ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 12:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

rename path

Browse Source
This commit is contained in:
vanhauser-thc
2021-12-09 13:22:10 +01:00
parent 4c6d94ea5f
commit 9063002af2
16 changed files with 377 additions and 376 deletions
Download Patch File Download Diff File Expand all files Collapse all files

146
src/afl-fuzz-one.c
View File

@ -423,7 +423,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
} else if (!afl->non_instrumented_mode && !afl->queue_cur->favored &&
afl->queued_paths > 10) {
afl->queued_items > 10) {
/* Otherwise, still possibly skip non-favored cases, albeit less often.
The odds of skipping stuff are higher for already-fuzzed inputs and
@ -449,7 +449,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
ACTF(
"Fuzzing test case #%u (%u total, %llu uniq crashes found, "
"perf_score=%0.0f, exec_us=%llu, hits=%u, map=%u, ascii=%u)...",
afl->current_entry, afl->queued_paths, afl->unique_crashes,
afl->current_entry, afl->queued_items, afl->saved_crashes,
afl->queue_cur->perf_score, afl->queue_cur->exec_us,
likely(afl->n_fuzz) ? afl->n_fuzz[afl->queue_cur->n_fuzz_entry] : 0,
afl->queue_cur->bitmap_size, afl->queue_cur->is_ascii);
@ -492,7 +492,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
if (unlikely(afl->stop_soon) || res != afl->crash_mode) {
++afl->cur_skipped_paths;
++afl->cur_skipped_items;
goto abandon_entry;
}
@ -519,7 +519,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
if (unlikely(afl->stop_soon)) {
++afl->cur_skipped_paths;
++afl->cur_skipped_items;
goto abandon_entry;
}
@ -566,8 +566,8 @@ u8 fuzz_one_original(afl_state_t *afl) {
if (afl->cmplog_lvl == 3 ||
(afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) ||
afl->queue_cur->favored ||
!(afl->fsrv.total_execs % afl->queued_paths) ||
get_cur_time() - afl->last_path_time > 300000) { // 300 seconds
!(afl->fsrv.total_execs % afl->queued_items) ||
get_cur_time() - afl->last_find_time > 300000) { // 300 seconds
if (input_to_state_stage(afl, in_buf, out_buf, len)) {
@ -630,7 +630,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
afl->stage_val_type = STAGE_VAL_NONE;
orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
orig_hit_cnt = afl->queued_items + afl->saved_crashes;
prev_cksum = afl->queue_cur->exec_cksum;
@ -734,7 +734,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP1] += afl->stage_max;
@ -766,7 +766,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP2] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP2] += afl->stage_max;
@ -802,7 +802,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP4] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP4] += afl->stage_max;
@ -909,7 +909,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
afl->blocks_eff_total += EFF_ALEN(len);
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP8] += afl->stage_max;
@ -952,7 +952,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP16] += afl->stage_max;
@ -995,7 +995,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP32] += afl->stage_max;
@ -1087,7 +1087,7 @@ skip_bitflip:
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH8] += afl->stage_max;
@ -1217,7 +1217,7 @@ skip_bitflip:
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH16] += afl->stage_max;
@ -1346,7 +1346,7 @@ skip_bitflip:
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH32] += afl->stage_max;
@ -1412,7 +1412,7 @@ skip_arith:
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST8] += afl->stage_max;
@ -1500,7 +1500,7 @@ skip_arith:
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST16] += afl->stage_max;
@ -1589,7 +1589,7 @@ skip_arith:
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST32] += afl->stage_max;
@ -1662,7 +1662,7 @@ skip_interest:
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_UO] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_UO] += afl->stage_max;
@ -1718,7 +1718,7 @@ skip_interest:
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_UI] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_UI] += afl->stage_max;
@ -1776,7 +1776,7 @@ skip_user_extras:
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max;
@ -1806,7 +1806,7 @@ custom_mutator_stage:
const u32 max_seed_size = MAX_FILE, saved_max = afl->stage_max;
orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
orig_hit_cnt = afl->queued_items + afl->saved_crashes;
#ifdef INTROSPECTION
afl->mutation[0] = 0;
@ -1850,7 +1850,7 @@ custom_mutator_stage:
do {
tid = rand_below(afl, afl->queued_paths);
tid = rand_below(afl, afl->queued_items);
} while (unlikely(tid == afl->current_entry ||
@ -1890,7 +1890,7 @@ custom_mutator_stage:
/* If we're finding new stuff, let's run for a bit longer, limits
permitting. */
if (afl->queued_paths != havoc_queued) {
