2.32b

legend-issue · Aug 25, 2016 · 602a7de · 602a7de
1 parent b315095
commit 602a7de
Show file tree

Hide file tree

Showing 6 changed files with 43 additions and 21 deletions.
diff --git a/afl-fuzz.c b/afl-fuzz.c
@@ -3906,7 +3906,7 @@ static void show_stats(void) {
 
   /* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */
 
-  if (!dumb_mode && cycles_wo_finds > 50 && !pending_not_fuzzed &&
+  if (!dumb_mode && cycles_wo_finds > 100 && !pending_not_fuzzed &&
       getenv("AFL_EXIT_WHEN_DONE")) stop_soon = 2;
 
   if (total_crashes && getenv("AFL_BENCH_UNTIL_CRASH")) stop_soon = 2;
@@ -3980,10 +3980,10 @@ static void show_stats(void) {
     if (queue_cycle == 1) strcpy(tmp, cMGN); else
 
     /* Subsequent cycles, but we're still making finds. */
-    if (cycles_wo_finds < 5) strcpy(tmp, cYEL); else
+    if (cycles_wo_finds < 25) strcpy(tmp, cYEL); else
 
     /* No finds for a long time and no test cases to try. */
-    if (cycles_wo_finds > 50 && !pending_not_fuzzed) strcpy(tmp, cLGN);
+    if (cycles_wo_finds > 100 && !pending_not_fuzzed) strcpy(tmp, cLGN);
 
     /* Default: cautiously OK to stop? */
     else strcpy(tmp, cLBL);
@@ -4669,9 +4669,9 @@ static u32 calculate_score(struct queue_entry* q) {
 
     case 0 ... 3:   break;
     case 4 ... 7:   perf_score *= 2; break;
-    case 8 ... 13:  perf_score *= 4; break;
-    case 14 ... 25: perf_score *= 6; break;
-    default:        perf_score *= 8;
+    case 8 ... 13:  perf_score *= 3; break;
+    case 14 ... 25: perf_score *= 4; break;
+    default:        perf_score *= 5;
 
   }
 

diff --git a/afl-gcc.c b/afl-gcc.c
@@ -229,18 +229,27 @@ static void edit_params(u32 argc, char** argv) {
 
   } else if (getenv("AFL_USE_ASAN")) {
 
-    cc_params[cc_par_cnt++] = "-fsanitize=address";
-
     if (getenv("AFL_USE_MSAN"))
       FATAL("ASAN and MSAN are mutually exclusive");
 
-  } else if (getenv("AFL_USE_MSAN")) {
+    if (getenv("AFL_HARDEN"))
+      FATAL("ABSAN and AFL_HARDEN are mutually exclusive");
 
-    cc_params[cc_par_cnt++] = "-fsanitize=memory";
+    cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
+    cc_params[cc_par_cnt++] = "-fsanitize=address";
+
+  } else if (getenv("AFL_USE_MSAN")) {
 
     if (getenv("AFL_USE_ASAN"))
       FATAL("ASAN and MSAN are mutually exclusive");
 
+    if (getenv("AFL_HARDEN"))
+      FATAL("MSAN and AFL_HARDEN are mutually exclusive");
+
+    cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
+    cc_params[cc_par_cnt++] = "-fsanitize=memory";
+
+
   }
 
   if (!getenv("AFL_DONT_OPTIMIZE")) {

diff --git a/config.h b/config.h
@@ -21,7 +21,7 @@
 
 /* Version string: */
 
-#define VERSION             "2.31b"
+#define VERSION             "2.32b"
 
 /******************************************************
  *                                                    *
@@ -115,7 +115,7 @@
 
 /* Splicing cycle count: */
 
-#define SPLICE_CYCLES       16
+#define SPLICE_CYCLES       15
 
 /* Nominal per-splice havoc cycle length: */
 

diff --git a/docs/ChangeLog b/docs/ChangeLog
@@ -16,6 +16,16 @@ Not sure if you should upgrade? The lowest currently recommended version
 is 2.31b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 2.32b:
+--------------
+
+  - Added a check for AFL_HARDEN combined with AFL_USE_*SAN. Suggested by
+    Hanno Boeck.
+
+  - Made several other cosmetic adjustments to cycle timing in the wake of the
+    big tweak made in 2.31b.
+
 --------------
 Version 2.31b:
 --------------

diff --git a/docs/notes_for_asan.txt b/docs/notes_for_asan.txt
@@ -31,11 +31,6 @@ Note that ASAN is incompatible with -static, so be mindful of that.
 
 (You can also use AFL_USE_MSAN=1 to enable MSAN instead.)
 
-Note that both ASAN and MSAN are incompatible with -D_FORTIFY_SOURCE (enabled
-by default in some distros) and with AFL_HARDEN. Attempting to combine these
-settings can lead to false negatives in ASAN and false positives in MSAN. This
-is not AFL-specific.
-
 There is also the option of generating a corpus using a non-ASAN binary, and
 then feeding it to an ASAN-instrumented one to check for bugs. This is faster,
 and can give you somewhat comparable results. You can also try using

diff --git a/llvm_mode/afl-clang-fast.c b/llvm_mode/afl-clang-fast.c
@@ -169,18 +169,26 @@ static void edit_params(u32 argc, char** argv) {
 
     if (getenv("AFL_USE_ASAN")) {
 
-      cc_params[cc_par_cnt++] = "-fsanitize=address";
-
       if (getenv("AFL_USE_MSAN"))
         FATAL("ASAN and MSAN are mutually exclusive");
 
-    } else if (getenv("AFL_USE_MSAN")) {
+      if (getenv("AFL_HARDEN"))
+        FATAL("ASAN and AFL_HARDEN are mutually exclusive");
 
-      cc_params[cc_par_cnt++] = "-fsanitize=memory";
+      cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
+      cc_params[cc_par_cnt++] = "-fsanitize=address";
+
+    } else if (getenv("AFL_USE_MSAN")) {
 
       if (getenv("AFL_USE_ASAN"))
         FATAL("ASAN and MSAN are mutually exclusive");
 
+      if (getenv("AFL_HARDEN"))
+        FATAL("MSAN and AFL_HARDEN are mutually exclusive");
+
+      cc_params[cc_par_cnt++] = "-U_FORTIFY_SOURCE";
+      cc_params[cc_par_cnt++] = "-fsanitize=memory";
+
     }
 
   }