Merge pull request #1527 from AFLplusplus/dev

push to stable
AFLplusplus · Sep 20, 2022 · ad4b727 · ad4b727
2 parents badd969 41fe8b6
commit ad4b727
Show file tree

Hide file tree

Showing 8 changed files with 36 additions and 21 deletions.
diff --git a/README.md b/README.md
@@ -2,9  2,9 @@
 
 <img align="right" src="https://raw.githubusercontent.com/AFLplusplus/Website/master/static/aflpp_bg.svg" alt="AFL   logo" width="250" heigh="250">
 
-Release version: [4.02c](https://github.com/AFLplusplus/AFLplusplus/releases)
 Release version: [4.03c](https://github.com/AFLplusplus/AFLplusplus/releases)
 
-GitHub version: 4.03a
 GitHub version: 4.04a
 
 Repository:
 [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus)

diff --git a/afl-cmin b/afl-cmin
@@ -105,12  105,13 @@ function usage() {
 "Execution control settings:\n" \
 "  -f file       - location read by the fuzzed program (stdin)\n" \
 "  -m megs       - memory limit for child process ("mem_limit" MB)\n" \
-"  -t msec       - run time limit for child process (none)\n" \
 "  -t msec       - run time limit for child process (default: none)\n" \
 "  -O            - use binary-only instrumentation (FRIDA mode)\n" \
 "  -Q            - use binary-only instrumentation (QEMU mode)\n" \
 "  -U            - use unicorn-based instrumentation (unicorn mode)\n" \
 "\n" \
 "Minimization settings:\n" \
 "  -A            - allow crashes and timeouts (not recommended)\n" \
 "  -C            - keep crashing inputs, reject everything else\n" \
 "  -e            - solve for edge coverage only, ignore hit counts\n" \
 "\n" \
@@ -123,6  124,7 @@ function usage() {
 "AFL_KEEP_TRACES: leave the temporary <out_dir>/.traces directory\n" \
 "AFL_KILL_SIGNAL: Signal delivered to child processes on timeout (default: SIGKILL)\n" \
 "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n" \
 "AFL_CMIN_ALLOW_ANY: write tuples for crashing inputs also\n" \
 "AFL_PATH: path for the afl-showmap binary if not found anywhere in PATH\n" \
 "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " \
       "printed to stdout\n" \
@@ -146,11  148,12 @@ BEGIN {
   # defaults
   extra_par = ""
   AFL_CMIN_CRASHES_ONLY = ""
   AFL_CMIN_ALLOW_ANY = ""
 
   # process options
   Opterr = 1    # default is to diagnose
   Optind = 1    # skip ARGV[0]
-  while ((_go_c = getopt(ARGC, ARGV, "hi:o:f:m:t:eCOQU?")) != -1) {
   while ((_go_c = getopt(ARGC, ARGV, "hi:o:f:m:t:eACOQU?")) != -1) {
     if (_go_c == "i") {
       if (!Optarg) usage()
       if (in_dir) { print "Option "_go_c" is only allowed once" > "/dev/stderr"}
@@ -186,6  189,10 @@ BEGIN {
       AFL_CMIN_CRASHES_ONLY = "AFL_CMIN_CRASHES_ONLY=1 "
       continue
     } else 
     if (_go_c == "A") {
       AFL_CMIN_ALLOW_ANY = "AFL_CMIN_ALLOW_ANY=1 "
       continue
     } else 
     if (_go_c == "e") {
       extra_par = extra_par " -e"
       continue
@@ -445,15  452,15 @@ BEGIN {
   if (!stdin_file) {
     print "    Processing "in_count" files (forkserver mode)..."
 #    print AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string
-    retval = system(AFL_MAP_SIZE AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string)
     retval = system(AFL_MAP_SIZE AFL_CMIN_ALLOW_ANY AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -- \""target_bin"\" "prog_args_string)
   } else {
     print "    Processing "in_count" files (forkserver mode)..."
 #    print AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null"
-    retval = system(AFL_MAP_SIZE AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null")
     retval = system(AFL_MAP_SIZE AFL_CMIN_ALLOW_ANY AFL_CMIN_CRASHES_ONLY"\""showmap"\" -m "mem_limit" -t "timeout" -o \""trace_dir"\" -Z "extra_par" -i \""in_dir"\" -H \""stdin_file"\" -- \""target_bin"\" "prog_args_string" </dev/null")
   }
 
