From d32b1d6b0c03cfc223c26c9af661c2592469a0de Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Fri, 12 Mar 2021 03:46:50 +0100
Subject: [PATCH 1/7] unique crashes yellow on resume (#801)

---
 src/afl-fuzz-stats.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
index 2e7de7b3..99059a2d 100644
--- a/src/afl-fuzz-stats.c
+++ b/src/afl-fuzz-stats.c
@@ -645,6 +645,13 @@ void show_stats(afl_state_t *afl) {
 #define SP10 SP5 SP5
 #define SP20 SP10 SP10
 
+  /* Since `total_crashes` does not get reloaded from disk on restart,
+    it indicates if we found crashes this round already -> paint red.
+    If it's 0, but `unique_crashes` is set from a past run, paint in yellow. */
+  char *crash_color = afl->total_crashes    ? cLRD
+                      : afl->unique_crashes ? cYEL
+                                            : cRST;
+
   /* Lord, forgive me this. */
 
   SAYF(SET_G1 bSTG bLT bH bSTOP                         cCYA
@@ -732,7 +739,7 @@ void show_stats(afl_state_t *afl) {
   u_stringify_time_diff(time_tmp, cur_ms, afl->last_crash_time);
   SAYF(bV bSTOP " last uniq crash : " cRST "%-33s " bSTG bV bSTOP
                 " uniq crashes : %s%-6s" bSTG               bV "\n",
-       time_tmp, afl->unique_crashes ? cLRD : cRST, tmp);
+       time_tmp, crash_color, tmp);
 
   sprintf(tmp, "%s%s", u_stringify_int(IB(0), afl->unique_hangs),
           (afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : "");
@@ -815,20 +822,13 @@ void show_stats(afl_state_t *afl) {
 
     SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP
                   "   new crashes : %s%-22s" bSTG         bV "\n",
-         u_stringify_int(IB(0), afl->fsrv.total_execs),
-         afl->unique_crashes ? cLRD : cRST, tmp);
+         u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp);
 
   } else {
 
     SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP
                   " total crashes : %s%-22s" bSTG         bV "\n",
-         u_stringify_int(IB(0), afl->fsrv.total_execs),
-         // New crashes this round -> Red, restored crashes -> yellow, else
-         // white.
-         afl->total_crashes    ? cLRD
-         : afl->unique_crashes ? cYEL
-                               : cRST,
-         tmp);
+         u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp);
 
   }
 

From 3753f56c254ac96023fbc295777b13d80a7a9d31 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Fri, 12 Mar 2021 03:47:12 +0100
Subject: [PATCH 2/7] make get_offsets executable

---
 src/afl-fuzz.c                                | 4 ++--
 unicorn_mode/samples/speedtest/get_offsets.py | 0
 2 files changed, 2 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 unicorn_mode/samples/speedtest/get_offsets.py

diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 7fe89c11..ff27048a 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -1597,8 +1597,8 @@ int main(int argc, char **argv_orig, char **envp) {
 
     // only reinitialize when it makes sense
     if ((map_size < new_map_size ||
-        (new_map_size != MAP_SIZE && new_map_size < map_size &&
-         map_size - new_map_size > MAP_SIZE))) {
+         (new_map_size != MAP_SIZE && new_map_size < map_size &&
+          map_size - new_map_size > MAP_SIZE))) {
 
       OKF("Re-initializing maps to %u bytes", new_map_size);
 
diff --git a/unicorn_mode/samples/speedtest/get_offsets.py b/unicorn_mode/samples/speedtest/get_offsets.py
old mode 100644
new mode 100755

From f1d8a01047246cd5981cac6ad51850e98c8382c1 Mon Sep 17 00:00:00 2001
From: Dominik Maier <domenukk@gmail.com>
Date: Fri, 12 Mar 2021 03:55:18 +0100
Subject: [PATCH 3/7] added ui change to changelog

---
 docs/Changelog.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/Changelog.md b/docs/Changelog.md
index c475911d..8f3e588c 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -13,6 +13,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
     - fix sanitizer settings (bug since 3.10c)
     - add non-unicode variants from unicode-looking dictionary entries
     - Rust custom mutator API improvements
+    - Imported crash stats painted yellow on resume (only new ones are red)
   - afl-cc:
     - added AFL_NOOPT that will just pass everything to the normal
       gcc/clang compiler without any changes - to pass weird configure

From db342c9c8126ec6dcef59b561a3b319951bbad08 Mon Sep 17 00:00:00 2001
From: MarcoFalke <falke.marco@gmail.com>
Date: Sat, 13 Mar 2021 11:03:08 +0100
Subject: [PATCH 4/7] doc: Clarify default value of N iterations in
 aflpp_driver

---
 utils/aflpp_driver/aflpp_driver.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c
index 6af79e14..9c97607c 100644
--- a/utils/aflpp_driver/aflpp_driver.c
+++ b/utils/aflpp_driver/aflpp_driver.c
@@ -204,7 +204,7 @@ int main(int argc, char **argv) {
       "To fuzz with afl-fuzz execute this:\n"
       "  afl-fuzz [afl-flags] -- %s [-N]\n"
       "afl-fuzz will run N iterations before re-spawning the process (default: "
-      "1000)\n"
+      "INT_MAX)\n"
       "======================================================\n",
       argv[0], argv[0]);
 

