From b27e861a51c2f0e1621ef234a51e0f1738363046 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 May 2025 10:47:36 +0200 Subject: [PATCH 1/4] fix resume for syncing --- src/afl-fuzz-init.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index fd3fabf7..06734593 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1561,8 +1561,9 @@ void pivot_inputs(afl_state_t *afl) { ID matches the one we'd assign, just use the original file name. This is valuable for resuming fuzzing runs. */ - if (!strncmp(rsl, CASE_PREFIX, 3) && - sscanf(rsl + 3, "%06u", &orig_id) == 1 && orig_id == id) { + if (afl->in_place_resume || + (!strncmp(rsl, CASE_PREFIX, 3) && + sscanf(rsl + 3, "%06u", &orig_id) == 1 && orig_id == id)) { u8 *src_str; u32 src_id; From 7a32331c99e90c4dc886ab98ad82fc4c111fc924 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 May 2025 11:05:02 +0200 Subject: [PATCH 2/4] better solution --- src/afl-fuzz-init.c | 53 +++++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 26 deletions(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 06734593..53669acb 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -760,21 +760,10 @@ void read_testcases(afl_state_t *afl, u8 *directory) { if (nl_cnt) { u32 done = 0; - - if (unlikely(afl->in_place_resume)) { - - i = nl_cnt; - - } else { - - i = 0; - - } + i = 0; do { - if (unlikely(afl->in_place_resume)) { --i; } - struct stat st; u8 dfn[PATH_MAX]; snprintf(dfn, PATH_MAX, "%s/.state/deterministic_done/%s", afl->in_dir, @@ -854,22 +843,12 @@ void read_testcases(afl_state_t *afl, u8 *directory) { } next_entry: - if (unlikely(afl->in_place_resume)) { - - if (unlikely(i == 0)) { done = 1; } - - } else { - - if (unlikely(++i >= (u32)nl_cnt)) { done = 1; } - - } + if (unlikely(++i >= (u32)nl_cnt)) { done = 1; } } while (!done); } - // if (getenv("MYTEST")) afl->in_place_resume = 0; - free(nl); /* not tracked */ if (!afl->queued_items && directory == NULL) { @@ -913,9 +892,21 @@ void perform_dry_run(afl_state_t *afl) { struct queue_entry *q; u32 cal_failures = 0, idx; - u8 *use_mem; + u8 *use_mem, done = 0; - for (idx = 0; idx < afl->queued_items; idx++) { + if (afl->in_place_resume) { + + idx = afl->queued_items; + + } else { + + idx = 0; + + } + + do { + + if (afl->in_place_resume) { --idx; } q = afl->queue_buf[idx]; if (unlikely(!q || q->disabled)) { continue; } @@ -1382,7 +1373,17 @@ void perform_dry_run(afl_state_t *afl) { } - } + if (!afl->in_place_resume) { + + if (++idx >= afl->queued_items) { done = 1; } + + } else { + + if (idx == 0) { done = 1; } + + } + + } while (!done); if (cal_failures) { From 25d7d65216483251b5b4ed64f89ddafcb20c375e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 May 2025 11:46:39 +0200 Subject: [PATCH 3/4] workaround for compiler asan+lto issues --- GNUmakefile | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 9d50d5a8..73cf6e77 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -76,14 +76,16 @@ ifdef IS_IOS endif ifeq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" "" -ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=full -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" +ifndef ASAN_BUILD + ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=full -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" CFLAGS_FLTO ?= -flto=full -else - ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=thin -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" - CFLAGS_FLTO ?= -flto=thin else - ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" + ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto=thin -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" + CFLAGS_FLTO ?= -flto=thin + else + ifeq "$(shell echo 'int main() {return 0; }' | $(CC) $(CFLAGS) -Werror -x c - -flto -o .test 2>/dev/null && echo 1 || echo 0 ; rm -f .test )" "1" CFLAGS_FLTO ?= -flto + endif endif endif endif @@ -313,8 +315,8 @@ ifeq "$(shell command -v svn >/dev/null && svn proplist . 2>/dev/null && echo 1 endif ifeq "$(shell echo 'int main() { return 0;}' | $(CC) $(CFLAGS) -fsanitize=address -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1" - ASAN_CFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer -DASAN_BUILD - ASAN_LDFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer + ASAN_CFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer -DASAN_BUILD -fno-lto + ASAN_LDFLAGS=-fsanitize=address -fstack-protector-all -fno-omit-frame-pointer -fno-lto endif ifeq "$(shell echo '$(HASH)include @$(HASH)include @int main() { int _id = shmget(IPC_PRIVATE, 65536, IPC_CREAT | IPC_EXCL | 0600); shmctl(_id, IPC_RMID, 0); return 0;}' | tr @ '\n' | $(CC) $(CFLAGS) -x c - -o .test2 2>/dev/null && echo 1 || echo 0 ; rm -f .test2 )" "1" From 9004be20b83f1fe50f3f59b3edc8904fe9c4b7b9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 May 2025 14:08:49 +0200 Subject: [PATCH 4/4] update changelog --- docs/Changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index c26aa148..927d86f0 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,6 +10,7 @@ to disable fork, see docs (thanks to @alexandredoyen29) - Fix for FAST power schedules (introduced in 4.32c) (thanks to @kcwu) - Colors for NO_UI output (thanks to @smoelius) + - Fix potential sync issues when resuming sessions - more 64 bit archicture support by @maribu - afl-cc: - Fix to make AFL_SAN_NO_INST work with gcc_plugin