if (afl->queued_items != havoc_queued) {
if (perf_score <= afl->havoc_max_mult * 100) {
@ -1899,7 +1899,7 @@ custom_mutator_stage:
}
havoc_queued = afl->queued_paths;
havoc_queued = afl->queued_items;
}
@ -1926,7 +1926,7 @@ custom_mutator_stage:
if (!has_custom_fuzz) goto havoc_stage;
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_CUSTOM_MUTATOR] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_CUSTOM_MUTATOR] += afl->stage_max;
@ -1972,9 +1972,9 @@ havoc_stage:
temp_len = len;
orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
orig_hit_cnt = afl->queued_items + afl->saved_crashes;
havoc_queued = afl->queued_paths;
havoc_queued = afl->queued_items;
if (afl->custom_mutators_count) {
@ -2023,7 +2023,7 @@ havoc_stage:
}
if (unlikely(get_cur_time() - afl->last_path_time > 5000 /* 5 seconds */ &&
if (unlikely(get_cur_time() - afl->last_find_time > 5000 /* 5 seconds */ &&
afl->ready_for_splicing_count > 1)) {
/* add expensive havoc cases here if there is no findings in the last 5s */
@ -2669,7 +2669,7 @@ havoc_stage:
u32 tid;
do {
tid = rand_below(afl, afl->queued_paths);
tid = rand_below(afl, afl->queued_items);
} while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4);
@ -2757,7 +2757,7 @@ havoc_stage:
/* If we're finding new stuff, let's run for a bit longer, limits
permitting. */
if (afl->queued_paths != havoc_queued) {
if (afl->queued_items != havoc_queued) {
if (perf_score <= afl->havoc_max_mult * 100) {
@ -2766,13 +2766,13 @@ havoc_stage:
}
havoc_queued = afl->queued_paths;
havoc_queued = afl->queued_items;
}
}
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
if (!splice_cycle) {
@ -2821,7 +2821,7 @@ retry_splicing:
do {
tid = rand_below(afl, afl->queued_paths);
tid = rand_below(afl, afl->queued_items);
} while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4);
@ -2945,7 +2945,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} else if (!afl->non_instrumented_mode && !afl->queue_cur->favored &&
afl->queued_paths > 10) {
afl->queued_items > 10) {
/* Otherwise, still possibly skip non-favored cases, albeit less often.
The odds of skipping stuff are higher for already-fuzzed inputs and
@ -2969,7 +2969,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
if (afl->not_on_tty) {
ACTF("Fuzzing test case #%u (%u total, %llu uniq crashes found)...",
afl->current_entry, afl->queued_paths, afl->unique_crashes);
afl->current_entry, afl->queued_items, afl->saved_crashes);
fflush(stdout);
}
@ -3010,7 +3010,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
if (afl->stop_soon || res != afl->crash_mode) {
++afl->cur_skipped_paths;
++afl->cur_skipped_items;
goto abandon_entry;
}
@ -3037,7 +3037,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
if (unlikely(afl->stop_soon)) {
++afl->cur_skipped_paths;
++afl->cur_skipped_items;
goto abandon_entry;
}
@ -3082,8 +3082,8 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
if (afl->cmplog_lvl == 3 ||
(afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) ||
!(afl->fsrv.total_execs % afl->queued_paths) ||
get_cur_time() - afl->last_path_time > 300000) { // 300 seconds
!(afl->fsrv.total_execs % afl->queued_items) ||
get_cur_time() - afl->last_find_time > 300000) { // 300 seconds
if (input_to_state_stage(afl, in_buf, out_buf, len)) {
@ -3101,10 +3101,10 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
cur_ms_lv = get_cur_time();
if (!(afl->key_puppet == 0 &&
((cur_ms_lv - afl->last_path_time < (u32)afl->limit_time_puppet) ||
((cur_ms_lv - afl->last_find_time < (u32)afl->limit_time_puppet) ||
(afl->last_crash_time != 0 &&
cur_ms_lv - afl->last_crash_time < (u32)afl->limit_time_puppet) ||
afl->last_path_time == 0))) {
afl->last_find_time == 0))) {
afl->key_puppet = 1;
goto pacemaker_fuzzing;
@ -3156,7 +3156,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
afl->stage_val_type = STAGE_VAL_NONE;
orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
orig_hit_cnt = afl->queued_items + afl->saved_crashes;
prev_cksum = afl->queue_cur->exec_cksum;
@ -3259,7 +3259,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} /* for afl->stage_cur */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP1] += afl->stage_max;
@ -3290,7 +3290,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} /* for afl->stage_cur */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP2] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP2] += afl->stage_max;
@ -3325,7 +3325,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} /* for afl->stage_cur */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP4] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP4] += afl->stage_max;
@ -3431,7 +3431,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
afl->blocks_eff_total += EFF_ALEN(len);
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP8] += afl->stage_max;
