Merge branch 'replay' into tmp

2025-06-17 12:18:08 +00:00 · 2021-03-24 18:19:13 +01:00
parent 7dc4847869 958436be4b
commit 6e2a0ef233
8 changed files with 183 additions and 9 deletions
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -390,7 +390,7 @@ typedef struct afl_env_vars {
      *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload,
      *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port,
      *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size,
-      *afl_testcache_entries, *afl_kill_signal, *afl_target_env;
+      *afl_testcache_entries, *afl_kill_signal, *afl_target_env, *afl_persistent_record;

 } afl_env_vars_t;

--- a/include/config.h
+++ b/include/config.h
@ -73,6 +73,15 @@

 /* Now non-cmplog configuration options */

+
+/* If a persistent target keeps state and found crashes are not reproducable
+   then enable this option and set the AFL_PERSISTENT_RECORD env variable
+   to a number. These number of testcases prior the crash will be kept and
+   also written to the crash/ directory */
+
+#define AFL_PERSISTENT_RECORD
+
+
 /* console output colors: There are three ways to configure its behavior
 * 1. default: colored outputs fixed on: defined USE_COLOR && defined
 * ALWAYS_COLORED The env var. AFL_NO_COLOR will have no effect
--- a/include/envs.h
+++ b/include/envs.h
@ -130,6 +130,7 @@ static char *afl_environment_variables[] = {
    "AFL_PASSTHROUGH",
    "AFL_PATH",
    "AFL_PERFORMANCE_FILE",
+    "AFL_PERSISTENT_RECORD",
    "AFL_PRELOAD",
    "AFL_TARGET_ENV",
    "AFL_PYTHON_MODULE",
--- a/include/forkserver.h
+++ b/include/forkserver.h
@ -94,6 +94,15 @@ typedef struct afl_forkserver {

  char *cmplog_binary;                  /* the name of the cmplog binary    */

+  /* persistent mode replay functionality */
+  u32   persistent_record;              /* persistent replay setting        */
+  u32   persistent_record_idx;          /* persistent replay cache ptr      */
+  u32   persistent_record_cnt;          /* persistent replay counter        */
+  u8 *  persistent_record_dir;
+  u8 ** persistent_record_data;
+  u32 * persistent_record_len;
+  s32   persistent_record_pid;
+
  /* Function to kick off the forkserver child */
  void (*init_child_func)(struct afl_forkserver *fsrv, char **argv);