From 36b7f3284cbd3e977032c4c3a8034da9d21850f7 Mon Sep 17 00:00:00 2001
From: Thomas HUET <git@thomash.fr>
Date: Sat, 18 Jun 2016 00:26:18 +0200
Subject: [PATCH] 2.14b

---
 Makefile                   |  4 ++--
 afl-gcc.c                  |  5 +++++
 afl-tmin.c                 |  2 +-
 docs/ChangeLog             |  9 +++++++++
 docs/INSTALL               | 13 ++++++++++---
 llvm_mode/afl-clang-fast.c |  1 +
 6 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 2feed4ce..ca6879c3 100644
--- a/Makefile
+++ b/Makefile
@@ -14,7 +14,7 @@
 #
 
 PROGNAME    = afl
-VERSION     = 2.13b
+VERSION     = 2.14b
 
 PREFIX     ?= /usr/local
 BIN_PATH    = $(PREFIX)/bin
@@ -50,7 +50,7 @@ ifndef AFL_NO_X86
 
 test_x86:
 	@echo "[*] Checking for the ability to compile x86 code..."
-	@echo 'main() { __asm__("xorb %al, %al"); }' | $(CC) -w -x c - -o .test || ( echo; echo "Oops, looks like your compiler can't generate x86 code."; echo; echo "You can still try using the LLVM or QEMU mode, but see docs/INSTALL first."; echo "To ignore this error, set AFL_NO_X86=1."; echo; exit 1 )
+	@echo 'main() { __asm__("xorb %al, %al"); }' | $(CC) -w -x c - -o .test || ( echo; echo "Oops, looks like your compiler can't generate x86 code."; echo; echo "Don't panic! You can use the LLVM or QEMU mode, but see docs/INSTALL first."; echo "(To ignore this error, set AFL_NO_X86=1 and try again.)"; echo; exit 1 )
 	@rm -f .test
 	@echo "[+] Everything seems to be working, ready to compile."
 
diff --git a/afl-gcc.c b/afl-gcc.c
index 75fe450e..b6cbc05c 100644
--- a/afl-gcc.c
+++ b/afl-gcc.c
@@ -262,7 +262,12 @@ static void edit_params(u32 argc, char** argv) {
 
     cc_params[cc_par_cnt++] = "-O3";
     cc_params[cc_par_cnt++] = "-funroll-loops";
+
+    /* Two indicators that you're building for fuzzing; one of them is
+       AFL-specific, the other is shared with libfuzzer. */
+
     cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1";
+    cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1";
 
   }
 
diff --git a/afl-tmin.c b/afl-tmin.c
index 403724c6..1a0cbb83 100644
--- a/afl-tmin.c
+++ b/afl-tmin.c
@@ -15,7 +15,7 @@
    A simple test case minimizer that takes an input file and tries to remove
    as much data as possible while keeping the binary in a crashing state
    *or* producing consistent instrumentation output (the mode is auto-selected
-   based on initially observed behavior).
+   based on the initially observed behavior).
 
  */
 
diff --git a/docs/ChangeLog b/docs/ChangeLog
index db9ce179..3b453f79 100644
--- a/docs/ChangeLog
+++ b/docs/ChangeLog
@@ -16,6 +16,15 @@ Not sure if you should upgrade? The lowest currently recommended version
 is 2.07b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 2.14b:
+--------------
+
+  - Added FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION as a macro defined when
+    compiling with afl-gcc and friends. Suggested by Kostya Serebryany.
+
+  - Refreshed some of the non-x86 docs.
+
 --------------
 Version 2.13b:
 --------------
diff --git a/docs/INSTALL b/docs/INSTALL
index 59e51b7c..6c44b922 100644
--- a/docs/INSTALL
+++ b/docs/INSTALL
@@ -105,12 +105,19 @@ Standard build will fail on non-x86 systems, but you should be able to
 leverage two other options:
 
   - The LLVM mode (see llvm_mode/README.llvm), which does not rely on
-    x86-specific assembly shims,
+    x86-specific assembly shims. It's fast and robust, but requires a
+    complete installation of clang.
 
   - The QEMU mode (see qemu_mode/README.qemu), which can be also used for
-    fuzzing cross-platform binaries.
+    fuzzing cross-platform binaries. It's slower and more fragile, but
+    can be used even when you don't have the source for the tested app.
 
-In both cases, you will need to set AFL_NO_X86=1 before running make or gmake.
+If you're not sure what you need, you need the LLVM mode. To get it, try:
+
+$ AFL_NO_X86=1 gmake && gmake -C llvm_mode
+
+...and compile your target program with afl-clang-fast or afl-clang-fast++
+instead of the traditional afl-gcc or afl-clang wrappers.
 
 5) Solaris on x86
 -----------------
diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
index f715d6b2..b9cedea9 100644
--- a/llvm_mode/afl-clang-fast.c
+++ b/llvm_mode/afl-clang-fast.c
@@ -198,6 +198,7 @@ static void edit_params(u32 argc, char** argv) {
 
   cc_params[cc_par_cnt++] = "-D__AFL_HAVE_MANUAL_CONTROL=1";
   cc_params[cc_par_cnt++] = "-D__AFL_COMPILER=1";
+  cc_params[cc_par_cnt++] = "-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1";
 
   /* When the user tries to use persistent or deferred forkserver modes by
      appending a single line to the program, we want to reliably inject a