From 8bc2b52f6579ab44f536d1ccb818acf37b047ec7 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sun, 17 Oct 2021 13:03:01 +0200
Subject: format

---
 src/afl-showmap.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src')

diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index a04c1f5b..5df07bf2 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -243,10 +243,13 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) {
       (fsrv->last_run_timed_out || (!caa && child_crashed != cco))) {
 
     if (strcmp(outfile, "-")) {
+
       // create empty file to prevent error messages in afl-cmin
       fd = open(outfile, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
       close(fd);
+
     }
+
     return ret;
 
   }
-- 
cgit 1.4.1


From 45d668a671316821c3f9793381cb54956b535491 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Mon, 18 Oct 2021 13:17:07 +0200
Subject: better ui banner

---
 docs/Changelog.md    |  1 +
 include/afl-fuzz.h   |  1 -
 src/afl-fuzz-init.c  | 37 -------------------------------------
 src/afl-fuzz-stats.c | 49 +++++++++++++++++++++++++++++--------------------
 src/afl-fuzz.c       | 17 +++++++++++++----
 5 files changed, 43 insertions(+), 62 deletions(-)

(limited to 'src')

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 6db013cf..63896622 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -17,6 +17,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
       coverage being detected. thanks to Collin May for reporting!
     - fix -n dumb mode (nobody should use this)
     - fix stability issue with LTO and cmplog
+    - better banner
   - frida_mode: David Carlier added Android support :)
   - afl-showmap, afl-tmin and afl-analyze now honor persistent mode
     for more speed. thanks to dloffre-snl for reporting!
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 4b19e698..eaf55fb8 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -1130,7 +1130,6 @@ void   get_core_count(afl_state_t *);
 void   fix_up_sync(afl_state_t *);
 void   check_asan_opts(afl_state_t *);
 void   check_binary(afl_state_t *, u8 *);
-void   fix_up_banner(afl_state_t *, u8 *);
 void   check_if_tty(afl_state_t *);
 void   setup_signal_handlers(void);
 void   save_cmdline(afl_state_t *, u32, char **);
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 9bb25785..9c45f08a 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -2815,43 +2815,6 @@ void check_binary(afl_state_t *afl, u8 *fname) {
 
 }
 
-/* Trim and possibly create a banner for the run. */
-
-void fix_up_banner(afl_state_t *afl, u8 *name) {
-
-  if (!afl->use_banner) {
-
-    if (afl->sync_id) {
-
-      afl->use_banner = afl->sync_id;
-
-    } else {
-
-      u8 *trim = strrchr(name, '/');
-      if (!trim) {
-
-        afl->use_banner = name;
-
-      } else {
-
-        afl->use_banner = trim + 1;
-
-      }
-
-    }
-
-  }
-
-  if (strlen(afl->use_banner) > 32) {
-
-    u8 *tmp = ck_alloc(36);
-    sprintf(tmp, "%.32s...", afl->use_banner);
-    afl->use_banner = tmp;
-
-  }
-
-}
-
 /* Check if we're on TTY. */
 
 void check_if_tty(afl_state_t *afl) {
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index 870ba69a..0c06232b 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -441,9 +441,10 @@ void show_stats(afl_state_t *afl) {
   u64 cur_ms;
   u32 t_bytes, t_bits;
 
-  u32 banner_len, banner_pad;
-  u8  tmp[256];
-  u8  time_tmp[64];
+  static u8 banner[128];
+  u32       banner_len, banner_pad;
+  u8        tmp[256];
+  u8        time_tmp[64];
 
   u8 val_buf[8][STRINGIFY_VAL_SIZE_MAX];
 #define IB(i) (val_buf[(i)])
@@ -656,26 +657,34 @@ void show_stats(afl_state_t *afl) {
   }
 
   /* Let's start by drawing a centered banner. */
+  if (unlikely(!banner[0])) {
 
-  banner_len = (afl->crash_mode ? 24 : 22) + strlen(VERSION) +
-               strlen(afl->use_banner) + strlen(afl->power_name) + 3 + 5;
-  banner_pad = (79 - banner_len) / 2;
-  memset(tmp, ' ', banner_pad);
+    char *si = "";
+    if (afl->sync_id) { si = afl->sync_id; }
+    memset(banner, 0, sizeof(banner));
+    banner_len = (afl->crash_mode ? 20 : 18) + strlen(VERSION) + strlen(si) +
+                 strlen(afl->power_name) + 4 + 6;
 
