ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-09 16:51:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
6,043 Commits 31 Branches 37 Tags
Commit Graph

194 Commits

Author SHA1 Message Date
hexcoder-
fd30a4184a typo 2020-12-12 16:37:23 +01:00
Dominik Maier
609f3d0265 fixed gcc analyzer warnings 2020-12-11 13:29:45 +01:00
Dominik Maier
1dbefc14ea fixed bugs in custom_describe, reported by wizche 2020-12-04 14:26:48 +01:00
hexcoder-
ed2f82eaf4 fix compiler warning turned error on NetBSD 2020-11-24 16:13:58 +01:00
Dominik Maier
f80f62f14b renamed env var to AFL_DEBUG_CHILD 2020-11-18 03:02:13 +01:00
van Hauser
c06b5a1564 fix sync issue 2020-11-17 17:02:33 +01:00
van Hauser
3cfc0174f7 fix -N for forkserver 2020-11-03 16:00:29 +01:00
van Hauser
b5686eb63e fixes two huge bugs 2020-10-29 00:05:28 +01:00
van Hauser
f41aafa4f7 retake from mem if possible 2020-10-15 15:48:39 +02:00
van Hauser
56ac3fcdc5
configurable testcache with malloc (#581) 
* cache item number to cache memory size

* reload testcase if trimming changed the size

* fix splicing selection

* slim splicing

* import sync fix

* write testcache stats to fuzzer_stats

* fix new seed selection algo

* malloc+read instead of mmap

* fix

* testcache is configurable now and no reference counts

* fixes compilation, test script

* fixes

* switch TEST_CC to afl-cc in makefile

* code format

* fix

* fix crash

* fix crash

* fix env help output

* remove unnecessary pointer resets

* fix endless loop bug

* actually use the cache if set

* one more fix

* increase default cache entries, add default cache size value to config.h

Co-authored-by: hexcoder- <heiko@hexco.de>
 2020-10-14 15:30:30 +02:00
van Hauser
c39a552cc0 ignore unstable 2020-09-02 20:30:26 +02:00
Dominik Maier
7470b475a9
Reworked maybe_grow to take a single ptr, renamed to afl_realloc (#505) 
* maybe_grow takes a single ptr

