import cmplog opts

include/afl-fuzz.h

@@ -647,6 +647,7 @@ typedef struct afl_state {
   u32 cmplog_prev_timed_out;
   u32 cmplog_max_filesize;
   u32 cmplog_lvl;
+  u32 colorize_success;
 
   struct afl_pass_stat *pass_stats;
   struct cmp_map *      orig_cmp_map;

src/afl-fuzz-one.c

@@ -562,7 +562,7 @@ u8 fuzz_one_original(afl_state_t *afl) {
       if (afl->cmplog_lvl == 3 ||
           (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) ||
           !(afl->fsrv.total_execs % afl->queued_paths) ||
-          get_cur_time() - afl->last_path_time > 15000) {
+          get_cur_time() - afl->last_path_time > 300000) {
 
         if (input_to_state_stage(afl, in_buf, out_buf, len)) {
 
@@ -2990,7 +2990,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) {
       if (afl->cmplog_lvl == 3 ||
           (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) ||
           !(afl->fsrv.total_execs % afl->queued_paths) ||
-          get_cur_time() - afl->last_path_time > 15000) {
+          get_cur_time() - afl->last_path_time > 300000) {
 
         if (input_to_state_stage(afl, in_buf, out_buf, len)) {
 

src/afl-fuzz-redqueen.c

@@ -379,8 +379,6 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len,
 
   }
 
-  *taints = taint;
-
   /* temporary: clean ranges */
   while (ranges) {
 
@@ -423,6 +421,35 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len,
 
 #endif
 
+  if (taint) {
+
+    if (len / positions == 1 && positions > 16384 &&
+        afl->active_paths / afl->colorize_success > 20) {
+
+#ifdef _DEBUG
+      fprintf(stderr, "Colorization unsatisfactory\n");
+#endif
+
+      *taints = NULL;
+
+      struct tainted *t;
+      while (taint) {
+
+        t = taint->next;
+        ck_free(taint);
+        taint = t;
+
+      }
+
+    } else {
+
+      *taints = taint;
+      ++afl->colorize_success;
+
+    }
+
+  }
+
   afl->stage_finds[STAGE_COLORIZATION] += new_hit_cnt - orig_hit_cnt;
   afl->stage_cycles[STAGE_COLORIZATION] += afl->stage_cur;
   ck_free(backup);