| Index: third_party/afl/src/docs/ChangeLog
|
| diff --git a/third_party/afl/src/docs/ChangeLog b/third_party/afl/src/docs/ChangeLog
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..3b453f7960d25fe4cccc4939cd73a22f6270dd76
|
| --- /dev/null
|
| +++ b/third_party/afl/src/docs/ChangeLog
|
| @@ -0,0 +1,2279 @@
|
| +=========
|
| +ChangeLog
|
| +=========
|
| +
|
| + This is the list of all noteworthy changes made in every public release of
|
| + the tool. See README for the general instruction manual.
|
| +
|
| +----------------
|
| +Staying informed
|
| +----------------
|
| +
|
| +Want to stay in the loop on major new features? Join our mailing list by
|
| +sending a mail to <afl-users+subscribe@googlegroups.com>.
|
| +
|
| +Not sure if you should upgrade? The lowest currently recommended version
|
| +is 2.07b. If you're stuck on an earlier release, it's strongly advisable
|
| +to get on with the times.
|
| +
|
| +--------------
|
| +Version 2.14b:
|
| +--------------
|
| +
|
| + - Added FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION as a macro defined when
|
| + compiling with afl-gcc and friends. Suggested by Kostya Serebryany.
|
| +
|
| + - Refreshed some of the non-x86 docs.
|
| +
|
| +--------------
|
| +Version 2.13b:
|
| +--------------
|
| +
|
| + - Fixed a spurious build test error with trace-pc and llvm_mode/Makefile.
|
| + Spotted by Markus Teufelberger.
|
| +
|
| + - Fixed a cosmetic issue with afl-whatsup. Spotted by Brandon Perry.
|
| +
|
| +--------------
|
| +Version 2.12b:
|
| +--------------
|
| +
|
| + - Fixed a minor issue in afl-tmin that can make alphabet minimization less
|
| + efficient during passes > 1. Spotted by Daniel Binderman.
|
| +
|
| +--------------
|
| +Version 2.11b:
|
| +--------------
|
| +
|
| + - Fixed a minor typo in instrumented_cmp, spotted by Hanno Eissfeldt.
|
| +
|
| + - Added a missing size check for deterministic insertion steps.
|
| +
|
| + - Made an improvement to afl-gotcpu when -Z not used.
|
| +
|
| + - Fixed a typo in post_library_png.so.c in experimental/. Spotted by Kostya
|
| + Serebryany.
|
| +
|
| +--------------
|
| +Version 2.10b:
|
| +--------------
|
| +
|
| + - Fixed a minor core counting glitch, reported by Tyler Nighswander.
|
| +
|
| +--------------
|
| +Version 2.09b:
|
| +--------------
|
| +
|
| + - Made several documentation updates.
|
| +
|
| + - Added some visual indicators to promote and simplify the use of -Z.
|
| +
|
| +--------------
|
| +Version 2.08b:
|
| +--------------
|
| +
|
| + - Added explicit support for -m32 and -m64 for llvm_mode. Inspired by
|
| + a request from Christian Holler.
|
| +
|
| + - Added a new benchmarking option, as requested by Kostya Serebryany.
|
| +
|
| +--------------
|
| +Version 2.07b:
|
| +--------------
|
| +
|
| + - Added CPU affinity option (-Z) on Linux. With some caution, this can
|
| + offer a significant (10%+) performance bump and reduce jitter.
|
| + Proposed by Austin Seipp.
|
| +
|
| + - Updated afl-gotcpu to use CPU affinity where supported.
|
| +
|
| + - Fixed confusing CPU_TARGET error messages with QEMU build. Spotted by
|
| + Daniel Komaromy and others.
|
| +
|
| +--------------
|
| +Version 2.06b:
|
| +--------------
|
| +
|
| + - Worked around LLVM persistent mode hiccups with -shared code.
|
| + Contributed by Christian Holler.
|
| +
|
| + - Added __AFL_COMPILER as a convenient way to detect that something is
|
| + built under afl-gcc / afl-clang / afl-clang-fast and enable custom
|
| + optimizations in your code. Suggested by Pedro Corte-Real.
|
| +
|
| + - Upstreamed several minor changes developed by Franjo Ivancic to
|
| + allow AFL to be built as a library. This is fairly use-specific and
|
| + may have relatively little appeal to general audiences.
|
| +
|
| +--------------
|
| +Version 2.05b:
|
| +--------------
|
| +
|
| + - Put __sanitizer_cov_module_init & co behind #ifdef to avoid problems
|
| + with ASAN. Spotted by Christian Holler.
|
| +
|
| +--------------
|
| +Version 2.04b:
|
| +--------------
|
| +
|
| + - Removed indirect-calls coverage from -fsanitize-coverage (since it's
|
| + redundant). Spotted by Kostya Serebryany.
|
| +
|
| +--------------
|
| +Version 2.03b:
|
| +--------------
|
| +
|
| + - Added experimental -fsanitize-coverage=trace-pc support that goes with
|
| + some recent additions to LLVM, as implemented by Kostya Serebryany.
