mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 02:58:08 +00:00
Define AFL_CRASHING_SEEDS_AS_NEW_CRASH as env variable
- and fix typo Signed-off-by: Junwha <qbit@unist.ac.kr>
This commit is contained in:
Junwha
@ -1,3 +1,4 @@
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
american fuzzy lop++ - fuzzer header
|
american fuzzy lop++ - fuzzer header
|
||||||
------------------------------------
|
------------------------------------
|
||||||
@ -408,7 +409,7 @@ typedef struct afl_env_vars {
|
|||||||
*afl_max_det_extras, *afl_statsd_host, *afl_statsd_port,
|
*afl_max_det_extras, *afl_statsd_host, *afl_statsd_port,
|
||||||
*afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size,
|
*afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size,
|
||||||
*afl_testcache_entries, *afl_child_kill_signal, *afl_fsrv_kill_signal,
|
*afl_testcache_entries, *afl_child_kill_signal, *afl_fsrv_kill_signal,
|
||||||
*afl_target_env, *afl_persistent_record, *afl_exit_on_time;
|
*afl_target_env, *afl_persistent_record, *afl_exit_on_time, *afl_crashing_seeds_as_new_crash;
|
||||||
|
|
||||||
s32 afl_pizza_mode;
|
s32 afl_pizza_mode;
|
||||||
|
|
||||||
@ -539,8 +540,7 @@ typedef struct afl_state {
|
|||||||
expand_havoc, /* perform expensive havoc after no find */
|
expand_havoc, /* perform expensive havoc after no find */
|
||||||
cycle_schedules, /* cycle power schedules? */
|
cycle_schedules, /* cycle power schedules? */
|
||||||
old_seed_selection, /* use vanilla afl seed selection */
|
old_seed_selection, /* use vanilla afl seed selection */
|
||||||
reinit_table, /* reinit the queue weight table */
|
reinit_table; /* reinit the queue weight table */
|
||||||
crashing_seeds_as_new_crash; /* treat crashing seeds as normal corpus */
|
|
||||||
|
|
||||||
u8 *virgin_bits, /* Regions yet untouched by fuzzing */
|
u8 *virgin_bits, /* Regions yet untouched by fuzzing */
|
||||||
*virgin_tmout, /* Bits we haven't seen in tmouts */
|
*virgin_tmout, /* Bits we haven't seen in tmouts */
|
||||||
|
|||||||
@ -1056,17 +1056,19 @@ void perform_dry_run(afl_state_t *afl) {
|
|||||||
"skipping",
|
"skipping",
|
||||||
fn, (int)(s8)afl->fsrv.crash_exitcode);
|
fn, (int)(s8)afl->fsrv.crash_exitcode);
|
||||||
|
|
||||||
} else if (afl->crashing_seeds_as_new_crash) {
|
|
||||||
|
|
||||||
WARNF(
|
|
||||||
"Test case '%s' results in a crash,"
|
|
||||||
"as AFL_CRASHING_SEEDS_AS_NEW_CRASH is set, "
|
|
||||||
"saving as a crash", fn);
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
if (afl->afl_env.afl_crashing_seeds_as_new_crash) {
|
||||||
|
|
||||||
|
WARNF(
|
||||||
|
"Test case '%s' results in a crash, "
|
||||||
|
"as AFL_CRASHING_SEEDS_AS_NEW_CRASH is set, "
|
||||||
|
"saving as a new crash", fn);
|
||||||
|
|
||||||
|
} else {
|
||||||
|
|
||||||
WARNF("Test case '%s' results in a crash, skipping", fn);
|
WARNF("Test case '%s' results in a crash, skipping", fn);
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (afl->afl_env.afl_exit_on_seed_issues) {
|
if (afl->afl_env.afl_exit_on_seed_issues) {
|
||||||
@ -1085,8 +1087,8 @@ void perform_dry_run(afl_state_t *afl) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Crashing corpus will regrad as normal, and categorized as new crash at fuzzing */
|
/* Crashing seeds will be regarded as new crashes on startup */
|
||||||
if (afl->crashing_seeds_as_new_crash) {
|
if (afl->afl_env.afl_crashing_seeds_as_new_crash) {
|
||||||
|
|
||||||
++afl->total_crashes;
|
++afl->total_crashes;
|
||||||
|
|
||||||
@ -1139,9 +1141,6 @@ void perform_dry_run(afl_state_t *afl) {
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
q->disabled = 1;
|
|
||||||
q->perf_score = 0;
|
|
||||||
|
|
||||||
u32 i = 0;
|
u32 i = 0;
|
||||||
while (unlikely(i < afl->queued_items && afl->queue_buf[i] &&
|
while (unlikely(i < afl->queued_items && afl->queue_buf[i] &&
|
||||||
afl->queue_buf[i]->disabled)) {
|
afl->queue_buf[i]->disabled)) {
|
||||||
@ -1171,6 +1170,9 @@ void perform_dry_run(afl_state_t *afl) {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
q->disabled = 1;
|
||||||
|
q->perf_score = 0;
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case FSRV_RUN_ERROR:
|
case FSRV_RUN_ERROR:
|
||||||
|
|||||||
@ -200,6 +200,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
|
|||||||
afl->afl_env.afl_exit_on_time =
|
afl->afl_env.afl_exit_on_time =
|
||||||
(u8 *)get_afl_env(afl_environment_variables[i]);
|
(u8 *)get_afl_env(afl_environment_variables[i]);
|
||||||
|
|
||||||
|
} else if (!strncmp(env, "AFL_CRASHING_SEEDS_AS_NEW_CRASH",
|
||||||
|
|
||||||
|
afl_environment_variable_len)) {
|
||||||
|
|
||||||
|
afl->afl_env.afl_crashing_seeds_as_new_crash =
|
||||||
|
atoi((u8 *)get_afl_env(afl_environment_variables[i]));
|
||||||
|
|
||||||
} else if (!strncmp(env, "AFL_NO_AFFINITY",
|
} else if (!strncmp(env, "AFL_NO_AFFINITY",
|
||||||
|
|
||||||
afl_environment_variable_len)) {
|
afl_environment_variable_len)) {
|
||||||
|
|||||||
@ -1573,7 +1573,6 @@ int main(int argc, char **argv_orig, char **envp) {
|
|||||||
if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; }
|
if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; }
|
||||||
if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; }
|
if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; }
|
||||||
if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; }
|
if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; }
|
||||||
if (get_afl_env("AFL_CRASHING_SEEDS_AS_NEW_CRASH")) { afl->crashing_seeds_as_new_crash = 1; }
|
|
||||||
|
|
||||||
if (afl->afl_env.afl_autoresume) {
|
if (afl->afl_env.afl_autoresume) {
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user