ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 02:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

skip crashes but keep for splices

Browse Source
This commit is contained in:
van Hauser
2020-09-05 16:16:56 +02:00
parent 2508922288
commit ded4d093ff
3 changed files with 36 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/Changelog.md
View File

@ -17,6 +17,10 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
- reading testcases from -i now descends into subdirectories - reading testcases from -i now descends into subdirectories
- allow up to 4 -x command line options - allow up to 4 -x command line options
- loaded extras now have a duplicate protection - loaded extras now have a duplicate protection
- If test cases are too large we do a partial read on the maximum
supported size
- longer seeds with the same trace information will now be ignored
for fuzzing but still be used for splicing
- instrumentation - instrumentation
- not overriding -Ox or -fno-unroll-loops anymore - not overriding -Ox or -fno-unroll-loops anymore
- new llvm pass: dict2file via AFL_LLVM_DICT2FILE, create afl-fuzz - new llvm pass: dict2file via AFL_LLVM_DICT2FILE, create afl-fuzz

35
src/afl-fuzz-init.c
View File

@ -713,11 +713,9 @@ void read_testcases(afl_state_t *afl, u8 *directory) {
if (st.st_size > MAX_FILE) { if (st.st_size > MAX_FILE) {
WARNF("Test case '%s' is too big (%s, limit is %s), skipping", fn2, WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2,
stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size),
stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE)); stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE));
ck_free(fn2);
continue;
} }
@ -728,7 +726,8 @@ void read_testcases(afl_state_t *afl, u8 *directory) {
if (!access(dfn, F_OK)) { passed_det = 1; } if (!access(dfn, F_OK)) { passed_det = 1; }
add_to_queue(afl, fn2, st.st_size, passed_det); add_to_queue(afl, fn2, st.st_size >= MAX_FILE ? MAX_FILE : st.st_size,
passed_det);
} }
@ -947,7 +946,31 @@ void perform_dry_run(afl_state_t *afl) {
#undef MSG_ULIMIT_USAGE #undef MSG_ULIMIT_USAGE
#undef MSG_FORK_ON_APPLE #undef MSG_FORK_ON_APPLE
FATAL("Test case '%s' results in a crash", fn); WARNF("Test case '%s' results in a crash, skipping", fn);
/* Remove from fuzzing queue but keep for splicing */
struct queue_entry *p = afl->queue;
while (p && p->next != q)
p = p->next;
if (p)
p->next = q->next;
else
afl->queue = q->next;
--afl->pending_not_fuzzed;
afl->max_depth = 0;
p = afl->queue;
while (p) {
if (p->depth > afl->max_depth) afl->max_depth = p->depth;
p = p->next;
}
break;
case FSRV_RUN_ERROR: case FSRV_RUN_ERROR:
@ -1067,7 +1090,7 @@ restart_outer_cull_loop:
} }
afl->queue = afl->queue_top = afl->queue; afl->queue_top = afl->queue;
} }

3
src/afl-fuzz.c
View File

@ -1282,6 +1282,9 @@ int main(int argc, char **argv_orig, char **envp) {
cull_queue(afl); cull_queue(afl);
if (!afl->pending_not_fuzzed)
FATAL("We need at least on valid input seed that does not crash!");
show_init_stats(afl); show_init_stats(afl);
seek_to = find_start_position(afl); seek_to = find_start_position(afl);