ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-12 18:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix lto cmplog stability issue

Browse Source
This commit is contained in:
vanhauser-thc
2021-10-15 11:25:02 +02:00
parent 17c59de1c2
commit 3deca3b09b
5 changed files with 32 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
custom_mutators/grammar_mutator/grammar_mutator

Submodule custom_mutators/grammar_mutator/grammar_mutator updated: eedf07ddb0...b79d51a8da

1
docs/Changelog.md
View File

@ -16,6 +16,7 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- fix a regression introduced in 3.10 that resulted in less - fix a regression introduced in 3.10 that resulted in less
coverage being detected. thanks to Collin May for reporting! coverage being detected. thanks to Collin May for reporting!
- fix -n dumb mode (nobody should use this) - fix -n dumb mode (nobody should use this)
- fix stability issue with LTO and cmplog
- afl-showmap, afl-tmin and afl-analyze now honor persistent mode - afl-showmap, afl-tmin and afl-analyze now honor persistent mode
for more speed. thanks to dloffre-snl for reporting! for more speed. thanks to dloffre-snl for reporting!
- Prevent accidently killing non-afl/fuzz services when aborting - Prevent accidently killing non-afl/fuzz services when aborting

2
qemu_mode/qemuafl

Submodule qemu_mode/qemuafl updated: a6758d1cc3...71ed0d206f

30
src/afl-fuzz-run.c
View File

@ -291,8 +291,6 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at,
u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
u32 handicap, u8 from_queue) { u32 handicap, u8 from_queue) {
if (unlikely(afl->shm.cmplog_mode)) { q->exec_cksum = 0; }
u8 fault = 0, new_bits = 0, var_detected = 0, hnb = 0, u8 fault = 0, new_bits = 0, var_detected = 0, hnb = 0,
first_run = (q->exec_cksum == 0); first_run = (q->exec_cksum == 0);
u64 start_us, stop_us, diff_us; u64 start_us, stop_us, diff_us;
@ -300,6 +298,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
u32 use_tmout = afl->fsrv.exec_tmout; u32 use_tmout = afl->fsrv.exec_tmout;
u8 *old_sn = afl->stage_name; u8 *old_sn = afl->stage_name;
if (unlikely(afl->shm.cmplog_mode)) { q->exec_cksum = 0; }
/* Be a bit more generous about timeouts when resuming sessions, or when /* Be a bit more generous about timeouts when resuming sessions, or when
trying to calibrate already-added finds. This helps avoid trouble due trying to calibrate already-added finds. This helps avoid trouble due
to intermittent latency. */ to intermittent latency. */
@ -343,6 +343,32 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
} }
/* we need a dummy run if this is LTO + cmplog */
if (unlikely(afl->shm.cmplog_mode)) {
write_to_testcase(afl, use_mem, q->len);
fault = fuzz_run_target(afl, &afl->fsrv, use_tmout);
/* afl->stop_soon is set by the handler for Ctrl+C. When it's pressed,
we want to bail out quickly. */
if (afl->stop_soon || fault != afl->crash_mode) { goto abort_calibration; }
if (!afl->non_instrumented_mode && !afl->stage_cur &&
!count_bytes(afl, afl->fsrv.trace_bits)) {
fault = FSRV_RUN_NOINST;
goto abort_calibration;
}
#ifdef INTROSPECTION
if (unlikely(!q->bitsmap_size)) q->bitsmap_size = afl->bitsmap_size;
#endif
}
if (q->exec_cksum) { if (q->exec_cksum) {
memcpy(afl->first_trace, afl->fsrv.trace_bits, afl->fsrv.map_size); memcpy(afl->first_trace, afl->fsrv.trace_bits, afl->fsrv.map_size);

2
unicorn_mode/unicornafl

Submodule unicorn_mode/unicornafl updated: d4915053d4...f1c853648a