ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 03:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

AFL_DISABLE_REDUNDANT

Browse Source
This commit is contained in:
vanhauser-thc
2024-05-02 08:35:24 +02:00
parent 5d623a27ed
commit 26eaf53a83
9 changed files with 27 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Changelog.md
View File

@ -5,6 +5,7 @@
### Version ++4.21a (dev) ### Version ++4.21a (dev)
* afl-fuzz * afl-fuzz
- added AFL_DISABLE_REDUNDANT for huge queues
- fix AFL_PERSISTENT_RECORD - fix AFL_PERSISTENT_RECORD
- prevent filenames in the queue that have spaces - prevent filenames in the queue that have spaces
- minor fix for FAST schedules - minor fix for FAST schedules
@ -13,6 +14,7 @@
- ensure shared memory variables are visible in weird build setups - ensure shared memory variables are visible in weird build setups
* afl-cmin * afl-cmin
- work with input files that have a space - work with input files that have a space
* enhanced the ASAN configuration
### Version ++4.20c (release) ### Version ++4.20c (release)

3
docs/env_variables.md
View File

@ -381,6 +381,9 @@ checks or alter some of the more exotic semantics of the tool:
- Setting `AFL_DISABLE_TRIM` tells afl-fuzz not to trim test cases. This is - Setting `AFL_DISABLE_TRIM` tells afl-fuzz not to trim test cases. This is
usually a bad idea! usually a bad idea!
- Setting `AFL_DISABLE_REDUNDANT` disables any queue items that are redundant.
This can be useful with huge queues.
- Setting `AFL_KEEP_TIMEOUTS` will keep longer running inputs if they reach - Setting `AFL_KEEP_TIMEOUTS` will keep longer running inputs if they reach
new coverage new coverage

2
include/afl-fuzz.h
View File

@ -452,7 +452,7 @@ typedef struct afl_env_vars {
afl_keep_timeouts, afl_no_crash_readme, afl_ignore_timeouts, afl_keep_timeouts, afl_no_crash_readme, afl_ignore_timeouts,
afl_no_startup_calibration, afl_no_warn_instability, afl_no_startup_calibration, afl_no_warn_instability,
afl_post_process_keep_original, afl_crashing_seeds_as_new_crash, afl_post_process_keep_original, afl_crashing_seeds_as_new_crash,
afl_final_sync, afl_ignore_seed_problems; afl_final_sync, afl_ignore_seed_problems, afl_disable_redundant;
u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
*afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload,

3
include/envs.h
View File

@ -26,7 +26,8 @@ static char *afl_environment_variables[] = {
"AFL_CUSTOM_MUTATOR_ONLY", "AFL_CUSTOM_INFO_PROGRAM", "AFL_CUSTOM_MUTATOR_ONLY", "AFL_CUSTOM_INFO_PROGRAM",
"AFL_CUSTOM_INFO_PROGRAM_ARGV", "AFL_CUSTOM_INFO_PROGRAM_INPUT", "AFL_CUSTOM_INFO_PROGRAM_ARGV", "AFL_CUSTOM_INFO_PROGRAM_INPUT",
"AFL_CUSTOM_INFO_OUT", "AFL_CXX", "AFL_CYCLE_SCHEDULES", "AFL_DEBUG", "AFL_CUSTOM_INFO_OUT", "AFL_CXX", "AFL_CYCLE_SCHEDULES", "AFL_DEBUG",
"AFL_DEBUG_CHILD", "AFL_DEBUG_GDB", "AFL_DEBUG_UNICORN", "AFL_DISABLE_TRIM", "AFL_DEBUG_CHILD", "AFL_DEBUG_GDB", "AFL_DEBUG_UNICORN",
"AFL_DISABLE_REDUNDANT", "AFL_DISABLE_TRIM",
"AFL_DISABLE_LLVM_INSTRUMENTATION", "AFL_DONT_OPTIMIZE", "AFL_DISABLE_LLVM_INSTRUMENTATION", "AFL_DONT_OPTIMIZE",
"AFL_DRIVER_STDERR_DUPLICATE_FILENAME", "AFL_DUMB_FORKSRV", "AFL_DRIVER_STDERR_DUPLICATE_FILENAME", "AFL_DUMB_FORKSRV",
"AFL_EARLY_FORKSERVER", "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", "AFL_EARLY_FORKSERVER", "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE",

