commit ecb5854be0 ("add zlib compression for fast resume") added new
logic selected at compile-time when zlib is present. Unfortunately, it
also broke the existing logic by removing the last line of a multi-line
if statement, resulting in a syntax error when zlib isn't present.
Restore the line as it was.
In src/afl-fuzz.c `prev_queued_items` is used to decide whether the alias table should be recreated through the comparison with `afl->queued_items`.
43f462c91b/src/afl-fuzz.c (L3103-L3117)
However, this variable is also updated to `afl->queued_items` when INTROSPECTION is enabled and the `fuzz_one` appends seeds.
43f462c91b/src/afl-fuzz.c (L3135-L3140)
Due to the update of `prev_queued_items` when INTROSPECTION is on, alias table may not be recreated when it actually should be.
This can lead to potential heap buffer-overflow in `select_next_queue_entry` due to the lack of `afl_realloc` called in `create_alias_table`.
This patch fixes this bug by utilizing another variable for the INTROSPECTION part like other variables such as `prev_saved_tmouts`.
With CODE_COVERAGE builds, we need to collect the coverage data of each
iteration in a persistant buffer that has the same size as the regular
trace buffer used for fuzzing. We dump this information at the end of
the run and when combined with pointer data and module info, this can be
used to calculate code coverage.
print_stats sets exit_soon even while syncing, this leaves -V 0 still broken, as we don't finish syncing.
Additionally, the change that introduced the previous -V fix also broke the runtime tracking, as runtime needs to include all time including sync, splice etc. This caused an underflow in the reported runtime.
