diff --git a/afl-fuzz.c b/afl-fuzz.c index fce24082..802c8e97 100644 --- a/afl-fuzz.c +++ b/afl-fuzz.c @@ -4412,7 +4412,7 @@ static void show_init_stats(void) { limit is very expensive, so let's select a more conservative default. */ if (dumb_mode && !getenv("AFL_HANG_TMOUT")) - hang_tmout = exec_tmout * 4; + hang_tmout = MIN(EXEC_TIMEOUT, exec_tmout * 2 + 100); OKF("All set and ready to roll!"); diff --git a/config.h b/config.h index 58f56c80..8c4d7973 100644 --- a/config.h +++ b/config.h @@ -21,7 +21,7 @@ /* Version string: */ -#define VERSION "2.41b" +#define VERSION "2.42b" /****************************************************** * * diff --git a/docs/ChangeLog b/docs/ChangeLog index 7fa987a6..41f1d843 100644 --- a/docs/ChangeLog +++ b/docs/ChangeLog @@ -13,9 +13,16 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . Not sure if you should upgrade? The lowest currently recommended version -is 2.31b. If you're stuck on an earlier release, it's strongly advisable +is 2.41b. If you're stuck on an earlier release, it's strongly advisable to get on with the times. +-------------- +Version 2.42b: +-------------- + + - Renamed the R() macro to avoid a problem with llvm_mode in the latest + versions of LLVM. Fix suggested by Christian Holler. + -------------- Version 2.41b: -------------- diff --git a/docs/README b/docs/README index 1f9f7699..83781a6b 100644 --- a/docs/README +++ b/docs/README @@ -308,7 +308,7 @@ Every crash is also traceable to its parent non-crashing test case in the queue, making it easier to diagnose faults. Having said that, it's important to acknowledge that some fuzzing crashes can be -difficult quickly evaluate for exploitability without a lot of debugging and +difficult to quickly evaluate for exploitability without a lot of debugging and code analysis work. To assist with this task, afl-fuzz supports a very unique "crash exploration" mode enabled with the -C flag. diff --git a/llvm_mode/afl-llvm-pass.so.cc b/llvm_mode/afl-llvm-pass.so.cc index 44d9e16e..7fac3def 100644 --- a/llvm_mode/afl-llvm-pass.so.cc +++ b/llvm_mode/afl-llvm-pass.so.cc @@ -22,6 +22,8 @@ */ +#define AFL_LLVM_PASS + #include "../config.h" #include "../debug.h" @@ -112,11 +114,11 @@ bool AFLCoverage::runOnModule(Module &M) { BasicBlock::iterator IP = BB.getFirstInsertionPt(); IRBuilder<> IRB(&(*IP)); - if (R(100) >= inst_ratio) continue; + if (AFL_R(100) >= inst_ratio) continue; /* Make up cur_loc */ - unsigned int cur_loc = R(MAP_SIZE); + unsigned int cur_loc = AFL_R(MAP_SIZE); ConstantInt *CurLoc = ConstantInt::get(Int32Ty, cur_loc); diff --git a/types.h b/types.h index 21d32da6..784d3a7a 100644 --- a/types.h +++ b/types.h @@ -68,7 +68,11 @@ typedef int64_t s64; ((_ret >> 8) & 0x0000FF00)); \ }) -#define R(x) (random() % (x)) +#ifdef AFL_LLVM_PASS +# define AFL_R(x) (random() % (x)) +#else +# define R(x) (random() % (x)) +#endif /* ^AFL_LLVM_PASS */ #define STRINGIFY_INTERNAL(x) #x #define STRINGIFY(x) STRINGIFY_INTERNAL(x)