fixed bug in cmplog

include/afl-fuzz.h

@@ -484,11 +484,6 @@ typedef struct afl_state {
       unique_tmouts,                    /* Timeouts with unique signatures  */
       unique_hangs,                     /* Hangs with unique signatures     */
       total_execs,                      /* Total execve() calls             */
-      slowest_exec_ms,                  /* Slowest testcase non hang in ms  */
-      start_time,                       /* Unix start time (ms)             */
-      last_path_time,                   /* Time for most recent path (ms)   */
-      last_crash_time,                  /* Time for most recent crash (ms)  */
-      last_hang_time,                   /* Time for most recent hang (ms)   */
       last_crash_execs,                 /* Exec counter at last crash       */
       queue_cycle,                      /* Queue round counter              */
       cycles_wo_finds,                  /* Cycles without any new paths     */
@@ -496,9 +491,14 @@ typedef struct afl_state {
       bytes_trim_in,                    /* Bytes coming into the trimmer    */
       bytes_trim_out,                   /* Bytes coming outa the trimmer    */
       blocks_eff_total,                 /* Blocks subject to effector maps  */
-      blocks_eff_select;                /* Blocks selected as fuzzable      */
+      blocks_eff_select,                /* Blocks selected as fuzzable      */
+      start_time,                       /* Unix start time (ms)             */
+      last_path_time,                   /* Time for most recent path (ms)   */
+      last_crash_time,                  /* Time for most recent crash (ms)  */
+      last_hang_time;                   /* Time for most recent hang (ms)   */
 
-  u32 subseq_tmouts;                    /* Number of timeouts in a row      */
+  u32 slowest_exec_ms,                  /* Slowest testcase non hang in ms  */
+      subseq_tmouts;                    /* Number of timeouts in a row      */
 
   u8 *stage_name,                       /* Name of the current fuzz stage   */
       *stage_short,                     /* Short stage name                 */

src/afl-fuzz-cmplog.c

@@ -187,13 +187,13 @@ void init_cmplog_forkserver(afl_state_t *afl) {
     rlen = 4;
     u32 timeout_ms = afl->fsrv.exec_tmout * FORK_WAIT_MULT;
     /* Reuse readfds as exceptfds to see when the child closed the pipe */
-    u32 time_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, rlen, timeout_ms);
+    u32 exec_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, rlen, timeout_ms);
 
-    if (!time_ms) {
+    if (!exec_ms) {
 
       PFATAL("Error in timed read");
 
-    } else if (time_ms > timeout_ms) {
+    } else if (exec_ms > timeout_ms) {
 
       afl->fsrv.child_timed_out = 1;
       kill(afl->cmplog_fsrv_pid, SIGKILL);
@@ -377,7 +377,7 @@ void init_cmplog_forkserver(afl_state_t *afl) {
 u8 run_cmplog_target(afl_state_t *afl, u32 timeout) {
 
   int status = 0;
-  u64 exec_ms;
+  u32 exec_ms;
 
   u32 tb4;
   s32 res;
@@ -416,9 +416,9 @@ u8 run_cmplog_target(afl_state_t *afl, u32 timeout) {
 
   /* Configure timeout, as requested by user, then wait for child to terminate.
    */
-  u32 time_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, 4, timeout);
+  exec_ms = read_timed(afl->cmplog_fsrv_st_fd, &status, 4, timeout);
 
-  if (time_ms > timeout) {
+  if (exec_ms > timeout) {
 
     /* If there was no response from forkserver after timeout seconds,
     we kill the child. The forkserver should inform us afterwards */
@@ -427,11 +427,11 @@ u8 run_cmplog_target(afl_state_t *afl, u32 timeout) {
     afl->fsrv.child_timed_out = 1;
 
     /* After killing the child, the forkserver should tell us */
-    if (!read(afl->cmplog_fsrv_st_fd, &status, 4)) time_ms = 0;
+    if (!read(afl->cmplog_fsrv_st_fd, &status, 4)) exec_ms = 0;
 
   }
 
-  if (!time_ms) {  // Something went wrong.
+  if (!exec_ms) {  // Something went wrong.
 
     if (afl->stop_soon) return 0;
     SAYF("\n" cLRD "[-] " cRST

src/afl-fuzz-run.c

@@ -33,7 +33,7 @@
 u8 run_target(afl_state_t *afl, u32 timeout) {
 
   s32 res;
-  u32 time_ms;
+  u32 exec_ms;
 
   int status = 0;
   u32 tb4;
@@ -67,20 +67,20 @@ u8 run_target(afl_state_t *afl, u32 timeout) {
 
   if (afl->fsrv.child_pid <= 0) FATAL("Fork server is misbehaving (OOM?)");
 
-  time_ms = read_timed(afl->fsrv.fsrv_st_fd, &status, 4, timeout);
+  exec_ms = read_timed(afl->fsrv.fsrv_st_fd, &status, 4, timeout);
 
-  if (time_ms > timeout) {
+  if (exec_ms > timeout) {
 
     /* If there was no response from forkserver after timeout seconds,
     we kill the child. The forkserver should inform us afterwards */
 
     kill(afl->fsrv.child_pid, SIGKILL);
     afl->fsrv.child_timed_out = 1;
-    if (read(afl->fsrv.fsrv_st_fd, &status, 4) < 4) time_ms = 0;
+    if (read(afl->fsrv.fsrv_st_fd, &status, 4) < 4) exec_ms = 0;
 
   }
 
-  if (!time_ms) {
+  if (!exec_ms) {
 
     if (afl->stop_soon) return 0;
     SAYF("\n" cLRD "[-] " cRST

src/afl-fuzz-stats.c

@@ -95,7 +95,7 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
       "last_hang         : %llu\n"
       "execs_since_crash : %llu\n"
       "exec_timeout      : %u\n"
-      "slowest_exec_ms   : %llu\n"
+      "slowest_exec_ms   : %u\n"
       "peak_rss_mb       : %lu\n"
       "afl_banner        : %s\n"
       "afl_version       : " VERSION