ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-10 09:11:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

AFL_IGNORE_SEED_PROBLEMS

Browse Source
This commit is contained in:
vanhauser-thc 2023-08-23 18:02:33 +02:00
parent d95cef8273
commit 549e5dd926
7 changed files with 59 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/Changelog.md
View File

@ -7,6 +7,8 @@
- afl-fuzz:
- added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`)
before terminating.
- added AFL_IGNORE_SEED_PROBLEMS to skip over seeds that time out instead
of exiting with an error message
- afl-whatsup:
- detect instanced that are starting up and show them as such as not dead
- now also shows coverage reached

3
docs/env_variables.md
View File

@ -327,6 +327,9 @@ checks or alter some of the more exotic semantics of the tool:
(`-i in`). This is an important feature to set when resuming a fuzzing
session.
- `AFL_IGNORE_SEED_PROBLEMS` will skip over crashes and timeouts in the seeds
instead of exiting.
- Setting `AFL_CRASH_EXITCODE` sets the exit code AFL++ treats as crash. For
example, if `AFL_CRASH_EXITCODE='-1'` is set, each input resulting in a `-1`
return code (i.e. `exit(-1)` got called), will be treated as if a crash had

7
include/afl-fuzz.h
View File

@ -1,4 +1,3 @@
/*
american fuzzy lop++ - fuzzer header
------------------------------------
@ -175,10 +174,10 @@ struct queue_entry {
stats_skipped, /* stats: how often skipped */
stats_finds, /* stats: # of saved finds */
stats_crashes, /* stats: # of saved crashes */
stats_tmouts, /* stats: # of saved timeouts */
stats_tmouts, /* stats: # of saved timeouts */
#endif
fuzz_level, /* Number of fuzzing iterations */
n_fuzz_entry; /* offset in n_fuzz */
n_fuzz_entry; /* offset in n_fuzz */
u64 exec_us, /* Execution time (us) */
handicap, /* Number of queue cycles behind */
@ -402,7 +401,7 @@ typedef struct afl_env_vars {
afl_keep_timeouts, afl_no_crash_readme, afl_ignore_timeouts,
afl_no_startup_calibration, afl_no_warn_instability,
afl_post_process_keep_original, afl_crashing_seeds_as_new_crash,
afl_final_sync;
afl_final_sync, afl_ignore_seed_problems;
u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
*afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload,

1
include/envs.h
View File

@ -113,6 +113,7 @@ static char *afl_environment_variables[] = {
"AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES",
"AFL_IGNORE_PROBLEMS",
"AFL_IGNORE_PROBLEMS_COVERAGE",
"AFL_IGNORE_SEED_PROBLEMS",
"AFL_IGNORE_TIMEOUTS",
"AFL_IGNORE_UNKNOWN_ENVS",
"AFL_IMPORT_FIRST",

53
src/afl-fuzz-init.c
View File

@ -951,19 +951,47 @@ void perform_dry_run(afl_state_t *afl) {
} else {
SAYF("\n" cLRD "[-] " cRST
"The program took more than %u ms to process one of the initial "
"test cases.\n"
" This is bad news; raising the limit with the -t option is "
"possible, but\n"
" will probably make the fuzzing process extremely slow.\n\n"
static int say_once = 0;
" If this test case is just a fluke, the other option is to "
"just avoid it\n"
" altogether, and find one that is less of a CPU hog.\n",
afl->fsrv.exec_tmout);
if (!say_once) {
FATAL("Test case '%s' results in a timeout", fn);
SAYF(
"\n" cLRD "[-] " cRST
"The program took more than %u ms to process one of the "
"initial "
"test cases.\n"
" This is bad news; raising the limit with the -t option is "
"possible, but\n"
" will probably make the fuzzing process extremely slow.\n\n"
" If this test case is just a fluke, the other option is to "
"just avoid it\n"
" altogether, and find one that is less of a CPU hog.\n",
afl->fsrv.exec_tmout);
if (!afl->afl_env.afl_ignore_seed_problems) {
FATAL("Test case '%s' results in a timeout", fn);
}
say_once = 1;
}
if (!q->was_fuzzed) {
q->was_fuzzed = 1;
--afl->pending_not_fuzzed;
--afl->active_items;
}
q->disabled = 1;
q->perf_score = 0;
WARNF("Test case '%s' results in a timeout, skipping", fn);
break;
}
@ -2270,7 +2298,8 @@ void check_crash_handling(void) {
reporting the awful way. */
#if !TARGET_OS_IPHONE
if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash\\>'")) return;
if (system("launchctl list 2>/dev/null | grep -q '\\.ReportCrash\\>'"))
return;
SAYF(
"\n" cLRD "[-] " cRST

7
src/afl-fuzz-state.c
View File

@ -316,6 +316,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
afl->afl_env.afl_ignore_problems =
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_IGNORE_SEED_PROBLEMS",
afl_environment_variable_len)) {
afl->afl_env.afl_ignore_seed_problems =
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_IGNORE_TIMEOUTS",
afl_environment_variable_len)) {

2
src/afl-fuzz.c
View File

@ -275,6 +275,8 @@ static void usage(u8 *argv0, int more_help) {
"AFL_IGNORE_PROBLEMS: do not abort fuzzing if an incorrect setup is detected\n"
"AFL_IGNORE_PROBLEMS_COVERAGE: if set in addition to AFL_IGNORE_PROBLEMS - also\n"
" ignore those libs for coverage\n"
"AFL_IGNORE_SEED_PROBLEMS: skip over crashes and timeouts in the seeds instead of\n"
" exiting\n"
"AFL_IGNORE_TIMEOUTS: do not process or save any timeouts\n"
"AFL_IGNORE_UNKNOWN_ENVS: don't warn on unknown env vars\n"
"AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n"