7
src/afl-fuzz-init.c
View File

@ -933,10 +933,13 @@ void perform_dry_run(afl_state_t *afl) {
res = calibrate_case(afl, q, use_mem, 0, 1); res = calibrate_case(afl, q, use_mem, 0, 1);
/* For AFLFast schedules we update the queue entry */ /* For AFLFast schedules we update the queue entry */
if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE) && likely(q->exec_cksum)) { if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE) &&
likely(q->exec_cksum)) {
q->n_fuzz_entry = q->exec_cksum % N_FUZZ_SIZE; q->n_fuzz_entry = q->exec_cksum % N_FUZZ_SIZE;
} }
if (afl->stop_soon) { return; } if (afl->stop_soon) { return; }
if (res == afl->crash_mode || res == FSRV_RUN_NOBITS) { if (res == afl->crash_mode || res == FSRV_RUN_NOBITS) {

1
src/afl-fuzz-queue.c
View File

@ -370,6 +370,7 @@ void mark_as_redundant(afl_state_t *afl, struct queue_entry *q, u8 state) {
s32 fd; s32 fd;
if (unlikely(afl->afl_env.afl_disable_redundant)) { q->disabled = 1; }
fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); fd = open(fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
if (fd < 0) { PFATAL("Unable to create '%s'", fn); } if (fd < 0) { PFATAL("Unable to create '%s'", fn); }
close(fd); close(fd);

9
src/afl-fuzz-redqueen.c
View File

@ -2764,15 +2764,15 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
#ifdef _DEBUG #ifdef _DEBUG
u32 j; u32 j;
struct cmp_header *hh = &afl->orig_cmp_map->headers[key]; struct cmp_header *hh = &afl->orig_cmp_map->headers[key];
fprintf(stderr, "RTN N hits=%u shape=%u attr=%u v0=", h->hits, fprintf(stderr, "RTN N hits=%u shape=%u attr=%u v0=", h->hits, hshape,
hshape, h->attribute); h->attribute);
for (j = 0; j < 8; j++) for (j = 0; j < 8; j++)
fprintf(stderr, "%02x", o->v0[j]); fprintf(stderr, "%02x", o->v0[j]);
fprintf(stderr, " v1="); fprintf(stderr, " v1=");
for (j = 0; j < 8; j++) for (j = 0; j < 8; j++)
fprintf(stderr, "%02x", o->v1[j]); fprintf(stderr, "%02x", o->v1[j]);
fprintf(stderr, "\nRTN O hits=%u shape=%u attr=%u o0=", hh->hits, fprintf(stderr, "\nRTN O hits=%u shape=%u attr=%u o0=", hh->hits, hshape,
hshape, hh->attribute); hh->attribute);
for (j = 0; j < 8; j++) for (j = 0; j < 8; j++)
fprintf(stderr, "%02x", orig_o->v0[j]); fprintf(stderr, "%02x", orig_o->v0[j]);
fprintf(stderr, " o1="); fprintf(stderr, " o1=");
@ -3273,3 +3273,4 @@ exit_its:
return r; return r;
} }

7
src/afl-fuzz-state.c
View File

@ -293,6 +293,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
afl->afl_env.afl_cmplog_only_new = afl->afl_env.afl_cmplog_only_new =
get_afl_env(afl_environment_variables[i]) ? 1 : 0; get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_DISABLE_REDUNDANT",
afl_environment_variable_len)) {
afl->afl_env.afl_disable_redundant =
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_NO_STARTUP_CALIBRATION", } else if (!strncmp(env, "AFL_NO_STARTUP_CALIBRATION",
afl_environment_variable_len)) { afl_environment_variable_len)) {

1
src/afl-fuzz.c
View File

@ -264,6 +264,7 @@ static void usage(u8 *argv0, int more_help) {
"AFL_CYCLE_SCHEDULES: after completing a cycle, switch to a different -p schedule\n" "AFL_CYCLE_SCHEDULES: after completing a cycle, switch to a different -p schedule\n"
"AFL_DEBUG: extra debugging output for Python mode trimming\n" "AFL_DEBUG: extra debugging output for Python mode trimming\n"
"AFL_DEBUG_CHILD: do not suppress stdout/stderr from target\n" "AFL_DEBUG_CHILD: do not suppress stdout/stderr from target\n"
"AFL_DISABLE_REDUNDANT: disable any queue item that is redundant\n"
"AFL_DISABLE_TRIM: disable the trimming of test cases\n" "AFL_DISABLE_TRIM: disable the trimming of test cases\n"
"AFL_DUMB_FORKSRV: use fork server without feedback from target\n" "AFL_DUMB_FORKSRV: use fork server without feedback from target\n"
"AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n"