|
| + Right now, this is cumbersome to use with common build systems, so
|
| + the mode remains undocumented.
|
| +
|
| + - Made several substantial improvements to better support non-standard
|
| + map sizes in LLVM mode.
|
| +
|
| + - Switched LLVM mode to thread-local execution tracing, which may offer
|
| + better results in some multithreaded apps.
|
| +
|
| + - Fixed a minor typo, reported by Heiko Eissfeldt.
|
| +
|
| + - Force-disabled symbolization for ASAN, as suggested by Christian Holler.
|
| +
|
| + - AFL_NOX86 renamed to AFL_NO_X86 for consistency.
|
| +
|
| + - Added AFL_LD_PRELOAD to allow LD_PRELOAD to be set for targets without
|
| + affecting AFL itself. Suggested by Daniel Godas-Lopez.
|
| +
|
| +--------------
|
| +Version 2.02b:
|
| +--------------
|
| +
|
| + - Fixed a "lcamtuf can't count to 16" bug in the havoc stage. Reported
|
| + by Guillaume Endignoux.
|
| +
|
| +--------------
|
| +Version 2.01b:
|
| +--------------
|
| +
|
| + - Made an improvement to cycle counter color coding, based on feedback
|
| + from Shai Sarfaty.
|
| +
|
| + - Added a mention of aflize to sister_projects.txt.
|
| +
|
| + - Fixed an installation issue with afl-as, as spotted by ilovezfs.
|
| +
|
| +--------------
|
| +Version 2.00b:
|
| +--------------
|
| +
|
| + - Cleaned up color handling after a minor snafu in 1.99b (affecting some
|
| + terminals).
|
| +
|
| + - Made minor updates to the documentation.
|
| +
|
| +--------------
|
| +Version 1.99b:
|
| +--------------
|
| +
|
| + - Substantially revamped the output and the internal logic of afl-analyze.
|
| +
|
| + - Cleaned up some of the color handling code and added support for
|
| + background colors.
|
| +
|
| + - Removed some stray files (oops).
|
| +
|
| + - Updated docs to better explain afl-analyze.
|
| +
|
| +--------------
|
| +Version 1.98b:
|
| +--------------
|
| +
|
| + - Improved to "boring string" detection in afl-analyze.
|
| +
|
| + - Added technical_details.txt for afl-analyze.
|
| +
|
| +--------------
|
| +Version 1.97b:
|
| +--------------
|
| +
|
| + - Added afl-analyze, a nifty tool to analyze the structure of a file
|
| + based on the feedback from AFL instrumentation. This is kinda experimental,
|
| + so field reports welcome.
|
| +
|
| + - Added a mention of afl-cygwin.
|
| +
|
| + - Fixed a couple of typos, as reported by Jakub Wilk and others.
|
| +
|
| +--------------
|
| +Version 1.96b:
|
| +--------------
|
| +
|
| + - Added -fpic to CFLAGS for the clang plugin, as suggested by Hanno Boeck.
|
| +
|
| + - Made another clang change (IRBuilder) suggested by Jeff Trull.
|
| +
|
| + - Fixed several typos, spotted by Jakub Wilk.
|
| +
|
| + - Added support for AFL_SHUFFLE_QUEUE, based on discussions with
|
| + Christian Holler.
|
| +
|
| +--------------
|
| +Version 1.95b:
|
| +--------------
|
| +
|
| + - Fixed a harmless bug when handling -B. Spotted by Jacek Wielemborek.
|
| +
|
| + - Made the exit message a bit more accurate when AFL_EXIT_WHEN_DONE is set.
|
| +
|
| + - Added some error-checking for old-style forkserver syntax. Suggested by
|
| + Ben Nagy.
|
| +
|
| + - Switched from exit() to _exit() in injected code to avoid snafus with
|
| + destructors in C++ code. Spotted by sunblate.
|
| +
|
| + - Made a change to avoid spuriously setting __AFL_SHM_ID when
|
| + AFL_DUMB_FORKSRV is set in conjunction with -n. Spotted by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.94b:
|
| +--------------
|
| +
|
| + - Changed allocator alignment to improve support for non-x86 systems (now
|
| + that llvm_mode makes this more feasible).
|
| +
|
| + - Fixed a minor typo in afl-cmin. Spotted by Jonathan Neuschafer.
|
| +
|
| + - Fixed an obscure bug that would affect people trying to use afl-gcc
|
| + with $TMP set but $TMPDIR absent. Spotted by Jeremy Barnes.
|
| +
|
| +--------------
|
| +Version 1.93b:
|
| +--------------
|
| +
|
| + - Hopefully fixed a problem with MacOS X and persistent mode, spotted by
|
| + Leo Barnes.
|
| +
|
| +--------------
|
| +Version 1.92b:
|
| +--------------
|
| +
|
| + - Made yet another C++ fix (namespaces). Reported by Daniel Lockyer.
|
| +
|
| +--------------
|
| +Version 1.91b:
|
| +--------------
|
| +
|
| + - Made another fix to make 1.90b actually work properly with C++ (d'oh).
|
| + Problem spotted by Daniel Lockyer.
