rename env to AFL_IGNORE_PROBLEMS_COVERAGE

2025-06-14 02:58:08 +00:00 · 2023-04-25 16:47:37 +02:00
parent b96ba509d0
commit 21865c6224
5 changed files with 9 additions and 4 deletions
--- a/docs/FAQ.md
+++ b/docs/FAQ.md
@ -229,7 +229,8 @@ If you find an interesting or important question missing, submit it via
  If this is not a viable option, you can set `AFL_IGNORE_PROBLEMS=1` but then
  the existing map will be used also for the newly loaded libraries, which
  allows it to work, however, the efficiency of the fuzzing will be partially
-  degraded.
+  degraded. Note that there is additionally `AFL_IGNORE_PROBLEMS_COVERAGE` to
+  additionally tell AFL++ to ignore any coverage from the late loaded libaries.
 </p></details>

 <details>
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@ -406,7 +406,8 @@ checks or alter some of the more exotic semantics of the tool:

  - If afl-fuzz encounters an incorrect fuzzing setup during a fuzzing session
    (not at startup), it will terminate. If you do not want this, then you can
-    set `AFL_IGNORE_PROBLEMS`.
+    set `AFL_IGNORE_PROBLEMS`. If you additionally want to also ignore coverage
+    from late loaded libraries, you can set `AFL_IGNORE_PROBLEMS_COVERAGE`.

  - When running in the `-M` or `-S` mode, setting `AFL_IMPORT_FIRST` causes the
    fuzzer to import test cases from other instances before doing anything else.
--- a/include/envs.h
+++ b/include/envs.h
@ -106,6 +106,7 @@ static char *afl_environment_variables[] = {
    "AFL_HARDEN",
    "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES",
    "AFL_IGNORE_PROBLEMS",
+    "AFL_IGNORE_PROBLEMS_COVERAGE",
    "AFL_IGNORE_TIMEOUTS",
    "AFL_IGNORE_UNKNOWN_ENVS",
    "AFL_IMPORT_FIRST",
--- a/instrumentation/afl-compiler-rt.o.c
+++ b/instrumentation/afl-compiler-rt.o.c
@ -1565,13 +1565,13 @@ void __sanitizer_cov_trace_pc_guard_init(uint32_t *start, uint32_t *stop) {
          "be able to fuzz them or LD_PRELOAD to run outside of afl-fuzz.\n"
          "To ignore this set AFL_IGNORE_PROBLEMS=1 but this will lead to "
          "ambiguous coverage data.\n"
-          "In addition, you can set AFL_LLVM_IGNORE_PROBLEMS_COVERAGE=1 to "
+          "In addition, you can set AFL_IGNORE_PROBLEMS_COVERAGE=1 to "
          "ignore the additional coverage instead (use with caution!).\n");
      abort();

    } else {

-      u8 ignore_dso_after_fs = !!getenv("AFL_LLVM_IGNORE_PROBLEMS_COVERAGE");
+      u8 ignore_dso_after_fs = !!getenv("AFL_IGNORE_PROBLEMS_COVERAGE");
      if (__afl_debug && ignore_dso_after_fs) {

        fprintf(stderr, "Ignoring coverage from dynamically loaded code\n");
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -259,6 +259,8 @@ static void usage(u8 *argv0, int more_help) {
      "AFL_HANG_TMOUT: override timeout value (in milliseconds)\n"
      "AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES: don't warn about core dump handlers\n"
      "AFL_IGNORE_PROBLEMS: do not abort fuzzing if an incorrect setup is detected\n"
+      "AFL_IGNORE_PROBLEMS_COVERAGE: if set in addition to AFL_IGNORE_PROBLEMS - also\n
+      "                              ignore those libs for coverage\n"
      "AFL_IGNORE_TIMEOUTS: do not process or save any timeouts\n"
      "AFL_IGNORE_UNKNOWN_ENVS: don't warn on unknown env vars\n"
      "AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n"