-  if (retval && !AFL_CMIN_CRASHES_ONLY) {
-    print "[!] Exit code "retval" != 0 received from afl-showmap, terminating..."
   if (retval && (!AFL_CMIN_CRASHES_ONLY && !AFL_CMIN_ALLOW_ANY)) {
     print "[!] Exit code "retval" != 0 received from afl-showmap (this means a crashing or timeout input is likely present), terminating..."
 
     if (!ENVIRON["AFL_KEEP_TRACES"]) {
       system("rm -rf "trace_dir" 2>/dev/null")

diff --git a/afl-cmin.bash b/afl-cmin.bash
@@ -53,7  53,7 @@ unset IN_DIR OUT_DIR STDIN_FILE EXTRA_PAR MEM_LIMIT_GIVEN \
 
 export AFL_QUIET=1
 
-while getopts " i:o:f:m:t:eOQUCh" opt; do
 while getopts " i:o:f:m:t:eOQUACh" opt; do
 
   case "$opt" in 
 
@@ -80,6  80,9 @@ while getopts " i:o:f:m:t:eOQUCh" opt; do
     "e")
          EXTRA_PAR="$EXTRA_PAR -e"
          ;;
     "A")
          export AFL_CMIN_ALLOW_ANY=1
          ;;
     "C")
          export AFL_CMIN_CRASHES_ONLY=1
          ;;
@@ -128,6  131,7 @@ Execution control settings:
   
 Minimization settings:
 
   -A            - allow crashing and timeout inputs
   -C            - keep crashing inputs, reject everything else
   -e            - solve for edge coverage only, ignore hit counts
 

diff --git a/docs/Changelog.md b/docs/Changelog.md
@@ -3,12  3,8 @@
   This is the list of all noteworthy changes made in every public
   release of the tool. See README.md for the general instruction manual.
 
-## Staying informed
 
-Want to stay in the loop on major new features? Join our mailing list by
-sending a mail to <afl-users [email protected]>.
-
-### Version   4.03a (dev)
 ### Version   4.03c (release)
   - Building now gives a build summary what succeeded and what not
   - afl-fuzz:
     - added AFL_NO_STARTUP_CALIBRATION to start fuzzing at once instead
@@ -30,6  26,8 @@ sending a mail to <afl-users [email protected]>.
       edges (together with AFL_DEBUG=1 afl-fuzz). thanks to
       worksbutnottested!
   - afl-analyze broke at some point, fix by CodeLogicError, thank you!
   - afl-cmin/afl-cmin.bash now have an -A option to allow also crashing
     and timeout inputs
   - unicorn_mode:
     - updated upstream unicorn version
     - fixed builds for aarch64

diff --git a/include/config.h b/include/config.h
@@ -26,7  26,7 @@
 /* Version string: */
 
 // c = release, a = volatile github dev, e = experimental branch
-#define VERSION "  4.03a"
 #define VERSION "  4.03c"
 
 /******************************************************
  *                                                    *

diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION
@@ -1  1 @@
-61bc152384
 dc19175a0b
diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl
diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c
@@ -2105,7  2105,9 @@ void show_init_stats(afl_state_t *afl) {
                     ? 50000
                     : 10000)) {
 
-    WARNF(cLRD "The target binary is pretty slow! See %s/perf_tips.md.",
     WARNF(cLRD
           "The target binary is pretty slow! See "
           "%s/fuzzing_in_depth.md#i-improve-the-speed",
           doc_path);
 
   }
@@ -2134,13  2136,17 @@ void show_init_stats(afl_state_t *afl) {
 
     if (max_len > 50 * 1024) {
 
-      WARNF(cLRD "Some test cases are huge (%s) - see %s/perf_tips.md!",
       WARNF(cLRD
             "Some test cases are huge (%s) - see "
             "%s/fuzzing_in_depth.md#i-improve-the-speed",
             stringify_mem_size(IB(0), max_len), doc_path);
 
     } else if (max_len > 10 * 1024) {
 
-      WARNF("Some test cases are big (%s) - see %s/perf_tips.md.",
-            stringify_mem_size(IB(0), max_len), doc_path);
       WARNF(
           "Some test cases are big (%s) - see "
           "%s/fuzzing_in_depth.md#i-improve-the-speed",
           stringify_mem_size(IB(0), max_len), doc_path);
 
     }