* fixed use_deflate

* reworked maybe_grow_bufsize

* helper to access underlying buf

* remove redundant realloc_block

* code format

* fixes

* added unit tests

* renamed maybe_grow to afl_realloc

* BUF_PARAMS -> AFL_BUF_PARAM
 2020-08-18 00:50:52 +02:00
root
af14acf2c1 Revert "Merge branch 'debug' into dev" 
This reverts commit a7537b5511ad767d2240cf2dc6d3e261daa676f9, reversing
changes made to 15e799f7ae666418e75c6a79db833c5316b21f97.
 2020-08-14 14:35:05 +02:00
van Hauser
a7537b5511
Merge branch 'debug' into dev 2020-08-14 13:23:14 +02:00
van Hauser
7a6867e2f8 split up __afl_manual_init, added internal AFL_DISABLE_LLVM_INSTRUMENTATION, skipping ctor+ifunc functions for all llvm, code-format 2020-08-12 16:06:30 +02:00
van Hauser
b38837f4ff setting attribute hot intelligently gives 0.5% speed 2020-08-12 14:14:44 +02:00
van Hauser
220dc4a43d review done, pray 2020-08-11 16:25:35 +02:00
van Hauser
457f627101 move taint_mode var 2020-08-11 15:10:18 +02:00
van Hauser
3ec1b23743 cleanup minor issues 2020-08-11 10:36:34 +02:00
van Hauser
67dac15226
Merge branch 'debug' into taint 2020-08-11 03:40:12 +02:00
Dominik Maier
a422fcaa40 fixed minor inconsistencies, reenabled warnings 2020-08-10 19:04:51 +02:00
van Hauser
3ecafde29d increase stack size 2020-08-10 13:59:30 +02:00
van Hauser
8428b18d2a fix another segfault 2020-08-10 13:30:25 +02:00
van Hauser
9ec223c844 final touches for first testing 2020-08-09 23:47:51 +02:00
van Hauser
e99d7e9730 integration in fuzz_one 2020-08-09 20:24:56 +02:00
van Hauser
b60663c031 taint integration done 2020-08-09 18:48:12 +02:00
van Hauser
32db31b555 fixes 2020-08-09 12:35:52 +02:00
van Hauser
a1129b67c2 changes 2020-08-09 12:15:36 +02:00
van Hauser
0bb59ba116 code format 2020-08-09 01:09:26 +02:00
van Hauser
e4a0237cbc step 1 2020-08-09 00:35:12 +02:00
Dominik Maier
22d3a5e90a enabled Wextra, fixed bugs 2020-08-07 16:55:58 +02:00
van Hauser
f30ca1476c fix short write 2020-08-05 11:17:15 +02:00
van Hauser
fc401f1acc fix post process check 2020-07-30 11:51:13 +02:00
van Hauser
35a448ee92 enhance for custom trim buffer 2020-07-30 09:20:22 +02:00
van Hauser
3f9f00a798
Merge pull request #460 from rish9101/dev 
Add post-process functionality in write_with_gap
 2020-07-30 09:15:42 +02:00
Rishi Ranjan
565da10a8f Minor change to write_with_gap 2020-07-29 01:05:05 +05:30
van Hauser
9cddbc0420 add -F option to sync to foreign fuzzer queues 2020-07-24 12:26:52 +02:00
rish9101
2fa31dab60 Remove reduntant copying from write_with_gap function 2020-07-23 23:48:26 +05:30
rish9101
4898db80cb Add post-process functionality in write_with_gap 2020-07-23 23:16:04 +05:30
van Hauser
e5e485fcdb fix autodict 2020-06-29 00:58:05 +02:00
Andrea Fioraldi
976e99b1d4 original fix for calibration error 2020-06-26 10:17:21 +02:00
van Hauser
171b1923e9 shmem release fix 2020-06-25 22:02:02 +02:00
Dominik Maier
c8f60a7fbf initialized variable 2020-06-25 17:25:16 +02:00
Andrea Fioraldi
4a3305c007
Merge pull request #425 from dgmelski/fix-recalibration 
Fix saturated maps & stability cliff in recalibration
 2020-06-25 15:16:10 +02:00
van Hauser
b5573b3adb add seek power schedule, remove update stats in calibration, fix help output 2020-06-25 10:33:59 +02:00
David Melski
d540971443 Fix saturated maps & stability cliff in recalibration 
I have observed two problems:

  1. A sudden "stability cliff" where stability drops precipitously.

  2. A sudden jump to a 100% saturated "density map".

Both issues are due to attempted "recalibration" of a case at the
beginning of fuzz_one_original() or mopt_common_fuzzing().  See the
comments "CALIBRATION (only if failed earlier on)" in those functions
and the subsequent call to calibrate_case().

At those calls to calibrate_case(), afl->fsrv.trace_bits holds
trace_bits for a run of the SUT on a prior queue entry.  However,
calibrate_case() may use the trace_bits as if they apply to the
current queue entry (afl->queue_cur).

Most often this bug causes the "stability cliff".  Trace bits are
compared for runs on distinct inputs, which can be very different.
The result is a sudden drop in stability.

Sometimes it leads to the "saturated map" problem.  A saturated
density map arises if the trace bits on the previous entry were
"simplified" by simplify_trace().  Simplified traces only contain the
values 1 and 128.  They are meant to be compared against
virgin_crashes and virgin_tmouts.

However, this bug causes the (stale) simplified trace to be compared
against virgin_bits during a call to has_new_bits(), which causes
every byte in vigin_bits to be something other than 255.  The overall
map density is determined by the percentage of bytes not 255, which
will be 100%.  Worse, AFL++ will be unable to detect novel occurrences
of edge counts 1 and 128 going forward.

This patch avoids the above issues by clearing q->exec_cksum when
calibration fails.  Recalibrations are forced to start with a fresh
trace on the queue entry.

Thanks to @andreafioraldi for suggesting the current, improved patch.
 2020-06-24 17:59:04 -04:00
van Hauser
bdc8e3b79e create .synced/NAMES.last to document last sync attempts 2020-06-24 11:09:33 +02:00
van Hauser
a49b5ef072 allow /tmp 2020-06-22 07:16:24 +02:00
van Hauser
5cad92e57e fix unicorn mode for CFLAGS 2020-06-21 18:07:30 +02:00
van Hauser
bfe5b88e78 code format 2020-06-13 14:28:42 +02:00