From 4ffa5b06360364936fa0c17fa8851fbaf4ea6581 Mon Sep 17 00:00:00 2001
From: van Hauser <vh@thc.org>
Date: Sun, 26 Apr 2020 18:42:42 +0200
Subject: [PATCH 1/2] fix negative stability bug (hopefully)

---
 docs/Changelog.md  | 2 ++
 src/afl-fuzz-run.c | 7 ++++---
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/docs/Changelog.md b/docs/Changelog.md
index 71de0984..da28ce53 100644
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@@ -13,6 +13,8 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
   - afl-fuzz:
      - AFL_MAP_SIZE was not working correctly
      - better python detection
+     - an old, old bug in afl that would show negative stability in rare
+       circumstances is now hopefully fixed
   - llvm_mode:
      - if LLVM 11 is installed the posix shm_open+mmap is used and a fixed
        address for the shared memory map is used as this increases the
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index bf8c4ec0..692026d4 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -193,6 +193,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
   if (q->exec_cksum) {
 
     memcpy(afl->first_trace, afl->fsrv.trace_bits, afl->fsrv.map_size);
+    u8 hnb = has_new_bits(afl, afl->virgin_bits);
+    if (hnb > new_bits) { new_bits = hnb; }
 
   }
 
@@ -226,12 +228,11 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
     }
 
     cksum = hash32(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
+    u8 hnb = has_new_bits(afl, afl->virgin_bits);
+    if (hnb > new_bits) { new_bits = hnb; }
 
     if (q->exec_cksum != cksum) {
 
-      u8 hnb = has_new_bits(afl, afl->virgin_bits);
-      if (hnb > new_bits) { new_bits = hnb; }
-
       if (q->exec_cksum) {
 
         u32 i;

From a46fe3ad430901023684e59f138d1b8ddcb246b8 Mon Sep 17 00:00:00 2001
From: hexcoder- <heiko@hexco.de>
Date: Mon, 27 Apr 2020 06:51:45 +0200
Subject: [PATCH 2/2] fix for older llvm versions

---
 llvm_mode/afl-llvm-common.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/llvm_mode/afl-llvm-common.cc b/llvm_mode/afl-llvm-common.cc
index 9b7a444a..04dd9475 100644
--- a/llvm_mode/afl-llvm-common.cc
+++ b/llvm_mode/afl-llvm-common.cc
@@ -12,6 +12,7 @@
 #include <string>
 #include <fstream>
 
+#include <llvm/Support/raw_ostream.h>
 #include "afl-llvm-common.h"
 
 using namespace llvm;