2.15b

Makefile

@@ -14,7 +14,7 @@
 #
 
 PROGNAME    = afl
-VERSION     = 2.14b
+VERSION     = 2.15b
 
 PREFIX     ?= /usr/local
 BIN_PATH    = $(PREFIX)/bin

docs/ChangeLog

@@ -16,6 +16,15 @@ Not sure if you should upgrade? The lowest currently recommended version
 is 2.07b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 2.15b:
+--------------
+
+  - Added a README section on looking for non-crashing bugs.
+
+  - Added license data to several boring files. Contributed by
+    Jonathan Metzman.
+
 --------------
 Version 2.14b:
 --------------

docs/QuickStartGuide.txt

@@ -14,7 +14,8 @@ how to hit the ground running:
    checksum verification code, too.
 
    The program must crash properly when a fault is encountered. Watch out for
-   custom SIGSEGV or SIGABRT handlers and background processes.
+   custom SIGSEGV or SIGABRT handlers and background processes. For tips on
+   detecting non-crashing flaws, see section 11 in docs/README.
 
 3) Compile the program / library to be fuzzed using afl-gcc. A common way to
    do this would be:

docs/README

@@ -336,7 +336,28 @@ be critical, and which are not; while not bulletproof, it can often offer quick
 insights into complex file formats. More info about its operation can be found
 near the end of technical_details.txt.
 
-11) Common-sense risks
+11) Going beyond crashes
+------------------------
+
+Fuzzing is a wonderful and underutilized technique for discovering non-crashing
+design and implementation errors, too. Plenty of interesting bugs have been
+found by modifying the target programs to call abort() when:
+
+  - Two bignum libraries produce different outputs when given the same
+    fuzzer-generated input,
+
+  - An image library produces different outputs when asked to decode the same
+    input image several times in a row,
+
+  - A compression library produces an output inconsistent with the input file
+    when asked to compress and then decompress a particular blob.
+
+Implementing these or similar sanity checks usually takes very little time;
+if you are the maintainer of a particular package, you can make this code
+conditional with #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION (a flag also
+shared with libfuzzer) or #ifdef __AFL_COMPILER (this one is just for AFL).
+
+12) Common-sense risks
 ----------------------
 
 Please keep in mind that, similarly to many other computationally-intensive
@@ -364,7 +385,7 @@ tasks, fuzzing may put strain on your hardware and on the OS. In particular:
 
     $ iostat -d 3 -x -k [...optional disk ID...]
 
-12) Known limitations & areas for improvement
+13) Known limitations & areas for improvement
 ---------------------------------------------
 
 Here are some of the most important caveats for AFL:
@@ -402,7 +423,7 @@ Here are some of the most important caveats for AFL:
 
 Beyond this, see INSTALL for platform-specific tips.
 
-13) Special thanks
+14) Special thanks
 ------------------
 
 Many of the improvements to afl-fuzz wouldn't be possible without feedback,
@@ -439,7 +460,7 @@ bug reports, or patches from:
   Guillaume Endignoux                   ilovezfs
   Daniel Godas-Lopez                    Franjo Ivancic
   Austin Seipp                          Daniel Komaromy
-  Daniel Binderman
+  Daniel Binderman                      Jonathan Metzman
 
 Thank you!
 

experimental/instrumented_cmp/instrumented_cmp.c

@@ -1,6 +1,17 @@
 /*
 
-   A simple proof-of-concept for instrumented strcmp() or memcmp().
+   american fuzzy lop - instrumented strcmp() or memcmp() proof-of-concept
+   -----------------------------------------------------------------------
+
+   Written and maintained by Michal Zalewski <[email protected]>
+
+   Copyright 2015 Google Inc. All rights reserved.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at:
+
+     http://www.apache.org/licenses/LICENSE-2.0
 
    Normally, afl-fuzz will have difficulty ever reaching the code behind
    something like:

hash.h

@@ -12,6 +12,16 @@
 
    Austin's original code is public domain.
 
+   Other code written and maintained by Michal Zalewski <[email protected]>
+
+   Copyright 2016 Google Inc. All rights reserved.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at:
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
  */
 
 #ifndef _HAVE_HASH_H