +273,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n" "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n" "AFL_NO_SNAPSHOT: do not use the snapshot feature (if the snapshot lkm is loaded)\n" + "AFL_NO_STARTUP_CALIBRATION: no initial seed calibration, start fuzzing at once\n" "AFL_NO_UI: switch status screen off\n" DYN_COLOR @@ -2150,7 +2151,17 @@ int main(int argc, char **argv_orig, char **envp) { memset(afl->virgin_tmout, 255, map_size); memset(afl->virgin_crash, 255, map_size); - perform_dry_run(afl); + if (likely(!afl->afl_env.afl_no_startup_calibration)) { + + perform_dry_run(afl); + + } else { + + ACTF("skipping initial seed calibration due option override"); + usleep(1000); + no_dry_run(afl); + + } if (afl->q_testcase_max_cache_entries) { -- cgit 1.4.1 From 361263b0f24a2172c4d4be09b1e247aa8d799e9b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 18 Aug 2022 08:06:17 +0200 Subject: better no dry run --- include/afl-fuzz.h | 1 - src/afl-fuzz-init.c | 26 -------------------------- src/afl-fuzz.c | 1 - 3 files changed, 28 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 822096e8..23c20cc4 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1123,7 +1123,6 @@ void bind_to_free_cpu(afl_state_t *); void setup_post(afl_state_t *); void read_testcases(afl_state_t *, u8 *); void perform_dry_run(afl_state_t *); -void no_dry_run(afl_state_t *); void pivot_inputs(afl_state_t *); u32 find_start_position(afl_state_t *); void find_timeout(afl_state_t *); diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index fdd40794..4ffcfd2b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -850,32 +850,6 @@ void read_testcases(afl_state_t *afl, u8 *directory) { } -/* In case no initial calibration is to be performed (e.g. huge queue and slow -execution time), then setting AFL_NO_STARTUP_CALIBRATION will help getting -initial data. For this to succeed, non-calibrated corpus entries have to look -especially juicy so they are more likely to be selected then a calibrated good -looking one. */ - -void no_dry_run(afl_state_t *afl) { - -/* - struct queue_entry *q; - u32 idx; - - for (idx = 0; idx < afl->queued_items; idx++) { - - q = afl->queue_buf[idx]; - if (unlikely(!q || q->disabled)) { continue; } - - q->exec_us = 1; - q->bitmap_size = MAP_SIZE; - q->tc_ref = MAP_SIZE; - - } -*/ - -} - /* Perform dry run of all test cases to confirm that the app is working as expected. This is done only for the initial inputs, and only once. */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index e3851473..e705f187 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2159,7 +2159,6 @@ int main(int argc, char **argv_orig, char **envp) { ACTF("skipping initial seed calibration due option override"); usleep(1000); - no_dry_run(afl); } -- cgit 1.4.1 From eb5a914ef670d43cc41ce130edb4e0586d97e278 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Aug 2022 15:52:46 +0200 Subject: fix pizza mode --- src/afl-fuzz-state.c | 6 +----- src/afl-fuzz.c | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) (limited to 'src/afl-fuzz.c') diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 6770839a..0576f84f 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -604,11 +604,7 @@ void read_afl_environment(afl_state_t *afl, char **envp) { } - if (afl->afl_env.afl_pizza_mode == 0) { - - afl->afl_env.afl_pizza_mode = 1; - - } else { + if (afl->afl_env.afl_pizza_mode) { afl->pizza_is_served = 1; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index e705f187..1f0fcab1 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2560,7 +2560,7 @@ stop_fuzzing: write_bitmap(afl); save_auto(afl); - if (afl->afl_env.afl_pizza_mode) { + if (afl->pizza_is_served) { SAYF(CURSOR_SHOW cLRD "\n\n+++ Baking aborted %s +++\n" cRST, afl->stop_soon == 2 ? "programmatically" : "by the chef"); -- cgit 1.4.1