turn off map size detection if skip_bin_check is set

2025-06-09 08:41:32 +00:00 · 2021-05-22 12:15:09 +02:00 · 2021-05-22 12:15:09 +02:00 · 58e39ecd8f
commit 58e39ecd8f
parent 9e6e7e8fe8
3 changed files with 8 additions and 5 deletions
--- a/docs/env_variables.md
+++ b/docs/env_variables.md
@ -355,6 +355,7 @@ checks or alter some of the more exotic semantics of the tool:
    and shell scripts; and `AFL_DUMB_FORKSRV` in conjunction with the `-n`
    setting to instruct afl-fuzz to still follow the fork server protocol
    without expecting any instrumentation data in return.
+    Note that this also turns off auto map size detection.

  - When running in the `-M` or `-S` mode, setting `AFL_IMPORT_FIRST` causes the
    fuzzer to import test cases from other instances before doing anything
--- a/src/afl-common.c
+++ b/src/afl-common.c
@ -1110,6 +1110,10 @@ u32 get_map_size(void) {

    if (map_size % 64) { map_size = (((map_size >> 6) + 1) << 6); }

+  } else if (getenv("AFL_SKIP_BIN_CHECK")) {
+
+    map_size = MAP_SIZE;
+
  }

  return map_size;
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@ -238,7 +238,7 @@ static void usage(u8 *argv0, int more_help) {
      "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n"
      "AFL_TARGET_ENV: pass extra environment variables to target\n"
      "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n"
-      "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n"
+      "AFL_SKIP_BIN_CHECK: skip afl compatability checks, also disables auto map size\n"
      "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n"
      "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n"
      "AFL_STATSD: enables StatsD metrics collection\n"
@ -1718,8 +1718,7 @@ int main(int argc, char **argv_orig, char **envp) {

  if (!afl->non_instrumented_mode && !afl->fsrv.qemu_mode &&
      !afl->unicorn_mode && !afl->fsrv.frida_mode &&
-      !((map_size == MAP_SIZE || map_size == 65536) &&
-        afl->afl_env.afl_skip_bin_check)) {
+      !afl->afl_env.afl_skip_bin_check) {

    if (map_size <= DEFAULT_SHMEM_SIZE) {

@ -1780,8 +1779,7 @@ int main(int argc, char **argv_orig, char **envp) {
         afl->cmplog_fsrv.map_size < map_size) &&
        !afl->non_instrumented_mode && !afl->fsrv.qemu_mode &&
        !afl->fsrv.frida_mode && !afl->unicorn_mode &&
-        !((map_size == MAP_SIZE || map_size == 65536) &&
-          afl->afl_env.afl_skip_bin_check)) {
+        !afl->afl_env.afl_skip_bin_check) {

      afl->cmplog_fsrv.map_size = MAX(map_size, (u32)DEFAULT_SHMEM_SIZE);
      char vbuf[16];