From 25945d51a4c4130ec5dc7e0fe07f4579e1927e43 Mon Sep 17 00:00:00 2001 From: Yiyi Wang <91304853+ahuo1@users.noreply.github.com> Date: Sun, 28 Jul 2024 16:45:45 +0800 Subject: To support AFL instrumentation, add default settings. --- src/afl-forkserver.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'src') diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 6366f473..5390b597 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1338,6 +1338,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->map_size = tmp_map_size; + } else { + + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) { @@ -1444,6 +1448,11 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } + } else { + + // The binary is most likely instrumented using AFL's tool, and we will set map_size to MAP_SIZE. + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } } -- cgit v1.2.3 From 26ae4124f3cf6fb17c2a058c7209469131d904ea Mon Sep 17 00:00:00 2001 From: killerra <25255685+killerra@users.noreply.github.com> Date: Sun, 28 Jul 2024 11:30:48 +0100 Subject: fixed lasan defaults evaluation --- src/afl-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-common.c b/src/afl-common.c index 04a984cb..e7173504 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,7 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=0")) { + if (NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); -- cgit v1.2.3 From 2e57d865769541ca5fe8463e959c671f0eb7558a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 2 Aug 2024 15:27:57 +0200 Subject: lower mem usage attempt --- src/afl-fuzz-queue.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 999929a1..3d244aa8 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -476,6 +476,17 @@ void mark_as_redundant(afl_state_t *afl, struct queue_entry *q, u8 state) { q->fs_redundant = state; + if (likely(q->fs_redundant)) { + + if (unlikely(q->trace_mini)) { + + ck_free(q->trace_mini); + q->trace_mini = NULL; + + } + + } + sprintf(fn, "%s/queue/.state/redundant_edges/%s", afl->out_dir, strrchr((char *)q->fname, '/') + 1); @@ -901,7 +912,7 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) { if (!--afl->top_rated[i]->tc_ref) { ck_free(afl->top_rated[i]->trace_mini); - afl->top_rated[i]->trace_mini = 0; + afl->top_rated[i]->trace_mini = NULL; } -- cgit v1.2.3 From dd16be405a7e2b77656f3cf90f212fb58a022ab2 Mon Sep 17 00:00:00 2001 From: killerra <25255685+killerra@users.noreply.github.com> Date: Fri, 2 Aug 2024 14:51:42 +0100 Subject: Handle detect_leaks 0 and false --- src/afl-common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-common.c b/src/afl-common.c index e7173504..e5584e93 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,7 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=false")) { + if (NULL != strstr(have_asan_options, "detect_leaks=0") || NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); -- cgit v1.2.3 From 9df906454935134b68ec330e7fddddf6f6987d96 Mon Sep 17 00:00:00 2001 From: Thomas Hebb Date: Tue, 6 Aug 2024 11:37:19 -0700 Subject: Fix syntax error when compiling without zlib commit ecb5854be08fa ("add zlib compression for fast resume") added new logic selected at compile-time when zlib is present. Unfortunately, it also broke the existing logic by removing the last line of a multi-line if statement, resulting in a syntax error when zlib isn't present. Restore the line as it was. --- src/afl-fuzz.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9867eba3..1546597e 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2237,7 +2237,6 @@ int main(int argc, char **argv_orig, char **envp) { snprintf(fn, PATH_MAX, "%s/fastresume.bin", afl->out_dir); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fn, "rb")) != NULL) { - #else if ((fr_fd = open(fn, O_RDONLY)) >= 0) { @@ -3341,9 +3340,9 @@ stop_fuzzing: ACTF("Writing %s ...", fr); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fr, "wb9")) != NULL) { - #else if ((fr_fd = open(fr, O_WRONLY | O_TRUNC | O_CREAT, DEFAULT_PERMISSION)) >= + 0) { #endif u8 ver_string[8]; -- cgit v1.2.3 From 6ddd5ecf4a3bfc2a5b306b663e57ac29e60bf92f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Aug 