Merge pull request #2428 from AFLplusplus/dev

push to stable
2025-06-11 01:31:37 +00:00 · 2025-05-15 14:12:44 +02:00 · 2025-05-15 14:12:44 +02:00 · c2a026f68f
commit c2a026f68f
parent 875c3902f0 2a97350754
3 changed files with 40 additions and 35 deletions
--- a/16
+++ b/16
@ -76,14 +76,16 @@ ifdef IS_IOS
 endif

 ifeq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" ""
-ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=full -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
+ifndef ASAN_BUILD
+ ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=full -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
 	CFLAGS_FLTO ?= -flto=full
-else
- ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=thin -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
-	CFLAGS_FLTO ?= -flto=thin
 else
-  ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
+  ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=thin -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
+	CFLAGS_FLTO ?= -flto=thin
+  else
+   ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1"
 	CFLAGS_FLTO ?= -flto
+   endif
  endif
 endif
 endif
@ -313,8 +315,8 @@ ifeq "$(shell command -v svn >/dev/null && svn proplist . 2>/dev/null && echo 1
 endif

 ifeq "$(shell echo 'int main() { return 0;}' | $(CC) $(CFLAGS) -fsanitize=address -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1"
-	ASAN_CFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer -DASAN_BUILD
-	ASAN_LDFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer
+	ASAN_CFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer -DASAN_BUILD -fno-lto
+	ASAN_LDFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer -fno-lto
 endif

 ifeq "$(shell echo '$(HASH)include <sys/ipc.h>@$(HASH)include <sys/shm.h>@int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) $(CFLAGS) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1"
--- a/docs/Changelog.md
+++ b/docs/Changelog.md
@ -10,6 +10,7 @@
      to disable fork, see docs (thanks to @alexandredoyen29)
    - Fix for FAST power schedules (introduced in 4.32c) (thanks to @kcwu)
    - Colors for NO_UI output (thanks to @smoelius)
+    - Fix potential sync issues when resuming sessions
    - more 64 bit archicture support by @maribu
  - afl-cc:
    - Fix to make AFL_SAN_NO_INST work with gcc_plugin
--- a/src/afl-fuzz-init.c
+++ b/src/afl-fuzz-init.c
@ -760,21 +760,10 @@ void read_testcases(afl_state_t *afl, u8 *directory) {
  if (nl_cnt) {

    u32 done = 0;
-
-    if (unlikely(afl->in_place_resume)) {
-
-      i = nl_cnt;
-
-    } else {
-
-      i = 0;
-
-    }
+    i = 0;

    do {

-      if (unlikely(afl->in_place_resume)) { --i; }
-
      struct stat st;
      u8          dfn[PATH_MAX];
      snprintf(dfn, PATH_MAX, "%s/.state/deterministic_done/%s", afl->in_dir,
@ -854,22 +843,12 @@ void read_testcases(afl_state_t *afl, u8 *directory) {
      }

    next_entry:
-      if (unlikely(afl->in_place_resume)) {
-
-        if (unlikely(i == 0)) { done = 1; }
-
-      } else {
-
-        if (unlikely(++i >= (u32)nl_cnt)) { done = 1; }
-
-      }
+      if (unlikely(++i >= (u32)nl_cnt)) { done = 1; }

    } while (!done);

  }

-  // if (getenv("MYTEST")) afl->in_place_resume = 0;
-
  free(nl);                                                  /* not tracked */

  if (!afl->queued_items && directory == NULL) {
@ -913,9 +892,21 @@ void perform_dry_run(afl_state_t *afl) {

  struct queue_entry *q;
  u32                 cal_failures = 0, idx;
-  u8                 *use_mem;
+  u8                 *use_mem, done = 0;

-  for (idx = 0; idx < afl->queued_items; idx++) {
+  if (afl->in_place_resume) {
+
+    idx = afl->queued_items;
+
+  } else {
+
+    idx = 0;
+
+  }
+
+  do {
+
+    if (afl->in_place_resume) { --idx; }

    q = afl->queue_buf[idx];
    if (unlikely(!q || q->disabled)) { continue; }
@ -1382,7 +1373,17 @@ void perform_dry_run(afl_state_t *afl) {

    }

-  }
+    if (!afl->in_place_resume) {
+
+      if (++idx >= afl->queued_items) { done = 1; }
+
+    } else {
+
+      if (idx == 0) { done = 1; }
+
+    }
+
+  } while (!done);

  if (cal_failures) {

@ -1561,8 +1562,9 @@ void pivot_inputs(afl_state_t *afl) {
       ID matches the one we'd assign, just use the original file name.
       This is valuable for resuming fuzzing runs. */

-    if (!strncmp(rsl, CASE_PREFIX, 3) &&
-        sscanf(rsl + 3, "%06u", &orig_id) == 1 && orig_id == id) {
+    if (afl->in_place_resume ||
+        (!strncmp(rsl, CASE_PREFIX, 3) &&
+         sscanf(rsl + 3, "%06u", &orig_id) == 1 && orig_id == id)) {

      u8 *src_str;
      u32 src_id;