|
| +
|
| +--------------
|
| +Version 1.90b:
|
| +--------------
|
| +
|
| + - Fixed a minor typo spotted by Kai Zhao; and made several other minor updates
|
| + to docs.
|
| +
|
| + - Updated the project URL for python-afl. Requested by Jakub Wilk.
|
| +
|
| + - Fixed a potential problem with deferred mode signatures getting optimized
|
| + out by the linker (with --gc-sections).
|
| +
|
| +--------------
|
| +Version 1.89b:
|
| +--------------
|
| +
|
| + - Revamped the support for persistent and deferred forkserver modes.
|
| + Both now feature simpler syntax and do not require companion env
|
| + variables. Suggested by Jakub Wilk.
|
| +
|
| + - Added a bit more info about afl-showmap. Suggested by Jacek Wielemborek.
|
| +
|
| +--------------
|
| +Version 1.88b:
|
| +--------------
|
| +
|
| + - Made AFL_EXIT_WHEN_DONE work in non-tty mode. Issue spotted by
|
| + Jacek Wielemborek.
|
| +
|
| +--------------
|
| +Version 1.87b:
|
| +--------------
|
| +
|
| + - Added QuickStartGuide.txt, a one-page quick start doc.
|
| +
|
| + - Fixed several typos spotted by Dominique Pelle.
|
| +
|
| + - Revamped several parts of README.
|
| +
|
| +--------------
|
| +Version 1.86b:
|
| +--------------
|
| +
|
| + - Added support for AFL_SKIP_CRASHES, which is a very hackish solution to
|
| + the problem of resuming sessions with intermittently crashing inputs.
|
| +
|
| + - Removed the hard-fail terminal size check, replaced with a dynamic
|
| + warning shown in place of the UI. Based on feedback from Christian Holler.
|
| +
|
| + - Fixed a minor typo in show_stats. Spotted by Dingbao Xie.
|
| +
|
| +--------------
|
| +Version 1.85b:
|
| +--------------
|
| +
|
| + - Fixed a garbled sentence in notes on parallel fuzzing. Thanks to Jakub Wilk.
|
| +
|
| + - Fixed a minor glitch in afl-cmin. Spotted by Jonathan Foote.
|
| +
|
| +--------------
|
| +Version 1.84b:
|
| +--------------
|
| +
|
| + - Made SIMPLE_FILES behave as expected when naming backup directories for
|
| + crashes and hangs.
|
| +
|
| + - Added the total number of favored paths to fuzzer_stats. Requested by
|
| + Ben Nagy.
|
| +
|
| + - Made afl-tmin, afl-fuzz, and afl-cmin reject negative values passed to
|
| + -t and -m, since they generally won't work as expected.
|
| +
|
| + - Made a fix for no lahf / sahf support on older versions of FreeBSD.
|
| + Patch contributed by Alex Moneger.
|
| +
|
| +--------------
|
| +Version 1.83b:
|
| +--------------
|
| +
|
| + - Fixed a problem with xargs -d on non-Linux systems in afl-cmin. Spotted by
|
| + teor2345 and Ben Nagy.
|
| +
|
| + - Fixed an implicit declaration in LLVM mode on MacOS X. Reported by
|
| + Kai Zhao.
|
| +
|
| +--------------
|
| +Version 1.82b:
|
| +--------------
|
| +
|
| + - Fixed a harmless but annoying race condition in persistent mode - signal
|
| + delivery is a bit more finicky than I thought.
|
| +
|
| + - Updated the documentation to explain persistent mode a bit better.
|
| +
|
| + - Tweaked AFL_PERSISTENT to force AFL_NO_VAR_CHECK.
|
| +
|
| +--------------
|
| +Version 1.81b:
|
| +--------------
|
| +
|
| + - Added persistent mode for in-process fuzzing. See llvm_mode/README.llvm.
|
| + Inspired by Kostya Serebryany and Christian Holler.
|
| +
|
| + - Changed the in-place resume code to preserve crashes/README.txt. Suggested
|
| + by Ben Nagy.
|
| +
|
| + - Included a potential fix for LLVM mode issues on MacOS X, based on the
|
| + investigation done by teor2345.
|
| +
|
| +--------------
|
| +Version 1.80b:
|
| +--------------
|
| +
|
| + - Made afl-cmin tolerant of whitespaces in filenames. Suggested by
|
| + Jonathan Neuschafer and Ketil Froyn.
|
| +
|
| + - Added support for AFL_EXIT_WHEN_DONE, as suggested by Michael Rash.
|
| +
|
| +--------------
|
| +Version 1.79b:
|
| +--------------
|
| +
|
| + - Added support for dictionary levels, see testcases/README.testcases.
|
| +
|
| + - Reworked the SQL dictionary to use levels.
|
| +
|
| + - Added a note about Preeny.
|
| +
|
| +--------------
|
| +Version 1.78b:
|
| +--------------
|
| +
|
| + - Added a dictionary for PDF, contributed by Ben Nagy.
|
| +
|
| + - Added several references to afl-cov, a new tool by Michael Rash.
