configurable testcache with malloc (#581)

* cache item number to cache memory size * reload testcase if trimming changed the size * fix splicing selection * slim splicing * import sync fix * write testcache stats to fuzzer_stats * fix new seed selection algo * malloc+read instead of mmap * fix * testcache is configurable now and no reference counts * fixes compilation, test script * fixes * switch TEST_CC to afl-cc in makefile * code format * fix * fix crash * fix crash * fix env help output * remove unnecessary pointer resets * fix endless loop bug * actually use the cache if set * one more fix * increase default cache entries, add default cache size value to config.h Co-authored-by: hexcoder- <heiko@hexco.de>
2025-06-14 11:08:06 +00:00 · 2020-10-14 15:30:30 +02:00
parent c20ba2c2c5
commit 56ac3fcdc5
13 changed files with 276 additions and 163 deletions
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@ -692,6 +692,8 @@ void sync_fuzzers(afl_state_t *afl) {

 u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {

+  u32 orig_len = q->len;
+
  /* Custom mutator trimmer */
  if (afl->custom_mutators_count) {

@ -709,6 +711,8 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {

    });

+    if (orig_len != q->len) { queue_testcase_retake(afl, q, orig_len); }
+
    if (custom_trimmed) return trimmed_case;

  }
@ -842,6 +846,8 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) {

    close(fd);

+    if (orig_len != q->len) queue_testcase_retake(afl, q, orig_len);
+
    memcpy(afl->fsrv.trace_bits, afl->clean_trace, afl->fsrv.map_size);
    update_bitmap_score(afl, q);