ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix plot_data output and code-format

Browse Source
This commit is contained in:
van Hauser
2020-04-17 07:10:42 +02:00
parent 23ea727915
commit c961925356
7 changed files with 27 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
docs/Changelog.md
View File

@ -19,14 +19,17 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- snapshot feature usage now visible in UI - snapshot feature usage now visible in UI
- Now setting "-L -1" will enable MOpt in parallel to normal mutation. - Now setting "-L -1" will enable MOpt in parallel to normal mutation.
Additionally this allows to run dictionaries, radamsa and cmplog. Additionally this allows to run dictionaries, radamsa and cmplog.
- fix for cmplog/redqueen mode if stdin was used
- fix for writing a better plot_data file
- qemu_mode: fix for persistent mode
- compare-transform/AFL_LLVM_LAF_TRANSFORM_COMPARES now transforms also - compare-transform/AFL_LLVM_LAF_TRANSFORM_COMPARES now transforms also
static global and local variable comparisons (cannot find all though) static global and local variable comparisons (cannot find all though)
- extended forkserver: map_size and more information is communicated to - extended forkserver: map_size and more information is communicated to
afl-fuzz (and afl-fuzz acts accordingly) afl-fuzz (and afl-fuzz acts accordingly)
- more refactoring
- if AFL_CC/AFL_CXX is set but empty afl compilers did fail, fixed - if AFL_CC/AFL_CXX is set but empty afl compilers did fail, fixed
(this bug is in vanilla afl too) (this bug is in vanilla afl too)
- added NO_PYTHON flag to disable python support when building afl-fuzz - added NO_PYTHON flag to disable python support when building afl-fuzz
- more refactoring
### Version ++2.63c (release): ### Version ++2.63c (release):

2
src/afl-fuzz-init.c
View File

@ -1419,6 +1419,8 @@ void setup_dirs_fds(afl_state_t *afl) {
"# unix_time, cycles_done, cur_path, paths_total, " "# unix_time, cycles_done, cur_path, paths_total, "
"pending_total, pending_favs, map_size, unique_crashes, " "pending_total, pending_favs, map_size, unique_crashes, "
"unique_hangs, max_depth, execs_per_sec\n"); "unique_hangs, max_depth, execs_per_sec\n");
fflush(afl->fsrv.plot_file);
/* ignore errors */ /* ignore errors */
} }

2
src/afl-fuzz-python.c
View File

@ -42,7 +42,7 @@ it just fills in `&py_mutator->something_buf, &py_mutator->something_size`. */
&((py_mutator_t *)py_mutator)->name##_size &((py_mutator_t *)py_mutator)->name##_size
static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf,
u8 *add_buf, size_t add_buf_size, size_t max_size) { u8 *add_buf, size_t add_buf_size, size_t max_size) {
size_t mutated_size; size_t mutated_size;
PyObject *py_args, *py_value; PyObject *py_args, *py_value;

2
src/afl-fuzz-run.c
View File

@ -34,7 +34,7 @@
information. The called program will update afl->fsrv->trace_bits. */ information. The called program will update afl->fsrv->trace_bits. */
fsrv_run_result_t fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, fsrv_run_result_t fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv,
u32 timeout) { u32 timeout) {
fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon); fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon);
// TODO: Don't classify for faults? // TODO: Don't classify for faults?

31
src/afl-fuzz-stats.c
View File

@ -145,14 +145,15 @@ void write_stats_file(afl_state_t *afl, double bitmap_cvg, double stability,
void maybe_update_plot_file(afl_state_t *afl, double bitmap_cvg, double eps) { void maybe_update_plot_file(afl_state_t *afl, double bitmap_cvg, double eps) {
if (afl->plot_prev_qp == afl->queued_paths && if (unlikely(afl->plot_prev_qp == afl->queued_paths &&
afl->plot_prev_pf == afl->pending_favored && afl->plot_prev_pf == afl->pending_favored &&
afl->plot_prev_pnf == afl->pending_not_fuzzed && afl->plot_prev_pnf == afl->pending_not_fuzzed &&
afl->plot_prev_ce == afl->current_entry && afl->plot_prev_ce == afl->current_entry &&
afl->plot_prev_qc == afl->queue_cycle && afl->plot_prev_qc == afl->queue_cycle &&
afl->plot_prev_uc == afl->unique_crashes && afl->plot_prev_uc == afl->unique_crashes &&
afl->plot_prev_uh == afl->unique_hangs && afl->plot_prev_uh == afl->unique_hangs &&
afl->plot_prev_md == afl->max_depth) afl->plot_prev_md == afl->max_depth) ||
unlikely(!afl->queue_cycle))
return; return;
afl->plot_prev_qp = afl->queued_paths; afl->plot_prev_qp = afl->queued_paths;
@ -388,9 +389,9 @@ void show_stats(afl_state_t *afl) {
/* Lord, forgive me this. */ /* Lord, forgive me this. */
SAYF(SET_G1 bSTG bLT bH bSTOP cCYA SAYF(SET_G1 bSTG bLT bH bSTOP cCYA
" process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA " process timing " bSTG bH30 bH5 bH bHB bH bSTOP cCYA
" overall results " bSTG bH2 bH2 bRT "\n"); " overall results " bSTG bH2 bH2 bRT "\n");
if (afl->dumb_mode) { if (afl->dumb_mode) {
@ -472,9 +473,9 @@ void show_stats(afl_state_t *afl) {
" uniq hangs : " cRST "%-6s" bSTG bV "\n", " uniq hangs : " cRST "%-6s" bSTG bV "\n",
time_tmp, tmp); time_tmp, tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA
" map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); " map coverage " bSTG bH bHT bH20 bH2 bVL "\n");
/* This gets funny because we want to print several variable-length variables /* This gets funny because we want to print several variable-length variables
together, but then cram them into a fixed-width field - so we need to together, but then cram them into a fixed-width field - so we need to
@ -504,9 +505,9 @@ void show_stats(afl_state_t *afl) {
SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp);
SAYF(bVR bH bSTOP cCYA SAYF(bVR bH bSTOP cCYA
" stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA
" findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n");
sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored),
((double)afl->queued_favored) * 100 / afl->queued_paths); ((double)afl->queued_favored) * 100 / afl->queued_paths);
@ -580,7 +581,7 @@ void show_stats(afl_state_t *afl) {
/* Aaaalmost there... hold on! */ /* Aaaalmost there... hold on! */
SAYF(bVR bH cCYA bSTOP SAYF(bVR bH cCYA bSTOP
" fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA
" path geometry " bSTG bH5 bH2 bVL "\n"); " path geometry " bSTG bH5 bH2 bVL "\n");

4
src/afl-showmap.c
View File

@ -218,8 +218,8 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) {
/* Execute target application. */ /* Execute target application. */
static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, char **argv, u8 *mem, static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, char **argv,
u32 len) { u8 *mem, u32 len) {
afl_fsrv_write_to_testcase(fsrv, mem, len); afl_fsrv_write_to_testcase(fsrv, mem, len);

2
src/afl-tmin.c
View File

@ -215,7 +215,7 @@ static s32 write_to_file(u8 *path, u8 *mem, u32 len) {
1 if they should be kept. */ 1 if they should be kept. */
static u8 tmin_run_target(afl_forkserver_t *fsrv, char **argv, u8 *mem, u32 len, static u8 tmin_run_target(afl_forkserver_t *fsrv, char **argv, u8 *mem, u32 len,
u8 first_run) { u8 first_run) {
afl_fsrv_write_to_testcase(fsrv, mem, len); afl_fsrv_write_to_testcase(fsrv, mem, len);