-#ifdef HAVE_AFFINITY
-  sprintf(
-      tmp + banner_pad,
-      "%s " cLCY VERSION cLGN " (%s) " cPIN "[%s]" cBLU " {%d}",
-      afl->crash_mode ? cPIN "peruvian were-rabbit" : cYEL "american fuzzy lop",
-      afl->use_banner, afl->power_name, afl->cpu_aff);
-#else
-  sprintf(
-      tmp + banner_pad, "%s " cLCY VERSION cLGN " (%s) " cPIN "[%s]",
-      afl->crash_mode ? cPIN "peruvian were-rabbit" : cYEL "american fuzzy lop",
-      afl->use_banner, afl->power_name);
-#endif                                                     /* HAVE_AFFINITY */
+    if (strlen(afl->use_banner) + banner_len > 75) {
+
+      afl->use_banner += (strlen(afl->use_banner) + banner_len) - 76;
+      memset(afl->use_banner, '.', 3);
+
+    }
+
+    banner_len += strlen(afl->use_banner);
+    banner_pad = (79 - banner_len) / 2;
+    memset(banner, ' ', banner_pad);
+
+    sprintf(banner + banner_pad,
+            "%s " cLCY VERSION cLBL " {%s} " cLGN "(%s) " cPIN "[%s]",
+            afl->crash_mode ? cPIN "peruvian were-rabbit"
+                            : cYEL "american fuzzy lop",
+            si, afl->use_banner, afl->power_name);
+
+  }
 
-  SAYF("\n%s\n", tmp);
+  SAYF("\n%s\n", banner);
 
   /* "Handy" shortcuts for drawing boxes... */
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 92a37697..26886a4f 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -1189,7 +1189,17 @@ int main(int argc, char **argv_orig, char **envp) {
 
   }
 
-  if (afl->sync_id) { fix_up_sync(afl); }
+  if (afl->sync_id) {
+
+    if (strlen(afl->sync_id) > 24) {
+
+      FATAL("sync_id max length is 24 characters");
+
+    }
+
+    fix_up_sync(afl);
+
+  }
 
   if (!strcmp(afl->in_dir, afl->out_dir)) {
 
@@ -1218,6 +1228,8 @@ int main(int argc, char **argv_orig, char **envp) {
 
   if (unlikely(afl->afl_env.afl_statsd)) { statsd_setup_format(afl); }
 
+  if (!afl->use_banner) { afl->use_banner = argv[optind]; }
+
   if (strchr(argv[optind], '/') == NULL && !afl->unicorn_mode) {
 
     WARNF(cLRD
@@ -1486,9 +1498,6 @@ int main(int argc, char **argv_orig, char **envp) {
   }
 
   save_cmdline(afl, argc, argv);
-
-  fix_up_banner(afl, argv[optind]);
-
   check_if_tty(afl);
   if (afl->afl_env.afl_force_ui) { afl->not_on_tty = 0; }
 
-- 
cgit 1.4.1


From 77a63d8ccfd4b409c35227e174f1d6e809256e41 Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue, 19 Oct 2021 13:59:31 +0200
Subject: execs field in filenames

---
 src/afl-fuzz-bitmap.c | 5 +++--
 src/afl-fuzz-init.c   | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index 0ae4d607..316067e4 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -317,8 +317,9 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) {
 
     }
 
-    sprintf(ret + strlen(ret), ",time:%llu",
-            get_cur_time() + afl->prev_run_time - afl->start_time);
+    sprintf(ret + strlen(ret), ",time:%llu,execs:%llu",
+            get_cur_time() + afl->prev_run_time - afl->start_time,
+            afl->fsrv.total_execs);
 
     if (afl->current_custom_fuzz &&
         afl->current_custom_fuzz->afl_custom_describe) {
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index 9bb25785..0fa8e6ec 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1325,8 +1325,8 @@ void pivot_inputs(afl_state_t *afl) {
 
       }
 
-      nfn = alloc_printf("%s/queue/id:%06u,time:0,orig:%s", afl->out_dir, id,
-                         use_name);
+      nfn = alloc_printf("%s/queue/id:%06u,time:0,execs:%llu,orig:%s", afl->out_dir, id,
+                         afl->fsrv.total_execs, use_name);
 