|
| +
|
| + - Fixed a problem with crash reporter detection on MacOS X, as reported by
|
| + Louis Dassy.
|
| +
|
| +--------------
|
| +Version 1.77b:
|
| +--------------
|
| +
|
| + - Extended the -x option to support single-file dictionaries.
|
| +
|
| + - Replaced factory-packaged dictionaries with file-based variants.
|
| +
|
| + - Removed newlines from HTML keywords in testcases/_extras/html/.
|
| +
|
| +--------------
|
| +Version 1.76b:
|
| +--------------
|
| +
|
| + - Very significantly reduced the number of duplicate execs during
|
| + deterministic checks, chiefly in int16 and int32 stages. Confirmed
|
| + identical path yields. This should improve early-stage efficiency by
|
| + around 5-10%.
|
| +
|
| + - Reduced the likelihood of duplicate non-deterministic execs by
|
| + bumping up lowest stacking factor from 1 to 2. Quickly confirmed
|
| + that this doesn't seem to have significant impact on coverage with
|
| + libpng.
|
| +
|
| + - Added a note about integrating afl-fuzz with third-party tools.
|
| +
|
| +--------------
|
| +Version 1.75b:
|
| +--------------
|
| +
|
| + - Improved argv_fuzzing to allow it to emit empty args. Spotted by Jakub
|
| + Wilk.
|
| +
|
| + - afl-clang-fast now defines __AFL_HAVE_MANUAL_INIT. Suggested by Jakub Wilk.
|
| +
|
| + - Fixed a libtool-related bug with afl-clang-fast that would make some
|
| + ./configure invocations generate incorrect output. Spotted by Jakub Wilk.
|
| +
|
| + - Removed flock() on Solaris. This means no locking on this platform,
|
| + but so be it. Problem reported by Martin Carpenter.
|
| +
|
| + - Fixed a typo. Reported by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.74b:
|
| +--------------
|
| +
|
| + - Added an example argv[] fuzzing wrapper in experimental/argv_fuzzing.
|
| + Reworked the bash example to be faster, too.
|
| +
|
| + - Clarified llvm_mode prerequisites for FreeBSD.
|
| +
|
| + - Improved afl-tmin to use /tmp if cwd is not writeable.
|
| +
|
| + - Removed redundant includes for sys/fcntl.h, which caused warnings with
|
| + some nitpicky versions of libc.
|
| +
|
| + - Added a corpus of basic HTML tags that parsers are likely to pay attention
|
| + to (no attributes).
|
| +
|
| + - Added EP_EnabledOnOptLevel0 to llvm_mode, so that the instrumentation is
|
| + inserted even when AFL_DONT_OPTIMIZE=1 is set.
|
| +
|
| + - Switched qemu_mode to use the newly-released QEMU 2.3.0, which contains
|
| + a couple of minor bugfixes.
|
| +
|
| +--------------
|
| +Version 1.73b:
|
| +--------------
|
| +
|
| + - Fixed a pretty stupid bug in effector maps that could sometimes cause
|
| + AFL to fuzz slightly more than necessary; and in very rare circumstances,
|
| + could lead to SEGV if eff_map is aligned with page boundary and followed
|
| + by an unmapped page. Spotted by Jonathan Gray.
|
| +
|
| +--------------
|
| +Version 1.72b:
|
| +--------------
|
| +
|
| + - Fixed a glitch in non-x86 install, spotted by Tobias Ospelt.
|
| +
|
| + - Added a minor safeguard to llvm_mode Makefile following a report from
|
| + Kai Zhao.
|
| +
|
| +--------------
|
| +Version 1.71b:
|
| +--------------
|
| +
|
| + - Fixed a bug with installed copies of AFL trying to use QEMU mode. Spotted
|
| + by G.M. Lime.
|
| +
|
| + - Added last path / crash / hang times to fuzzer_stats, suggested by
|
| + Richard Hipp.
|
| +
|
| + - Fixed a typo, thanks to Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.70b:
|
| +--------------
|
| +
|
| + - Modified resumption code to reuse the original timeout value when resuming
|
| + a session if -t is not given. This prevents timeout creep in continuous
|
| + fuzzing.
|
| +
|
| + - Added improved error messages for failed handshake when AFL_DEFER_FORKSRV
|
| + is set.
|
| +
|
| + - Made a slight improvement to llvm_mode/Makefile based on feedback from
|
| + Jakub Wilk.
|
| +
|
| + - Refreshed several bits of documentation.
|
| +
|
| + - Added a more prominent note about the MacOS X trade-offs to Makefile.
|
| +
|
| +--------------
|
| +Version 1.69b:
|
| +--------------
|
| +
|
| + - Added support for deferred initialization in LLVM mode. Suggested by
|
| + Richard Godbee.
|
| +
|
| +--------------
|
| +Version 1.68b:
|
| +--------------
|
| +
|
| + - Fixed a minor PRNG glitch that would make the first seconds of a fuzzing
|
| + job deterministic. Thanks to Andreas Stieger.
