better examples

2025-06-18 04:38:08 +00:00 · 2020-12-09 11:07:14 +01:00
parent 2641082a76
commit 39a4fac941
5 changed files with 29 additions and 11 deletions
--- a/src/afl-sharedmem.c
+++ b/src/afl-sharedmem.c
@ -252,10 +252,10 @@ u8 *afl_shm_init(sharedmem_t *shm, size_t map_size,

    shm_str = alloc_printf("%d", shm->shm_id);

-    /* If somebody is asking us to fuzz instrumented binaries in non-instrumented
-       mode, we don't want them to detect instrumentation, since we won't be
-       sending fork server commands. This should be replaced with better
-       auto-detection later on, perhaps? */
+    /* If somebody is asking us to fuzz instrumented binaries in
+       non-instrumented mode, we don't want them to detect instrumentation,
+       since we won't be sending fork server commands. This should be replaced
+       with better auto-detection later on, perhaps? */

    setenv(SHM_ENV_VAR, shm_str, 1);

--- a/utils/persistent_mode/persistent_demo.c
+++ b/utils/persistent_mode/persistent_demo.c
@ -27,9 +27,15 @@
 #include <unistd.h>
 #include <signal.h>
 #include <string.h>
+#include <limits.h>

 /* Main entry point. */

+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {

  ssize_t len;                               /* how much input did we read? */
@ -42,7 +48,7 @@ int main(int argc, char **argv) {
     and similar hiccups. */

  __AFL_INIT();
-  while (__AFL_LOOP(1000)) {
+  while (__AFL_LOOP(UINT_MAX)) {

    /*** PLACEHOLDER CODE ***/

--- a/utils/persistent_mode/persistent_demo_new.c
+++ b/utils/persistent_mode/persistent_demo_new.c
@ -27,6 +27,7 @@
 #include <unistd.h>
 #include <signal.h>
 #include <string.h>
+#include <limits.h>

 /* this lets the source compile without afl-clang-fast/lto */
 #ifndef __AFL_FUZZ_TESTCASE_LEN
@ -47,6 +48,11 @@ __AFL_FUZZ_INIT();

 /* Main entry point. */

+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {

  ssize_t        len;                        /* how much input did we read? */
@ -60,7 +66,7 @@ int main(int argc, char **argv) {
  __AFL_INIT();
  buf = __AFL_FUZZ_TESTCASE_BUF;  // this must be assigned before __AFL_LOOP!

-  while (__AFL_LOOP(1000)) {  // increase if you have good stability
+  while (__AFL_LOOP(UINT_MAX)) {  // increase if you have good stability

    len = __AFL_FUZZ_TESTCASE_LEN;  // do not use the macro directly in a call!

--- a/utils/persistent_mode/test-instr.c
+++ b/utils/persistent_mode/test-instr.c
@ -17,15 +17,21 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <limits.h>

 __AFL_FUZZ_INIT();

+/* To ensure checks are not optimized out it is recommended to disable
+   code optimization for the fuzzer harness main() */
+#pragma clang optimize off
+#pragma GCC            optimize("O0")
+
 int main(int argc, char **argv) {

  __AFL_INIT();
  unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;

-  while (__AFL_LOOP(2147483647)) {  // MAX_INT if you have 100% stability
+  while (__AFL_LOOP(UINT_MAX)) {  // if you have 100% stability

    unsigned int len = __AFL_FUZZ_TESTCASE_LEN;