 #else
 
-- 
cgit 1.4.1


From 0bc3367b55b2f08c7c2588576af27567044dc0b6 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Tue, 19 Oct 2021 14:46:15 +0200
Subject: remove race condition

---
 src/afl-forkserver.c | 25 ++++++++++++++++++++++---
 1 file changed, 22 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 54f510c4..94ca3009 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -610,12 +610,24 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
 
     if (!time_ms) {
 
-      if (fsrv->fsrv_pid > 0) { kill(fsrv->fsrv_pid, fsrv->kill_signal); }
+      s32 tmp_pid = fsrv->fsrv_pid;
+      if (tmp_pid > 0) {
+
+        kill(tmp_pid, fsrv->kill_signal);
+        fsrv->fsrv_pid = 1;
+
+      }
 
     } else if (time_ms > fsrv->init_tmout) {
 
       fsrv->last_run_timed_out = 1;
-      if (fsrv->fsrv_pid > 0) { kill(fsrv->fsrv_pid, fsrv->kill_signal); }
+      s32 tmp_pid = fsrv->fsrv_pid;
+      if (tmp_pid > 0) {
+
+        kill(tmp_pid, fsrv->kill_signal);
+        fsrv->fsrv_pid = 1;
+
+      }
 
     } else {
 
@@ -1248,7 +1260,14 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
     /* If there was no response from forkserver after timeout seconds,
     we kill the child. The forkserver should inform us afterwards */
 
-    if (fsrv->child_pid > 0) { kill(fsrv->child_pid, fsrv->kill_signal); }
+    s32 tmp_pid = srv->child_pid;
+    if (tmp_pid > 0) {
+
+      kill(tmp_pid, fsrv->kill_signal);
+      fsrv->child_pid = -1
+
+    }
+
     fsrv->last_run_timed_out = 1;
     if (read(fsrv->fsrv_st_fd, &fsrv->child_status, 4) < 4) { exec_ms = 0; }
 
-- 
cgit 1.4.1


From 90786e2ce9970c52e661c0fe290cb78a1a063004 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Tue, 19 Oct 2021 15:20:59 +0200
Subject: fix

---
 src/afl-forkserver.c | 4 ++--
 test/test-pre.sh     | 2 ++
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 94ca3009..71667262 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -1260,11 +1260,11 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
     /* If there was no response from forkserver after timeout seconds,
     we kill the child. The forkserver should inform us afterwards */
 
-    s32 tmp_pid = srv->child_pid;
+    s32 tmp_pid = fsrv->child_pid;
     if (tmp_pid > 0) {
 
       kill(tmp_pid, fsrv->kill_signal);
-      fsrv->child_pid = -1
+      fsrv->child_pid = -1;
 
     }
 
diff --git a/test/test-pre.sh b/test/test-pre.sh
index 7819da47..e12d95be 100755
--- a/test/test-pre.sh
+++ b/test/test-pre.sh
@@ -88,6 +88,8 @@ unset AFL_QEMU_PERSISTENT_GPR
 unset AFL_QEMU_PERSISTENT_RET
 unset AFL_QEMU_PERSISTENT_HOOK
 unset AFL_QEMU_PERSISTENT_CNT
+unset AFL_QEMU_PERSISTENT_MEM
+unset AFL_QEMU_PERSISTENT_EXITS
 unset AFL_CUSTOM_MUTATOR_LIBRARY
 unset AFL_PYTHON_MODULE
 unset AFL_PRELOAD
-- 
cgit 1.4.1


From e03897a0703673aa0de7772185a5b5230641cb6a Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sat, 23 Oct 2021 20:54:24 +0200
Subject: fix timeout bug in afl tools