|
| +
|
| + - Made tmp[] static in the LLVM runtime to keep Valgrind happy (this had
|
| + no impact on anything else). Spotted by Richard Godbee.
|
| +
|
| + - Clarified the footnote in README.
|
| +
|
| +--------------
|
| +Version 1.67b:
|
| +--------------
|
| +
|
| + - Made one more correction to llvm_mode Makefile, spotted by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.66b:
|
| +--------------
|
| +
|
| + - Added CC / CXX support to llvm_mode Makefile. Requested by Charlie Eriksen.
|
| +
|
| + - Fixed 'make clean' with gmake. Suggested by Oliver Schneider.
|
| +
|
| + - Fixed 'make -j n clean all'. Suggested by Oliver Schneider.
|
| +
|
| + - Removed build date and time from banners to give people deterministic
|
| + builds. Requested by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.65b:
|
| +--------------
|
| +
|
| + - Fixed a snafu with some leftover code in afl-clang-fast.
|
| +
|
| + - Corrected even moar typos.
|
| +
|
| +--------------
|
| +Version 1.64b:
|
| +--------------
|
| +
|
| + - Further simplified afl-clang-fast runtime by reverting .init_array to
|
| + __attribute__((constructor(0)). This should improve compatibility with
|
| + non-ELF platforms.
|
| +
|
| + - Fixed a problem with afl-clang-fast and -shared libraries. Simplified
|
| + the code by getting rid of .preinit_array and replacing it with a .comm
|
| + object. Problem reported by Charlie Eriksen.
|
| +
|
| + - Removed unnecessary instrumentation density adjustment for the LLVM mode.
|
| + Reported by Jonathan Neuschafer.
|
| +
|
| +--------------
|
| +Version 1.63b:
|
| +--------------
|
| +
|
| + - Updated cgroups_asan/ with a new version from Sam, made a couple changes
|
| + to streamline it and keep parallel afl instances in separate groups.
|
| +
|
| + - Fixed typos, thanks to Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.62b:
|
| +--------------
|
| +
|
| + - Improved the handling of -x in afl-clang-fast,
|
| +
|
| + - Improved the handling of low AFL_INST_RATIO settings for QEMU and
|
| + LLVM modes.
|
| +
|
| + - Fixed the llvm-config bug for good (thanks to Tobias Ospelt).
|
| +
|
| +--------------
|
| +Version 1.61b:
|
| +--------------
|
| +
|
| + - Fixed an obscure bug compiling OpenSSL with afl-clang-fast. Patch by
|
| + Laszlo Szekeres.
|
| +
|
| + - Fixed a 'make install' bug on non-x86 systems, thanks to Tobias Ospelt.
|
| +
|
| + - Fixed a problem with half-broken llvm-config on Odroid, thanks to
|
| + Tobias Ospelt. (There is another odd bug there that hasn't been fully
|
| + fixed - TBD).
|
| +
|
| +--------------
|
| +Version 1.60b:
|
| +--------------
|
| +
|
| + - Allowed experimental/llvm_instrumentation/ to graduate to llvm_mode/.
|
| +
|
| + - Removed experimental/arm_support/, since it's completely broken and likely
|
| + unnecessary with LLVM support in place.
|
| +
|
| + - Added ASAN cgroups script to experimental/asan_cgroups/, updated existing
|
| + docs. Courtesy Sam Hakim and David A. Wheeler.
|
| +
|
| + - Refactored afl-tmin to reduce the number of execs in common use cases.
|
| + Ideas from Jonathan Neuschafer and Turo Lamminen.
|
| +
|
| + - Added a note about CLAs at the bottom of README.
|
| +
|
| + - Renamed testcases_readme.txt to README.testcases for some semblance of
|
| + consistency.
|
| +
|
| + - Made assorted updates to docs.
|
| +
|
| + - Added MEM_BARRIER() to afl-showmap and afl-tmin, just to be safe.
|
| +
|
| +--------------
|
| +Version 1.59b:
|
| +--------------
|
| +
|
| + - Imported Laszlo Szekeres' experimental LLVM instrumentation into
|
| + experimental/llvm_instrumentation. I'll work on including it in the
|
| + "mainstream" version soon.
|
| +
|
| + - Fixed another typo, thanks to Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.58b:
|
| +--------------
|
| +
|
| + - Added a workaround for abort() behavior in -lpthread programs in QEMU mode.
|
| + Spotted by Aidan Thornton.
|
| +
|
| + - Made several documentation updates, including links to the static
|
| + instrumentation tool (sister_projects.txt).
|
| +
|
| +--------------
|
| +Version 1.57b:
|
| +--------------
|
| +
|
| + - Fixed a problem with exception handling on some versions of MacOS X.
|
| + Spotted by Samir Aguiar and Anders Wang Kristensen.
|
| +
|
| + - Tweaked afl-gcc to use BIN_PATH instead of a fixed string in help
|
| + messages.
|
| +
|
| +--------------
|
| +Version 1.56b:
|
| +--------------
|
| +
|
| + - Renamed related_work.txt to historical_notes.txt.
|
| +
|
| + - Made minor edits to the ASAN doc.