@ -3473,7 +3473,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} /* for i = 0; i < len */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP16] += afl->stage_max;
@ -3515,7 +3515,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
} /* for i = 0; i < len - 3 */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_FLIP32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_FLIP32] += afl->stage_max;
@ -3605,7 +3605,7 @@ skip_bitflip:
} /* for i = 0; i < len */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH8] += afl->stage_max;
@ -3731,7 +3731,7 @@ skip_bitflip:
} /* for i = 0; i < len - 1 */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH16] += afl->stage_max;
@ -3856,7 +3856,7 @@ skip_bitflip:
} /* for i = 0; i < len - 3 */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_ARITH32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_ARITH32] += afl->stage_max;
@ -3921,7 +3921,7 @@ skip_arith:
} /* for i = 0; i < len */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST8] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST8] += afl->stage_max;
@ -4007,7 +4007,7 @@ skip_arith:
} /* for i = 0; i < len - 1 */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST16] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST16] += afl->stage_max;
@ -4094,7 +4094,7 @@ skip_arith:
} /* for i = 0; i < len - 3 */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_INTEREST32] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_INTEREST32] += afl->stage_max;
@ -4167,7 +4167,7 @@ skip_interest:
} /* for i = 0; i < len */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_UO] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_UO] += afl->stage_max;
@ -4223,7 +4223,7 @@ skip_interest:
} /* for i = 0; i <= len */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_UI] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_UI] += afl->stage_max;
@ -4282,7 +4282,7 @@ skip_user_extras:
} /* for i = 0; i < len */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
afl->stage_finds[STAGE_EXTRAS_AO] += new_hit_cnt - orig_hit_cnt;
afl->stage_cycles[STAGE_EXTRAS_AO] += afl->stage_max;
@ -4335,7 +4335,7 @@ pacemaker_fuzzing:
if (unlikely(afl->orig_hit_cnt_puppet == 0)) {
afl->orig_hit_cnt_puppet = afl->queued_paths + afl->unique_crashes;
afl->orig_hit_cnt_puppet = afl->queued_items + afl->saved_crashes;
afl->last_limit_time_start = get_cur_time();
afl->SPLICE_CYCLES_puppet =
(rand_below(
@ -4380,9 +4380,9 @@ pacemaker_fuzzing:
temp_len = len;
orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
orig_hit_cnt = afl->queued_items + afl->saved_crashes;
havoc_queued = afl->queued_paths;
havoc_queued = afl->queued_items;
u32 r_max;
@ -4948,7 +4948,7 @@ pacemaker_fuzzing:
u32 tid;
do {
tid = rand_below(afl, afl->queued_paths);
tid = rand_below(afl, afl->queued_items);
} while (tid == afl->current_entry ||
@ -5029,7 +5029,7 @@ pacemaker_fuzzing:
++*MOpt_globals.pTime;
u64 temp_total_found = afl->queued_paths + afl->unique_crashes;
u64 temp_total_found = afl->queued_items + afl->saved_crashes;
if (common_fuzz_stuff(afl, out_buf, temp_len)) {
@ -5048,7 +5048,7 @@ pacemaker_fuzzing:
/* If we're finding new stuff, let's run for a bit longer, limits
permitting. */
if (afl->queued_paths != havoc_queued) {
if (afl->queued_items != havoc_queued) {
if (perf_score <= afl->havoc_max_mult * 100) {
@ -5057,15 +5057,15 @@ pacemaker_fuzzing:
}
havoc_queued = afl->queued_paths;
havoc_queued = afl->queued_items;
}
if (unlikely(afl->queued_paths + afl->unique_crashes >
if (unlikely(afl->queued_items + afl->saved_crashes >
temp_total_found)) {
u64 temp_temp_puppet =
afl->queued_paths + afl->unique_crashes - temp_total_found;
afl->queued_items + afl->saved_crashes - temp_total_found;
afl->total_puppet_find = afl->total_puppet_find + temp_temp_puppet;
if (MOpt_globals.is_pilot_mode) {
@ -5099,7 +5099,7 @@ pacemaker_fuzzing:
++afl->stage_cur) { */
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
if (MOpt_globals.is_pilot_mode) {
@ -5149,7 +5149,7 @@ pacemaker_fuzzing:
do {
tid = rand_below(afl, afl->queued_paths);
tid = rand_below(afl, afl->queued_items);
} while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4);
@ -5235,8 +5235,8 @@ pacemaker_fuzzing:
if (afl->key_puppet == 1) {
if (unlikely(
afl->queued_paths + afl->unique_crashes >
((afl->queued_paths + afl->unique_crashes) * limit_time_bound +
afl->queued_items + afl->saved_crashes >
((afl->queued_items + afl->saved_crashes) * limit_time_bound +
afl->orig_hit_cnt_puppet))) {
afl->key_puppet = 0;
@ -5251,7 +5251,7 @@ pacemaker_fuzzing:
afl->total_pacemaker_time += *MOpt_globals.pTime;
*MOpt_globals.pTime = 0;
new_hit_cnt = afl->queued_paths + afl->unique_crashes;
new_hit_cnt = afl->queued_items + afl->saved_crashes;
if (MOpt_globals.is_pilot_mode) {