---
 docs/Changelog.md   |  6 ++++--
 src/afl-analyze.c   | 12 ++++++++++++
 src/afl-fuzz-init.c |  4 ++--
 src/afl-showmap.c   | 13 +++++++++++++
 src/afl-tmin.c      | 12 ++++++++++++
 5 files changed, 43 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 63896622..04b2fb2e 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -19,8 +19,10 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - fix stability issue with LTO and cmplog
     - better banner
   - frida_mode: David Carlier added Android support :)
-  - afl-showmap, afl-tmin and afl-analyze now honor persistent mode
-    for more speed. thanks to dloffre-snl for reporting!
+  - afl-showmap, afl-tmin and afl-analyze:
+    - honor persistent mode for more speed. thanks to dloffre-snl for
+      reporting!
+    - fix bug where targets are not killed on timeouts
   - Prevent accidently killing non-afl/fuzz services when aborting
     afl-showmap and other tools.
   - afl-cc:
diff --git a/src/afl-analyze.c b/src/afl-analyze.c
index 8295488d..09b01541 100644
--- a/src/afl-analyze.c
+++ b/src/afl-analyze.c
@@ -120,6 +120,17 @@ static u8 count_class_lookup[256] = {
 #undef TIMES8
 #undef TIMES4
 
+static void kill_child() {
+
+  if (fsrv.child_pid > 0) {
+
+    kill(fsrv.child_pid, fsrv.kill_signal);
+    fsrv.child_pid = -1;
+
+  }
+
+}
+
 static void classify_counts(u8 *mem) {
 
   u32 i = map_size;
@@ -1053,6 +1064,7 @@ int main(int argc, char **argv_orig, char **envp) {
   fsrv.target_path = find_binary(argv[optind]);
   fsrv.trace_bits = afl_shm_init(&shm, map_size, 0);
   detect_file_args(argv + optind, fsrv.out_file, &use_stdin);
+  signal(SIGALRM, kill_child);
 
   if (qemu_mode) {
 
diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c
index f0e1a80d..1170715f 100644
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@@ -1325,8 +1325,8 @@ void pivot_inputs(afl_state_t *afl) {
 
       }
 
-      nfn = alloc_printf("%s/queue/id:%06u,time:0,execs:%llu,orig:%s", afl->out_dir, id,
-                         afl->fsrv.total_execs, use_name);
+      nfn = alloc_printf("%s/queue/id:%06u,time:0,execs:%llu,orig:%s",
+                         afl->out_dir, id, afl->fsrv.total_execs, use_name);
 
 #else
 
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 5df07bf2..3a244c04 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -146,6 +146,17 @@ static const u8 count_class_binary[256] = {
 #undef TIMES8
 #undef TIMES4
 
+static void kill_child() {
+
+  if (fsrv->child_pid > 0) {
+
+    kill(fsrv->child_pid, fsrv->kill_signal);
+    fsrv->child_pid = -1;
+
+  }
+
+}
+
 static void classify_counts(afl_forkserver_t *fsrv) {
 
   u8 *      mem = fsrv->trace_bits;
@@ -526,6 +537,8 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) {
 
   }
 
+  signal(SIGALRM, kill_child);
+
   setitimer(ITIMER_REAL, &it, NULL);
 
   if (waitpid(fsrv->child_pid, &status, 0) <= 0) { FATAL("waitpid() failed"); }
diff --git a/src/afl-tmin.c b/src/afl-tmin.c
index 4f3a6b80..ce2a0b8f 100644
--- a/src/afl-tmin.c
+++ b/src/afl-tmin.c
@@ -120,6 +120,17 @@ static const u8 count_class_lookup[256] = {
 #undef TIMES8
 #undef TIMES4
 
+static void kill_child() {
+
+  if (fsrv->child_pid > 0) {
+
+    kill(fsrv->child_pid, fsrv->kill_signal);
+    fsrv->child_pid = -1;
+
+  }
+
+}
+
 static sharedmem_t *deinit_shmem(afl_forkserver_t *fsrv,
                                  sharedmem_t *     shm_fuzz) {
 
@@ -1125,6 +1136,7 @@ int main(int argc, char **argv_orig, char **envp) {
   fsrv->target_path = find_binary(argv[optind]);
   fsrv->trace_bits = afl_shm_init(&shm, map_size, 0);
   detect_file_args(argv + optind, out_file, &fsrv->use_stdin);
+  signal(SIGALRM, kill_child);
 
   if (fsrv->qemu_mode) {
 
-- 
cgit 1.4.1


From a7ee11a1747347847b06a4226f2800dd780f7c16 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sun, 24 Oct 2021 19:35:58 +0200
Subject: fix

