ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 03:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

add AFL_FINAL_SYNC

Browse Source
This commit is contained in:
marc
2023-08-11 11:22:18 +02:00
parent 1cd9258768
commit 8823f22a9c
6 changed files with 31 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/Changelog.md
View File

@ -4,7 +4,9 @@
release of the tool. See README.md for the general instruction manual. release of the tool. See README.md for the general instruction manual.
### Version ++4.09a (dev) ### Version ++4.09a (dev)
- something cool :-) - afl-fuzz:
- added `AFL_FINAL_SYNC` which forces a final fuzzer sync (also for `-F`)
before terminating.
### Version ++4.08c (release) ### Version ++4.08c (release)
@ -22,7 +24,6 @@
- -l X option to enable base64 transformation solving - -l X option to enable base64 transformation solving
- allow to disable CMPLOG with '-c -' (e.g. afl.rs enforces '-c 0' on - allow to disable CMPLOG with '-c -' (e.g. afl.rs enforces '-c 0' on
every instance which is counterproductive). every instance which is counterproductive).
- afl-cmin/afl-cmin.bash: - afl-cmin/afl-cmin.bash:
- fixed a bug inherited from vanilla AFL where a coverage of - fixed a bug inherited from vanilla AFL where a coverage of
map[123] = 11 would be the same as map[1123] = 1 map[123] = 11 would be the same as map[1123] = 1
@ -40,7 +41,6 @@
- qemu_mode: - qemu_mode:
- added qemu_mode/utils/qemu_get_symbol_addr.sh - added qemu_mode/utils/qemu_get_symbol_addr.sh
### Version ++4.07c (release) ### Version ++4.07c (release)
- afl-fuzz: - afl-fuzz:
- reverse reading the seeds only on restarts (increases performance) - reverse reading the seeds only on restarts (increases performance)
@ -69,7 +69,6 @@
- TritonDSE in custom_mutators/aflpp_tritondse - TritonDSE in custom_mutators/aflpp_tritondse
- SymQEMU in custom_mutators/symqemu - SymQEMU in custom_mutators/symqemu
### Version ++4.06c (release) ### Version ++4.06c (release)
- afl-fuzz: - afl-fuzz:
- ensure temporary file descriptor is closed when not used - ensure temporary file descriptor is closed when not used

13
docs/env_variables.md
View File

@ -412,10 +412,15 @@ checks or alter some of the more exotic semantics of the tool:
set `AFL_IGNORE_PROBLEMS`. If you additionally want to also ignore coverage set `AFL_IGNORE_PROBLEMS`. If you additionally want to also ignore coverage
from late loaded libraries, you can set `AFL_IGNORE_PROBLEMS_COVERAGE`. from late loaded libraries, you can set `AFL_IGNORE_PROBLEMS_COVERAGE`.
- When running in the `-M` or `-S` mode, setting `AFL_IMPORT_FIRST` causes the - When running with multiple afl-fuzz or with `-F`, setting `AFL_IMPORT_FIRST`
fuzzer to import test cases from other instances before doing anything else. causes the fuzzer to import test cases from other instances before doing
This makes the "own finds" counter in the UI more accurate. Beyond counter anything else. This makes the "own finds" counter in the UI more accurate.
aesthetics, not much else should change.
- When running with multiple afl-fuzz or with `-F`, setting `AFL_FINAL_SYNC`
will cause the fuzzer to perform a final import of test cases when
terminating. This is beneficial for `-M` main fuzzers to ensure it has all
unique test cases and hence you only need to `afl-cmin` this single
queue.
- Setting `AFL_INPUT_LEN_MIN` and `AFL_INPUT_LEN_MAX` are an alternative to - Setting `AFL_INPUT_LEN_MIN` and `AFL_INPUT_LEN_MAX` are an alternative to
the afl-fuzz -g/-G command line option to control the minimum/maximum the afl-fuzz -g/-G command line option to control the minimum/maximum

3
include/afl-fuzz.h
View File

@ -402,7 +402,8 @@ typedef struct afl_env_vars {
afl_exit_on_seed_issues, afl_try_affinity, afl_ignore_problems, afl_exit_on_seed_issues, afl_try_affinity, afl_ignore_problems,
afl_keep_timeouts, afl_no_crash_readme, afl_ignore_timeouts, afl_keep_timeouts, afl_no_crash_readme, afl_ignore_timeouts,
afl_no_startup_calibration, afl_no_warn_instability, afl_no_startup_calibration, afl_no_warn_instability,
afl_post_process_keep_original, afl_crashing_seeds_as_new_crash; afl_post_process_keep_original, afl_crashing_seeds_as_new_crash,
afl_final_sync;
u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
*afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload,

1
include/envs.h
View File

@ -59,6 +59,7 @@ static char *afl_environment_variables[] = {
"AFL_EXIT_ON_TIME", "AFL_EXIT_ON_TIME",
"AFL_EXIT_ON_SEED_ISSUES", "AFL_EXIT_ON_SEED_ISSUES",
"AFL_FAST_CAL", "AFL_FAST_CAL",
"AFL_FINAL_SYNC",
"AFL_FORCE_UI", "AFL_FORCE_UI",
"AFL_FRIDA_DEBUG_MAPS", "AFL_FRIDA_DEBUG_MAPS",
"AFL_FRIDA_DRIVER_NO_HOOK", "AFL_FRIDA_DRIVER_NO_HOOK",

7
src/afl-fuzz-state.c
View File

@ -269,6 +269,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
afl->afl_env.afl_import_first = afl->afl_env.afl_import_first =
get_afl_env(afl_environment_variables[i]) ? 1 : 0; get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_FINAL_SYNC",
afl_environment_variable_len)) {
afl->afl_env.afl_final_sync =
get_afl_env(afl_environment_variables[i]) ? 1 : 0;
} else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_ONLY", } else if (!strncmp(env, "AFL_CUSTOM_MUTATOR_ONLY",
afl_environment_variable_len)) { afl_environment_variable_len)) {

9
src/afl-fuzz.c
View File

@ -2899,6 +2899,15 @@ stop_fuzzing:
time_spent_working / afl->fsrv.total_execs); time_spent_working / afl->fsrv.total_execs);
#endif #endif
if (afl->afl_env.afl_final_sync) {
SAYF(cYEL "[!] " cRST "\nPerforming final sync, this make take some time ...\n");
sync_fuzzers(afl);
write_bitmap(afl);
SAYF(cYEL "[!] " cRST "Done!\n\n");
}
if (afl->is_main_node) { if (afl->is_main_node) {
u8 path[PATH_MAX]; u8 path[PATH_MAX];