From 23710f17057353de4a6c9affe385e0f1ce4fb5c3 Mon Sep 17 00:00:00 2001 From: Thomas HUET Date: Sun, 14 Aug 2016 12:23:09 +0200 Subject: [PATCH] 2.30b --- afl-fuzz.c | 14 +++++++++----- config.h | 2 +- docs/ChangeLog | 14 ++++++++++++++ docs/status_screen.txt | 8 ++++---- llvm_mode/afl-llvm-rt.o.c | 6 ++++++ 5 files changed, 34 insertions(+), 10 deletions(-) diff --git a/afl-fuzz.c b/afl-fuzz.c index 4a863020..5ca8c8f0 100644 --- a/afl-fuzz.c +++ b/afl-fuzz.c @@ -116,7 +116,8 @@ EXP_ST u8 skip_deterministic, /* Skip deterministic stages? */ bitmap_changed = 1, /* Time to update bitmap? */ qemu_mode, /* Running in QEMU mode? */ skip_requested, /* Skip request, via SIGUSR1 */ - run_over10m; /* Run time over 10 minutes? */ + run_over10m, /* Run time over 10 minutes? */ + persistent_mode; /* Running in persistent mode? */ static s32 out_fd, /* Persistent fd for out_file */ dev_urandom_fd = -1, /* Persistent fd for /dev/urandom */ @@ -396,7 +397,7 @@ static void bind_to_free_cpu(void) { u8 cpu_used[4096] = { 0 }; u32 i; - if (!cpu_core_count) return; + if (cpu_core_count < 2) return; if (getenv("AFL_NO_AFFINITY")) { @@ -2401,7 +2402,8 @@ static u8 run_target(char** argv) { } - child_pid = 0; + if (!WIFSTOPPED(status)) child_pid = 0; + it.it_value.tv_sec = 0; it.it_value.tv_usec = 0; @@ -4199,8 +4201,9 @@ static void show_stats(void) { if (t_bytes) sprintf(tmp, "%0.02f%%", stab_ratio); else strcpy(tmp, "n/a"); - SAYF(" stability : %s%-10s " bSTG bV "\n", stab_ratio < 90 ? cLRD : - (queued_variable ? cMGN : cRST), tmp); + SAYF(" stability : %s%-10s " bSTG bV "\n", (stab_ratio < 85 && var_byte_count > 40) + ? cLRD : ((queued_variable && (!persistent_mode || var_byte_count > 20)) + ? cMGN : cRST), tmp); if (!bytes_trim_out) { @@ -6858,6 +6861,7 @@ EXP_ST void check_binary(u8* fname) { OKF(cPIN "Persistent mode binary detected."); setenv(PERSIST_ENV_VAR, "1", 1); + persistent_mode = 1; } else if (getenv("AFL_PERSISTENT")) { diff --git a/config.h b/config.h index c24627ff..88ccb908 100644 --- a/config.h +++ b/config.h @@ -21,7 +21,7 @@ /* Version string: */ -#define VERSION "2.29b" +#define VERSION "2.30b" /****************************************************** * * diff --git a/docs/ChangeLog b/docs/ChangeLog index f38b19a8..1501a50c 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -16,6 +16,20 @@ Not sure if you should upgrade? The lowest currently recommended version is 2.23b. If you're stuck on an earlier release, it's strongly advisable to get on with the times. +-------------- +Version 2.30b: +-------------- + + - Made minor improvements to persistent mode to avoid the remote + possibility of "no instrumentation detected" issues with very low + instrumentation densities. + + - Fixed a minor glitch with a leftover process in persistent mode. + Reported by Jakub Wilk and Daniel Stender. + + - Made persistent mode bitmaps a bit more consistent and adjusted the way + this is shown in the UI, especially in persistent mode. + -------------- Version 2.29b: -------------- diff --git a/docs/status_screen.txt b/docs/status_screen.txt index 36e0713b..ac09804f 100644 --- a/docs/status_screen.txt +++ b/docs/status_screen.txt @@ -297,10 +297,10 @@ number of inputs that produce seemingly variable behavior in the tested binary. That last bit is actually fairly interesting: it measures the consistency of observed traces. If a program always behaves the same for the same input data, -it will earn a score of 100%. When the value is over 90%, the fuzzing process -is still unlikely to be negatively affected. If it gets much lower, you may -be in trouble, since AFL will have difficulty discerning between meaningful -and "phantom" effects of tweaking the input file. +it will earn a score of 100%. When the value is lower but still shown in purple, +the fuzzing process is unlikely to be negatively affected. If it goes into red, +you may be in trouble, since AFL will have difficulty discerning between +meaningful and "phantom" effects of tweaking the input file. Now, most targets will just get a 100% score, but when you see lower figures, there are several things to look at: diff --git a/llvm_mode/afl-llvm-rt.o.c b/llvm_mode/afl-llvm-rt.o.c index 5ac8861b..e2ef1516 100644 --- a/llvm_mode/afl-llvm-rt.o.c +++ b/llvm_mode/afl-llvm-rt.o.c @@ -176,8 +176,10 @@ int __afl_persistent_loop(unsigned int max_cnt) { before the loop. */ if (is_persistent) { + memset(__afl_area_ptr, 0, MAP_SIZE); __afl_area_ptr[0] = 1; + __afl_prev_loc = 0; } cycle_cnt = max_cnt; @@ -191,6 +193,10 @@ int __afl_persistent_loop(unsigned int max_cnt) { if (--cycle_cnt) { raise(SIGSTOP); + + __afl_area_ptr[0] = 1; + __afl_prev_loc = 0; + return 1; } else {