---
 src/afl-forkserver.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index 71667262..c570a2bb 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -603,7 +603,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
   /* Wait for the fork server to come up, but don't wait too long. */
 
   rlen = 0;
-  if (fsrv->exec_tmout) {
+  if (fsrv->init_tmout) {
 
     u32 time_ms = read_s32_timed(fsrv->fsrv_st_fd, &status, fsrv->init_tmout,
                                  stop_soon_p);
@@ -614,7 +614,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
       if (tmp_pid > 0) {
 
         kill(tmp_pid, fsrv->kill_signal);
-        fsrv->fsrv_pid = 1;
+        fsrv->fsrv_pid = -1;
 
       }
 
@@ -625,7 +625,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
       if (tmp_pid > 0) {
 
         kill(tmp_pid, fsrv->kill_signal);
-        fsrv->fsrv_pid = 1;
+        fsrv->fsrv_pid = -1;
 
       }
 
@@ -1301,7 +1301,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
 
   }
 
-  if (!WIFSTOPPED(fsrv->child_status)) { fsrv->child_pid = 0; }
+  if (!WIFSTOPPED(fsrv->child_status)) { fsrv->child_pid = -1 ; }
 
   fsrv->total_execs++;
 
-- 
cgit 1.4.1


From 0f49463edec0c019bd098659fa74c58a2d28c439 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sun, 24 Oct 2021 19:41:06 +0200
Subject: fix

---
 src/afl-forkserver.c    | 2 +-
 src/afl-showmap.c       | 9 ++++++---
 unicorn_mode/unicornafl | 2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

(limited to 'src')

diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
index c570a2bb..80b295e0 100644
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@@ -1301,7 +1301,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout,
 
   }
 
-  if (!WIFSTOPPED(fsrv->child_status)) { fsrv->child_pid = -1 ; }
+  if (!WIFSTOPPED(fsrv->child_status)) { fsrv->child_pid = -1; }
 
   fsrv->total_execs++;
 
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
index 3a244c04..3826e385 100644
--- a/src/afl-showmap.c
+++ b/src/afl-showmap.c
@@ -77,7 +77,7 @@ static u32 tcnt, highest;              /* tuple content information         */
 
 static u32 in_len;                     /* Input data length                 */
 
-static u32 map_size = MAP_SIZE;
+static u32 map_size = MAP_SIZE, timed_out = 0;
 
 static bool quiet_mode,                /* Hide non-essential messages?      */
     edges_only,                        /* Ignore hit counts?                */
@@ -148,6 +148,7 @@ static const u8 count_class_binary[256] = {
 
 static void kill_child() {
 
+  timed_out = 1;
   if (fsrv->child_pid > 0) {
 
     kill(fsrv->child_pid, fsrv->kill_signal);
@@ -373,9 +374,10 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem,
 
   if (!quiet_mode) {
 
-    if (fsrv->last_run_timed_out) {
+    if (timed_out || fsrv->last_run_timed_out) {
 
       SAYF(cLRD "\n+++ Program timed off +++\n" cRST);
+      timed_out = 0;
 
     } else if (stop_soon) {
 
@@ -581,9 +583,10 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) {
 
   if (!quiet_mode) {
 
-    if (fsrv->last_run_timed_out) {
+    if (timed_out || fsrv->last_run_timed_out) {
 
       SAYF(cLRD "\n+++ Program timed off +++\n" cRST);
+      timed_out = 0;
 
     } else if (stop_soon) {
 
diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl
index 94617f5b..d4915053 160000
--- a/unicorn_mode/unicornafl
+++ b/unicorn_mode/unicornafl
@@ -1 +1 @@
-Subproject commit 94617f5bee0c08a5cbd1a1aa73f59cd973dfb17f
+Subproject commit d4915053d477dd827b3fe4b494173d3fbf9f456e
-- 
cgit 1.4.1


From 0348ede4bc47264473efdac86415b9c805bdda40 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sun, 24 Oct 2021 19:53:07 +0200
Subject: fix gcc warning

---
 src/afl-cc.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/afl-cc.c b/src/afl-cc.c
index e49addc4..77407a98 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -1007,7 +1007,11 @@ static void edit_params(u32 argc, char **argv, char **envp) {
   }
 
   // prevent unnecessary build errors
-  cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument";
+  if (compiler_mode != GCC_PLUGIN && compiler_mode != GCC) {
+
+    cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument";
+
+  }
 
   if (preprocessor_only || have_c) {
 
-- 
cgit 1.4.1


From efec2b5a99d8f229eec4123e28c79a15389fe6bb Mon Sep 17 00:00:00 2001
From: lazymio <mio@lazym.io>
Date: Mon, 25 Oct 2021 16:05:58 +0200
Subject: Update real_map_size when doing a realloc