From 61c8304f246527563d8be7e85d47f5ffc24682ba Mon Sep 17 00:00:00 2001
From: aflpp <aflpp@aflplus.plus>
Date: Mon, 15 Mar 2021 20:32:01 +0100
Subject: [PATCH 5/7] fixes

---
 src/afl-fuzz-queue.c | 2 +-
 src/afl-fuzz.c       | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c
index 835aba40..b2f88205 100644
--- a/src/afl-fuzz-queue.c
+++ b/src/afl-fuzz-queue.c
@@ -325,7 +325,7 @@ static u8 check_if_text(afl_state_t *afl, struct queue_entry *q) {
 
   if (len >= MAX_FILE) len = MAX_FILE - 1;
   if ((fd = open(q->fname, O_RDONLY)) < 0) return 0;
-  buf = afl_realloc(AFL_BUF_PARAM(in_scratch), len);
+  buf = afl_realloc(AFL_BUF_PARAM(in_scratch), len + 1);
   comp = read(fd, buf, len);
   close(fd);
   if (comp != (ssize_t)len) return 0;
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index ff27048a..64e4b869 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -1680,6 +1680,7 @@ int main(int argc, char **argv_orig, char **envp) {
       setenv("AFL_NO_AUTODICT", "1", 1);  // loaded already
       afl->fsrv.trace_bits =
           afl_shm_init(&afl->shm, new_map_size, afl->non_instrumented_mode);
+      afl->cmplog_fsrv.trace_bits = afl->fsrv.trace_bits;
       afl_fsrv_start(&afl->fsrv, afl->argv, &afl->stop_soon,
                      afl->afl_env.afl_debug_child);
       afl_fsrv_start(&afl->cmplog_fsrv, afl->argv, &afl->stop_soon,

From aa6a50c2b4abbedee8e2aaf6d32a560f8cbc085c Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Mon, 15 Mar 2021 23:01:07 +0100
Subject: [PATCH 6/7] fix test

---
 test/test-llvm.sh       | 2 +-
 unicorn_mode/unicornafl | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)
 delete mode 160000 unicorn_mode/unicornafl

diff --git a/test/test-llvm.sh b/test/test-llvm.sh
index 6503cd98..aa36af1b 100755
--- a/test/test-llvm.sh
+++ b/test/test-llvm.sh
@@ -164,7 +164,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && {
     echo ZZZZ > in/in
     $ECHO "$GREY[*] running afl-fuzz with floating point splitting, this will take max. 45 seconds"
     {
-      AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -Z -s 1 -V45 -m ${MEM_LIMIT} -i in -o out -D -- ./test-floatingpoint >>errors 2>&1
+      AFL_BENCH_UNTIL_CRASH=1 AFL_NO_UI=1 ../afl-fuzz -Z -s 123 -V50 -m ${MEM_LIMIT} -i in -o out -D -- ./test-floatingpoint >>errors 2>&1
     } >>errors 2>&1
     test -n "$( ls out/default/crashes/id:* 2>/dev/null )" && {
       $ECHO "$GREEN[+] llvm_mode laf-intel floatingpoint splitting feature works correctly"
diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl
deleted file mode 160000
index fb2fc9f2..00000000
--- a/unicorn_mode/unicornafl
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit fb2fc9f25df32f17f6b6b859e4dbd70f9a857e0c

From ac795ae1e154df87d422eb9a307ee1f40fcb701f Mon Sep 17 00:00:00 2001
From: vanhauser-thc <vh@thc.org>
Date: Mon, 15 Mar 2021 23:08:28 +0100
Subject: [PATCH 7/7] v3.11c release

---
 README.md         | 4 ++--
 docs/Changelog.md | 4 +++-
 include/config.h  | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 0deaca22..69e5bb74 100644
--- a/README.md
+++ b/README.md
@@ -2,9 +2,9 @@
 
   <img align="right" src="https://raw.githubusercontent.com/andreafioraldi/AFLplusplus-website/master/static/logo_256x256.png" alt="AFL++ Logo">
 
-  Release Version: [3.10c](https://github.com/AFLplusplus/AFLplusplus/releases)
+  Release Version: [3.11c](https://github.com/AFLplusplus/AFLplusplus/releases)
 
-  Github Version: 3.11a
+  Github Version: 3.12a
 
   Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus)
 
diff --git a/docs/Changelog.md b/docs/Changelog.md
index 8f3e588c..1c735a70 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -8,9 +8,11 @@
 Want to stay in the loop on major new features? Join our mailing list by
 sending a mail to <afl-users+subscribe@googlegroups.com>.
 
-### Version ++3.11a (dev)
+### Version ++3.11c (release)
   - afl-fuzz:
+    - better auto detection of map size
     - fix sanitizer settings (bug since 3.10c)
+    - fix an off-by-one overwrite in cmplog
     - add non-unicode variants from unicode-looking dictionary entries
     - Rust custom mutator API improvements
     - Imported crash stats painted yellow on resume (only new ones are red)
diff --git a/include/config.h b/include/config.h
index 6ada0fbe..cc8024ea 100644
--- a/include/config.h
+++ b/include/config.h
@@ -26,7 +26,7 @@
 /* Version string: */
 
 // c = release, a = volatile github dev, e = experimental branch
-#define VERSION "++3.11a"
+#define VERSION "++3.11c"
 
 /******************************************************
  *                                                    *