ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

disable trimming for -M

Browse Source
This commit is contained in:
van Hauser
2021-01-31 13:03:00 +01:00
parent 9d08f0d098
commit 893cd47d9c
3 changed files with 5 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -55,6 +55,7 @@ behaviours and defaults:
* a caching of testcases can now be performed and can be modified by * a caching of testcases can now be performed and can be modified by
editing config.h for TESTCASE_CACHE or by specifying the env variable editing config.h for TESTCASE_CACHE or by specifying the env variable
`AFL_TESTCACHE_SIZE` (in MB). Good values are between 50-500 (default: 50). `AFL_TESTCACHE_SIZE` (in MB). Good values are between 50-500 (default: 50).
* -M mains do not perform trimming
* examples/ got renamed to utils/ * examples/ got renamed to utils/
* libtokencap/ libdislocator/ and qdbi_mode/ were moved to utils/ * libtokencap/ libdislocator/ and qdbi_mode/ were moved to utils/
* afl-cmin/afl-cmin.bash now search first in PATH and last in AFL_PATH * afl-cmin/afl-cmin.bash now search first in PATH and last in AFL_PATH

15
docs/ideas.md
View File

@ -16,6 +16,8 @@ test cases executed.
It should be clickable which value is X and Y axis, zoom factor, log scaling It should be clickable which value is X and Y axis, zoom factor, log scaling
on-off, etc. on-off, etc.
Mentor: vanhauser-thc
## WASM Instrumentation ## WASM Instrumentation
Currently, AFL++ can be used for source code fuzzing and traditional binaries. Currently, AFL++ can be used for source code fuzzing and traditional binaries.
@ -36,19 +38,6 @@ Either improve a single mutator thorugh learning of many different bugs
Mentor: domenukk Mentor: domenukk
## Collision-free Binary-Only Maps
AFL++ supports collison-free maps using an LTO (link-time-optimization) pass.
This should be possible to implement for QEMU and Unicorn instrumentations.
As the forkserver parent caches just in time translated translation blocks,
adding a simple counter between jumps should be doable.
Note: this is already in development for qemu by Andrea, so for people who
want to contribute it might make more sense to port his solution to unicorn.
Mentor: andreafioraldi or domenukk
Issue/idea tracker: [https://github.com/AFLplusplus/AFLplusplus/issues/237](https://github.com/AFLplusplus/AFLplusplus/issues/237)
## Your idea! ## Your idea!
Finally, we are open to proposals! Finally, we are open to proposals!

3
src/afl-fuzz.c
View File

@ -145,7 +145,7 @@ static void usage(u8 *argv0, int more_help) {
"Other stuff:\n" "Other stuff:\n"
" -M/-S id - distributed mode (see docs/parallel_fuzzing.md)\n" " -M/-S id - distributed mode (see docs/parallel_fuzzing.md)\n"
" -M auto-sets -D and -Z (use -d to disable -D)\n" " -M auto-sets -D, -Z (use -d to disable -D) and no trimming\n"
" -F path - sync to a foreign fuzzer queue directory (requires " " -F path - sync to a foreign fuzzer queue directory (requires "
"-M, can\n" "-M, can\n"
" be specified up to %u times)\n" " be specified up to %u times)\n"
@ -502,6 +502,7 @@ int main(int argc, char **argv_orig, char **envp) {
afl->sync_id = ck_strdup(optarg); afl->sync_id = ck_strdup(optarg);
afl->skip_deterministic = 0; // force deterministic fuzzing afl->skip_deterministic = 0; // force deterministic fuzzing
afl->old_seed_selection = 1; // force old queue walking seed selection afl->old_seed_selection = 1; // force old queue walking seed selection
afl->disable_trim = 1; // disable trimming
if ((c = strchr(afl->sync_id, ':'))) { if ((c = strchr(afl->sync_id, ':'))) {