2024 18:47:38 +0200 Subject: fix missing trace_mini check --- src/afl-fuzz-queue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 3d244aa8..599d31f6 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -973,7 +973,8 @@ void cull_queue(afl_state_t *afl) { for (i = 0; i < afl->fsrv.map_size; ++i) { - if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) { + if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7))) && + afl->top_rated[i]->trace_mini) { u32 j = len; -- cgit v1.2.3 From 93fb1d1a241168f67f65bdb4dbdb05c0b5f25acf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Aug 2024 10:46:01 +0200 Subject: fix custom post process with custom send --- src/afl-fuzz-run.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 2f244a1d..208d957a 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -216,17 +216,17 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { /* everything as planned. use the potentially new data. */ afl_fsrv_write_to_testcase(&afl->fsrv, *mem, new_size); - if (likely(!afl->afl_env.afl_post_process_keep_original)) { + } - len = new_size; + if (likely(!afl->afl_env.afl_post_process_keep_original)) { - } else { + len = new_size; - /* restore the original memory which was saved in new_mem */ - *mem = new_mem; - afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); + } else { - } + /* restore the original memory which was saved in new_mem */ + *mem = new_mem; + afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); } -- cgit v1.2.3 From 1689a8e053c1f73e16331bfeda28c79e1ed4bbd0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 19 Aug 2024 16:25:32 +0200 Subject: code format, llvm 18 --- src/afl-common.c | 3 +- src/afl-forkserver.c | 26 ++++++++-------- src/afl-fuzz-bitmap.c | 4 +-- src/afl-fuzz-one.c | 2 +- src/afl-fuzz-run.c | 13 ++++---- src/afl-fuzz-stats.c | 82 +++++++++++++++++++++++++-------------------------- src/afl-fuzz.c | 3 ++ 7 files changed, 69 insertions(+), 64 deletions(-) (limited to 'src') diff --git a/src/afl-common.c b/src/afl-common.c index e5584e93..892745a7 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -108,7 +108,8 @@ void set_sanitizer_defaults() { if (!have_san_options) { strcpy(buf, default_options); } if (have_asan_options) { - if (NULL != strstr(have_asan_options, "detect_leaks=0") || NULL != strstr(have_asan_options, "detect_leaks=false")) { + if (NULL != strstr(have_asan_options, "detect_leaks=0") || + NULL != strstr(have_asan_options, "detect_leaks=false")) { strcat(buf, "exitcode=" STRINGIFY(LSAN_ERROR) ":fast_unwind_on_malloc=0:print_suppressions=0:detect_leaks=0:malloc_context_size=0:"); diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 5390b597..c7c493cf 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -307,8 +307,8 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { Returns the time passed to read. If the wait times out, returns timeout_ms + 1; Returns 0 if an error occurred (fd closed, signal, ...); */ -static u32 __attribute__((hot)) -read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms, volatile u8 *stop_soon_p) { +static u32 __attribute__((hot)) read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms, + volatile u8 *stop_soon_p) { fd_set readfds; FD_ZERO(&readfds); @@ -1339,9 +1339,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->map_size = tmp_map_size; } else { - - fsrv->real_map_size = fsrv->map_size = MAP_SIZE; - + + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) { @@ -1450,9 +1450,10 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } else { - // The binary is most likely instrumented using AFL's tool, and we will set map_size to MAP_SIZE. - fsrv->real_map_size = fsrv->map_size = MAP_SIZE; - + // The binary is most likely instrumented using AFL's tool, and we will + // set map_size to MAP_SIZE. + fsrv->real_map_size = fsrv->map_size = MAP_SIZE; + } } @@ -1704,8 +1705,8 @@ u32 afl_fsrv_get_mapsize(afl_forkserver_t *fsrv, char **argv, /* Delete the current testcase and write the buf to the testcase file */ -void __attribute__((hot)) -afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { +void __attribute__((hot)) afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, + u8 *buf, size_t len) { #ifdef __linux__ if (unlikely(fsrv->nyx_mode)) { @@ -1823,9 +1824,8 @@ afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ -fsrv_run_result_t __attribute__((hot)) -afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, - volatile u8 *stop_soon_p) { +fsrv_run_result_t __attribute__((hot)) afl_fsrv_run_target( + afl_forkserver_t *fsrv, u32 timeout, volatile u8 *stop_soon_p) { s32 res; u32 exec_ms; diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 97ccd3d3..fd75a822 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -456,8 +456,8 @@ void write_crash_readme(afl_state_t *afl) { save or queue the input test case for further analysis if so. Returns 1 if entry is saved, 0 otherwise. */ -u8 __attribute__((hot)) -save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { +u8 __attribute__((hot)) save_if_interesting(afl_state_t *afl, void *mem, + u32 len, u8 fault) { if (unlikely(len == 0)) { return 0; } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 74bb8cbc..fd5ed87c 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -3914,7 +3914,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { #define EFF_APOS(_p) ((_p) >> EFF_MAP_SCALE2) #define EFF_REM(_x) ((_x) & ((1 << EFF_MAP_SCALE2) - 1)) #define EFF_ALEN(_l) (EFF_APOS(_l) + !!EFF_REM(_l)) -#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l)-1) - EFF_APOS(_p) + 1) +#define EFF_SPAN_ALEN(_p, _l) (EFF_APOS((_p) + (_l) - 1) - EFF_APOS(_p) + 1) /* Initialize effector map for the next step (see comments below). Always flag first and last byte as doing something. */ diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 208d957a..4ce17eb2 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -41,8 +41,9 @@ u64 time_spent_working = 0; /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ -fsrv_run_result_t __attribute__((hot)) -fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { +fsrv_run_result_t __attribute__((hot)) fuzz_run_target(afl_state_t *afl, + afl_forkserver_t *fsrv, + u32 timeout) { #ifdef PROFILING static u64 time_spent_start = 0; @@ -111,8 +112,8 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { old file is unlinked and a new one is created. Otherwise, afl->fsrv.out_fd is rewound and truncated. */ -u32 __attribute__((hot)) -write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { +u32 __attribute__((hot)) write_to_testcase(afl_state_t *afl, void **mem, + u32 len, u32 fix) { u8 sent = 0; @@ -1173,8 +1174,8 @@ abort_trimming: error conditions, returning 1 if it's time to bail out. This is a helper function for fuzz_one(). */ -u8 __attribute__((hot)) -common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { +u8 __attribute__((hot)) common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, + u32 len) { u8 fault; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index a20c46d0..9f5f59c0 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -963,9 +963,9 @@ void show_stats_normal(afl_state_t *afl) { /* Lord, forgive me this. */ - SAYF(SET_G1 bSTG bLT bH bSTOP cCYA + SAYF(SET_G1 bSTG bLT bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA - " overall results " bSTG bH2 bH2 bRT "\n"); + " overall results " bSTG bH2 bH2 bRT "\n"); if (afl->non_instrumented_mode) { @@ -1007,7 +1007,7 @@ void show_stats_normal(afl_state_t *afl) { u_stringify_time_diff(time_tmp, afl->prev_run_time + cur_ms, afl->start_time); SAYF(bV bSTOP " run time : " cRST "%-33s " bSTG bV bSTOP - " cycles done : %s%-5s " bSTG bV "\n", + " cycles done : %s%-5s " bSTG bV "\n", time_tmp, tmp, u_stringify_int(IB(0), afl->queue_cycle - 1)); /* We want to warn people about not seeing new paths after a full cycle, @@ -1047,7 +1047,7 @@ void show_stats_normal(afl_state_t *afl) { u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time); SAYF(bV bSTOP "last saved crash : " cRST "%-33s " bSTG bV bSTOP - "saved crashes : %s%-6s" bSTG bV "\n", + "saved crashes : %s%-6s" bSTG bV "\n", time_tmp, crash_color, tmp); sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->saved_hangs), @@ -1055,12 +1055,12 @@ void show_stats_normal(afl_state_t *afl) { u_stringify_time_diff(time_tmp, cur_ms, afl->last_hang_time); SAYF(bV bSTOP " last saved hang : " cRST "%-33s " bSTG bV bSTOP - " saved hangs : " cRST "%-6s" bSTG bV "\n", + " saved hangs : " cRST "%-6s" bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bH2 bHB bH bSTOP cCYA - " map coverage" bSTG bHT bH20 bH2 bVL "\n"); + " map coverage" bSTG bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -1091,9 +1091,9 @@ void show_stats_normal(afl_state_t *afl) { SAYF(bSTOP " count coverage : " cRST "%-19s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bVL "\n"); + " findings in depth " bSTG bH10 bH5 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), ((double)afl->queued_favored) * 100 / afl->queued_items); @@ -1101,7 +1101,7 @@ void show_stats_normal(afl_state_t *afl) { /* Yeah... it's still going on... halp? */ SAYF(bV bSTOP " now trying : " cRST "%-22s " bSTG bV bSTOP - " favored items : " cRST "%-20s" bSTG bV "\n", + " favored items : " cRST "%-20s" bSTG bV "\n", afl->stage_name, tmp); if (!afl->stage_max) { @@ -1130,13 +1130,13 @@ void show_stats_normal(afl_state_t *afl) { if (afl->crash_mode) { SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP - " new crashes : %s%-20s" bSTG bV "\n", + " new crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } else { SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP - " total crashes : %s%-20s" bSTG bV "\n", + " total crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } @@ -1189,7 +1189,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " bit flips : " cRST "%-36s " bSTG bV bSTOP - " levels : " cRST "%-10s" bSTG bV "\n", + " levels : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->max_depth)); if (unlikely(!afl->skip_deterministic)) { @@ -1205,7 +1205,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " byte flips : " cRST "%-36s " bSTG bV bSTOP - " pending : " cRST "%-10s" bSTG bV "\n", + " pending : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed)); if (unlikely(!afl->skip_deterministic)) { @@ -1221,7 +1221,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " arithmetics : " cRST "%-36s " bSTG bV bSTOP - " pend fav : " cRST "%-10s" bSTG bV "\n", + " pend fav : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_favored)); if (unlikely(!afl->skip_deterministic)) { @@ -1237,7 +1237,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " known ints : " cRST "%-36s " bSTG bV bSTOP - " own finds : " cRST "%-10s" bSTG bV "\n", + " own finds : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->queued_discovered)); if (unlikely(!afl->skip_deterministic)) { @@ -1263,7 +1263,7 @@ void show_stats_normal(afl_state_t *afl) { } SAYF(bV bSTOP " dictionary : " cRST "%-36s " bSTG bV bSTOP - " imported : " cRST "%-10s" bSTG bV "\n", + " imported : " cRST "%-10s" bSTG bV "\n", tmp, afl->sync_id ? u_stringify_int(IB(0), afl->queued_imported) : (u8 *)"n/a"); @@ -1451,8 +1451,8 @@ void show_stats_normal(afl_state_t *afl) { /* Last line */ - SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP " strategy:" cPIN - " %s " bSTG bH10 cCYA bSTOP " state:" cPIN + SAYF(SET_G1 "\n" bSTG bLB bH cCYA bSTOP " strategy:" cPIN + " %s " bSTG bH10 cCYA bSTOP " state:" cPIN " %s " bSTG bH2 bRB bSTOP cRST RESET_G1, afl->fuzz_mode == 0 ? "explore" : "exploit", get_fuzzing_state(afl)); @@ -1821,8 +1821,8 @@ void show_stats_pizza(afl_state_t *afl) { } u_stringify_time_diff(time_tmp, afl->prev_run_time + cur_ms, afl->start_time); - SAYF(bV bSTOP - " open time : " cRST "%-37s " bSTG bV bSTOP + SAYF(bV bSTOP + " open time : " cRST "%-37s " bSTG bV bSTOP " seasons done : %s%-5s " bSTG bV "\n", time_tmp, tmp, u_stringify_int(IB(0), afl->queue_cycle - 1)); @@ -1865,7 +1865,7 @@ void show_stats_pizza(afl_state_t *afl) { (afl->saved_crashes >= KEEP_UNIQUE_CRASH) ? "+" : ""); u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time); - SAYF(bV bSTOP + SAYF(bV bSTOP " last ordered pizza : " cRST "%-33s " bSTG bV bSTOP " at table : %s%-6s " bSTG bV "\n", time_tmp, crash_color, tmp); @@ -1874,15 +1874,15 @@ void show_stats_pizza(afl_state_t *afl) { (afl->saved_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); u_stringify_time_diff(time_tmp, cur_ms, afl->last_hang_time); - SAYF(bV bSTOP + SAYF(bV bSTOP " last conversation with customers : " cRST "%-33s " bSTG bV bSTOP " number of Peroni : " cRST "%-6s " bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA " Baking progress " bSTG bH30 bH20 bH5 bH bX bH bSTOP cCYA - " Pizzeria busyness" bSTG bH30 bH5 bH bH bVL "\n"); + " Pizzeria busyness" bSTG bH30 bH5 bH bH bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -1918,8 +1918,8 @@ void show_stats_pizza(afl_state_t *afl) { SAYF(bSTOP " count coverage : " cRST "%-19s " bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA - " Pizzas almost ready " bSTG bH30 bH20 bH2 bH bX bH bSTOP cCYA + SAYF(bVR bH bSTOP cCYA + " Pizzas almost ready " bSTG bH30 bH20 bH2 bH bX bH bSTOP cCYA " Types of pizzas cooking " bSTG bH10 bH5 bH2 bH10 bH2 bH bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), @@ -1928,7 +1928,7 @@ void show_stats_pizza(afl_state_t *afl) { /* Yeah... it's still going on... halp? */ SAYF(bV bSTOP " now preparing : " cRST - "%-22s " bSTG bV bSTOP + "%-22s " bSTG bV bSTOP " favourite topping : " cRST "%-20s" bSTG bV "\n", afl->stage_name, tmp); @@ -1961,14 +1961,14 @@ void show_stats_pizza(afl_state_t *afl) { if (afl->crash_mode) { SAYF(bV bSTOP " total pizzas : " cRST - "%-22s " bSTG bV bSTOP + "%-22s " bSTG bV bSTOP " pizzas with pineapple : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } else { SAYF(bV bSTOP " total pizzas : " cRST - "%-22s " bSTG bV bSTOP + "%-22s " bSTG bV bSTOP " total pizzas with pineapple : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); @@ -2005,7 +2005,7 @@ void show_stats_pizza(afl_state_t *afl) { /* Aaaalmost there... hold on! */ SAYF(bVR bH cCYA bSTOP " Promotional campaign on TikTok yields " bSTG bH30 bH2 - bH bH2 bX bH bSTOP cCYA + bH bH2 bX bH bSTOP cCYA " Customer type " bSTG bH5 bH2 bH30 bH2 bH bVL "\n"); if (unlikely(afl->custom_only)) { @@ -2028,8 +2028,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " pizzas for celiac : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " pizzas for celiac : " cRST "%-36s " bSTG bV bSTOP " levels : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->max_depth)); @@ -2046,8 +2046,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " pizzas for kids : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " pizzas for kids : " cRST "%-36s " bSTG bV bSTOP " pizzas to make : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed)); @@ -2064,8 +2064,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " pizza bianca : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " pizza bianca : " cRST "%-36s " bSTG bV bSTOP " nice table : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_favored)); @@ -2082,8 +2082,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " recurring customers : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " recurring customers : " cRST "%-36s " bSTG bV bSTOP " new customers : " cRST "%-10s " bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->queued_discovered)); @@ -2110,8 +2110,8 @@ void show_stats_pizza(afl_state_t *afl) { } - SAYF(bV bSTOP - " dictionary : " cRST "%-36s " bSTG bV bSTOP + SAYF(bV bSTOP + " dictionary : " cRST "%-36s " bSTG bV bSTOP " patrons from old resturant : " cRST "%-10s " bSTG bV "\n", tmp, diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 1546597e..726a2260 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2237,6 +2237,7 @@ int main(int argc, char **argv_orig, char **envp) { snprintf(fn, PATH_MAX, "%s/fastresume.bin", afl->out_dir); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fn, "rb")) != NULL) { + #else if ((fr_fd = open(fn, O_RDONLY)) >= 0) { @@ -3340,9 +3341,11 @@ stop_fuzzing: ACTF("Writing %s ...", fr); #ifdef HAVE_ZLIB if ((fr_fd = ZLIBOPEN(fr, "wb9")) != NULL) { + #else if ((fr_fd = open(fr, O_WRONLY | O_TRUNC | O_CREAT, DEFAULT_PERMISSION)) >= 0) { + #endif u8 ver_string[8]; -- cgit v1.2.3