|
| +
|
| + - Added docs/sister_projects.txt with a list of inspired or closely
|
| + related utilities.
|
| +
|
| +--------------
|
| +Version 1.55b:
|
| +--------------
|
| +
|
| + - Fixed a glitch with afl-showmap opening /dev/null with O_RDONLY when
|
| + running in quiet mode. Spotted by Tyler Nighswander.
|
| +
|
| +--------------
|
| +Version 1.54b:
|
| +--------------
|
| +
|
| + - Added another postprocessor example for PNG.
|
| +
|
| + - Made a cosmetic fix to realloc() handling in experimental/post_library/,
|
| + suggested by Jakub Wilk.
|
| +
|
| + - Improved -ldl handling. Suggested by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.53b:
|
| +--------------
|
| +
|
| + - Fixed an -l ordering issue that is apparently still a problem on Ubuntu.
|
| + Spotted by William Robinet.
|
| +
|
| +--------------
|
| +Version 1.52b:
|
| +--------------
|
| +
|
| + - Added support for file format postprocessors. Requested by Ben Nagy. This
|
| + feature is intentionally buried, since it's fairly easy to misuse and
|
| + useful only in some scenarios. See experimental/post_library/.
|
| +
|
| +--------------
|
| +Version 1.51b:
|
| +--------------
|
| +
|
| + - Made it possible to properly override LD_BIND_NOW after one very unusual
|
| + report of trouble.
|
| +
|
| + - Cleaned up typos, thanks to Jakub Wilk.
|
| +
|
| + - Fixed a bug in AFL_DUMB_FORKSRV.
|
| +
|
| +--------------
|
| +Version 1.50b:
|
| +--------------
|
| +
|
| + - Fixed a flock() bug that would prevent dir reuse errors from kicking
|
| + in every now and then.
|
| +
|
| + - Renamed references to ppvm (the project is now called recidivm).
|
| +
|
| + - Made improvements to file descriptor handling to avoid leaving some fds
|
| + unnecessarily open in the child process.
|
| +
|
| + - Fixed a typo or two.
|
| +
|
| +--------------
|
| +Version 1.49b:
|
| +--------------
|
| +
|
| + - Added code to save original command line in fuzzer_stats and
|
| + crashes/README.txt. Also saves fuzzer version in fuzzer_stats.
|
| + Requested by Ben Nagy.
|
| +
|
| +--------------
|
| +Version 1.48b:
|
| +--------------
|
| +
|
| + - Fixed a bug with QEMU fork server crashes when translation is attempted
|
| + after a jump to an invalid pointer in the child process (i.e., after
|
| + bumping into a particularly nasty security bug in the tested binary).
|
| + Reported by Tyler Nighswander.
|
| +
|
| +--------------
|
| +Version 1.47b:
|
| +--------------
|
| +
|
| + - Fixed a bug with afl-cmin in -Q mode complaining about binary being not
|
| + instrumented. Thanks to Jonathan Neuschafer for the bug report.
|
| +
|
| + - Fixed another bug with argv handling for afl-fuzz in -Q mode. Reported
|
| + by Jonathan Neuschafer.
|
| +
|
| + - Improved the use of colors when showing crash counts in -C mode.
|
| +
|
| +--------------
|
| +Version 1.46b:
|
| +--------------
|
| +
|
| + - Improved instrumentation performance on 32-bit systems by getting rid of
|
| + xor-swap (oddly enough, xor-swap is still faster on 64-bit) and tweaking
|
| + alignment.
|
| +
|
| + - Made path depth numbers more accurate with imported test cases.
|
| +
|
| +--------------
|
| +Version 1.45b:
|
| +--------------
|
| +
|
| + - Added support for SIMPLE_FILES in config.h for folks who don't like
|
| + descriptive file names. Generates very simple names without colons,
|
| + commas, plus signs, dashes, etc.
|
| +
|
| + - Replaced zero-sized files with symlinks in the variable behavior state
|
| + dir to simplify examining the relevant test cases.
|
| +
|
| + - Changed the period of limited-range block ops from 5 to 10 minutes based
|
| + on a couple of experiments. The basic goal of this delay timer behavior
|
| + is to better support jobs that are seeded with completely invalid files,
|
| + in which case, the first few queue cycles may be completed very quickly
|
| + without discovering new paths. Should have no effect on well-seeded jobs.
|
| +
|
| + - Made several minor updates to docs.
|
| +
|
| +--------------
|
| +Version 1.44b:
|
| +--------------
|
| +
|
| + - Corrected two bungled attempts to get the -C mode work properly
|
| + with afl-cmin (accounting for the short-lived releases tagged 1.42 and
|
| + 1.43b) - sorry.
|
| +
|
| + - Removed AFL_ALLOW_CRASHES in favor of the -C mode in said tool.
|
| +
|
| + - Said goodbye to Hello Kitty, as requested by Padraig Brady.
|
| +
|
| +--------------
|
| +Version 1.41b:
|
| +--------------
|
| +
|
| + - Added AFL_ALLOW_CRASHES=1 to afl-cmin. Allows crashing inputs in the
|
| + output corpus. Changed the default behavior to disallow it.