---
 src/afl-fuzz.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 26886a4f..34f3377b 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -1706,7 +1706,7 @@ int main(int argc, char **argv_orig, char **envp) {
   if (afl->non_instrumented_mode || afl->fsrv.qemu_mode ||
       afl->fsrv.frida_mode || afl->unicorn_mode) {
 
-    map_size = afl->fsrv.map_size = MAP_SIZE;
+    map_size = afl->fsrv.real_map_size = afl->fsrv.map_size = MAP_SIZE;
     afl->virgin_bits = ck_realloc(afl->virgin_bits, map_size);
     afl->virgin_tmout = ck_realloc(afl->virgin_tmout, map_size);
     afl->virgin_crash = ck_realloc(afl->virgin_crash, map_size);
-- 
cgit 1.4.1


From 36d8f979724de64ad986acd3b9fe8933e99950c4 Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Thu, 28 Oct 2021 15:38:50 +0200
Subject: gcc instrumentation opt

---
 src/afl-cc.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src')

diff --git a/src/afl-cc.c b/src/afl-cc.c
index 77407a98..ed6390ce 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -423,6 +423,8 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
     char *fplugin_arg = alloc_printf("-fplugin=%s/afl-gcc-pass.so", obj_path);
     cc_params[cc_par_cnt++] = fplugin_arg;
+    cc_params[cc_par_cnt++] = "-fno-if-conversion";
+    cc_params[cc_par_cnt++] = "-fno-if-conversion2";
 
   }
 
-- 
cgit 1.4.1


From c64735df9e87f2ee15ea32208be85e481c78814b Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Sun, 31 Oct 2021 11:55:36 +0100
Subject: help gcc

---
 src/afl-cc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src')

diff --git a/src/afl-cc.c b/src/afl-cc.c
index ed6390ce..e7f08aac 100644
--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@@ -737,6 +737,14 @@ static void edit_params(u32 argc, char **argv, char **envp) {
 
     }
 
+    if ((compiler_mode == GCC || compiler_mode == GCC_PLUGIN) &&
+        !strncmp(cur, "-stdlib=", 8)) {
+
+      if (!be_quiet) { WARNF("Found '%s' - stripping!", cur); }
+      continue;
+
+    }
+
     if ((!strncmp(cur, "-fsanitize=fuzzer-", strlen("-fsanitize=fuzzer-")) ||
          !strncmp(cur, "-fsanitize-coverage", strlen("-fsanitize-coverage"))) &&
         (strncmp(cur, "sanitize-coverage-allow",
-- 
cgit 1.4.1


From 3670412d2e6841f2cee26e3624a02c08a24671c8 Mon Sep 17 00:00:00 2001
From: yuan <ssspeed00@gmail.com>
Date: Wed, 3 Nov 2021 23:44:37 +0800
Subject: Fix request size & remove redundant code (#1139)

* fix request size

* fix null terminator index

* remove redundant code
---
 src/afl-common.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/afl-common.c b/src/afl-common.c
index db19f0a7..26a0d54b 100644
--- a/src/afl-common.c
+++ b/src/afl-common.c
@@ -217,11 +217,10 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
 
   }
 
-  char **new_argv = ck_alloc(sizeof(char *) * (argc + 4));
+  char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
   if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
 
   memcpy(&new_argv[3], &argv[1], (int)(sizeof(char *)) * (argc - 1));
-  new_argv[argc + 3] = NULL;
 
   new_argv[2] = *target_path_p;
   new_argv[1] = "--";
@@ -237,11 +236,10 @@ char **get_qemu_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
 
 char **get_wine_argv(u8 *own_loc, u8 **target_path_p, int argc, char **argv) {
 
-  char **new_argv = ck_alloc(sizeof(char *) * (argc + 3));
+  char **new_argv = ck_alloc(sizeof(char *) * (argc + 2));
   if (unlikely(!new_argv)) { FATAL("Illegal amount of arguments specified"); }
 
   memcpy(&new_argv[2], &argv[1], (int)(sizeof(char *)) * (argc - 1));
-  new_argv[argc + 2] = NULL;
 
   new_argv[1] = *target_path_p;
 
-- 
cgit 1.4.1