|
| +
|
| + - Made the afl-cmin output dir default to 0700, not 0755, to be consistent
|
| + with afl-fuzz; documented the rationale for 0755 in afl-plot.
|
| +
|
| + - Lowered the output dir reuse time limit to 25 minutes as a dice-roll
|
| + compromise after a discussion on afl-users@.
|
| +
|
| + - Made afl-showmap accept -o /dev/null without borking out.
|
| +
|
| + - Added support for crash / hang info in exit codes of afl-showmap.
|
| +
|
| + - Tweaked block operation scaling to also factor in ballpark run time
|
| + in cases where queue passes take very little time.
|
| +
|
| + - Fixed typos and made improvements to several docs.
|
| +
|
| +--------------
|
| +Version 1.40b:
|
| +--------------
|
| +
|
| + - Switched to smaller block op sizes during the first passes over the
|
| + queue. Helps keep test cases small.
|
| +
|
| + - Added memory barrier for run_target(), just in case compilers get
|
| + smarter than they are today.
|
| +
|
| + - Updated a bunch of docs.
|
| +
|
| +--------------
|
| +Version 1.39b:
|
| +--------------
|
| +
|
| + - Added the ability to skip inputs by sending SIGUSR1 to the fuzzer.
|
| +
|
| + - Reworked several portions of the documentation.
|
| +
|
| + - Changed the code to reset splicing perf scores between runs to keep
|
| + them closer to intended length.
|
| +
|
| + - Reduced the minimum value of -t to 5 for afl-fuzz (~200 exec/sec)
|
| + and to 10 for auxiliary tools (due to the absence of a fork server).
|
| +
|
| + - Switched to more aggressive default timeouts (rounded up to 25 ms
|
| + versus 50 ms - ~40 execs/sec) and made several other cosmetic changes
|
| + to the timeout code.
|
| +
|
| +--------------
|
| +Version 1.38b:
|
| +--------------
|
| +
|
| + - Fixed a bug in the QEMU build script, spotted by William Robinet.
|
| +
|
| + - Improved the reporting of skipped bitflips to keep the UI counters a bit
|
| + more accurate.
|
| +
|
| + - Cleaned up related_work.txt and added some non-goals.
|
| +
|
| + - Fixed typos, thanks to Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.37b:
|
| +--------------
|
| +
|
| + - Added effector maps, which detect regions that do not seem to respond
|
| + to bitflips and subsequently exclude them from more expensive steps
|
| + (arithmetics, known ints, etc). This should offer significant performance
|
| + improvements with quite a few types of text-based formats, reducing the
|
| + number of deterministic execs by a factor of 2 or so.
|
| +
|
| + - Cleaned up mem limit handling in afl-cmin.
|
| +
|
| + - Switched from uname -i to uname -m to work around Gentoo-specific
|
| + issues with coreutils when building QEMU. Reported by William Robinet.
|
| +
|
| + - Switched from PID checking to flock() to detect running sessions.
|
| + Problem, against all odds, bumped into by Jakub Wilk.
|
| +
|
| + - Added SKIP_COUNTS and changed the behavior of COVERAGE_ONLY in config.h.
|
| + Useful only for internal benchmarking.
|
| +
|
| + - Made improvements to UI refresh rates and exec/sec stats to make them
|
| + more stable.
|
| +
|
| + - Made assorted improvements to the documentation and to the QEMU build
|
| + script.
|
| +
|
| + - Switched from perror() to strerror() in error macros, thanks to Jakub
|
| + Wilk for the nag.
|
| +
|
| + - Moved afl-cmin back to bash, wasn't thinking straight. It has to stay
|
| + on bash because other shells may have restrictive limits on array sizes.
|
| +
|
| +--------------
|
| +Version 1.36b:
|
| +--------------
|
| +
|
| + - Switched afl-cmin over to /bin/sh. Thanks to Jonathan Gray.
|
| +
|
| + - Fixed an off-by-one bug in queue limit check when resuming sessions
|
| + (could cause NULL ptr deref if you are *really* unlucky).
|
| +
|
| + - Fixed the QEMU script to tolerate i686 if returned by uname -i. Based on
|
| + a problem report from Sebastien Duquette.
|
| +
|
| + - Added multiple references to Jakub's ppvm tool.
|
| +
|
| + - Made several minor improvements to the Makefile.
|
| +
|
| + - Believe it or not, fixed some typos. Thanks to Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.35b:
|
| +--------------
|
| +
|
| + - Cleaned up regular expressions in some of the scripts to avoid errors
|
| + on *BSD systems. Spotted by Jonathan Gray.
|
| +
|
| +--------------
|
| +Version 1.34b:
|
| +--------------
|
| +
|
| + - Performed a substantial documentation and program output cleanup to
|
| + better explain the QEMU feature.
|
| +
|
| +--------------
|
| +Version 1.33b:
|
| +--------------
|
| +
|
| + - Added support for AFL_INST_RATIO and AFL_INST_LIBS in the QEMU mode.
|
| +
|
| + - Fixed a stack allocation crash in QEMU mode (bug in QEMU, fixed with
|
| + an extra patch applied to the downloaded release).
|
| +
|
| + - Added code to test the QEMU instrumentation once the afl-qemu-trace
|
| + binary is built.
|
| +
|
| + - Modified afl-tmin and afl-showmap to search $PATH for binaries and to
|
| + better handle QEMU support.
|
| +
|
| + - Added a check for instrumented binaries when passing -Q to afl-fuzz.
|
| +
|
| +--------------
|
| +Version 1.32b:
|
| +--------------
|
| +
|
| + - Fixed 'make install' following the QEMU changes. Spotted by Hanno Boeck.
|
| +
|
| + - Fixed EXTRA_PAR handling in afl-cmin.
|
| +
|
| +--------------
|
| +Version 1.31b:
|
| +--------------
|
| +
|
| + - Hallelujah! Thanks to Andrew Griffiths, we now support very fast, black-box
|
| + instrumentation of binary-only code. See qemu_mode/README.qemu.
|
| +
|
| + To use this feature, you need to follow the instructions in that
|
| + directory and then run afl-fuzz with -Q.
|
| +
|
| +--------------
|
| +Version 1.30b:
|
| +--------------
|
| +
|
| + - Added -s (summary) option to afl-whatsup. Suggested by Jodie Cunningham.
|
| +
|
| + - Added a sanity check in afl-tmin to detect minimization to zero len or
|
| + excess hangs.
|
| +
|
| + - Fixed alphabet size counter in afl-tmin.
|
| +
|
| + - Slightly improved the handling of -B in afl-fuzz.
|
| +
|
| + - Fixed process crash messages with -m none.
|
| +
|
| +--------------
|
| +Version 1.29b:
|
| +--------------
|
| +
|
| + - Improved the naming of test cases when orig: is already present in the file
|
| + name.
|
| +
|
| + - Made substantial improvements to technical_details.txt.
|
| +
|
| +--------------
|
| +Version 1.28b:
|
| +--------------
|
| +
|
| + - Made a minor tweak to the instrumentation to preserve the directionality
|
| + of tuples (i.e., A -> B != B -> A) and to maintain the identity of tight
|
| + loops (A -> A). You need to recompile targeted binaries to leverage this.
|
| +
|
| + - Cleaned up some of the afl-whatsup stats.
|
| +
|
| + - Added several sanity checks to afl-cmin.
|
| +
|
| +--------------
|
| +Version 1.27b:
|
| +--------------
|
| +
|
| + - Made afl-tmin recursive. Thanks to Hanno Boeck for the tip.
|
| +
|
| + - Added docs/technical_details.txt.
|
| +
|
| + - Changed afl-showmap search strategy in afl-cmap to just look into the
|
| + same place that afl-cmin is executed from. Thanks to Jakub Wilk.
|
| +
|
| + - Removed current_todo.txt and cleaned up the remaining docs.
|
| +
|
| +--------------
|
| +Version 1.26b:
|
| +--------------
|
| +
|
| + - Added total execs/sec stat for afl-whatsup.
|
| +
|
| + - afl-cmin now auto-selects between cp or ln. Based on feedback from
|
| + Even Huus.
|
| +
|
| + - Fixed a typo. Thanks to Jakub Wilk.
|
| +
|
| + - Made afl-gotcpu a bit more accurate by using getrusage instead of
|
| + times. Thanks to Jakub Wilk.
|
| +
|
| + - Fixed a memory limit issue during the build process on NetBSD-current.
|
| + Reported by Thomas Klausner.
|
| +
|
| +--------------
|
| +Version 1.25b:
|
| +--------------
|
| +
|
| + - Introduced afl-whatsup, a simple tool for querying the status of
|
| + local synced instances of afl-fuzz.
|
| +
|
| + - Added -x compiler to clang options on Darwin. Suggested by Filipe
|
| + Cabecinhas.
|
| +
|
| + - Improved exit codes for afl-gotcpu.
|
| +
|
| + - Improved the checks for -m and -t values in afl-cmin. Bug report
|
| + from Evan Huus.
|
| +
|
| +--------------
|
| +Version 1.24b:
|
| +--------------
|
| +
|
| + - Introduced afl-getcpu, an experimental tool to empirically measure
|
| + CPU preemption rates. Thanks to Jakub Wilk for the idea.
|
| +
|
| +--------------
|
| +Version 1.23b:
|
| +--------------
|
| +
|
| + - Reverted one change to afl-cmin that actually made it slower.
|
| +
|
| +--------------
|
| +Version 1.22b:
|
| +--------------
|
| +
|
| + - Reworked afl-showmap.c to support normal options, including -o, -q,
|
| + -e. Also added support for timeouts and memory limits.
|
| +
|
| + - Made changes to afl-cmin and other scripts to accommodate the new
|
| + semantics.
|
| +
|
| + - Officially retired AFL_EDGES_ONLY.
|
| +
|
| + - Fixed another typo in afl-tmin, courtesy of Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.21b:
|
| +--------------
|
| +
|
| + - Graduated minimize_corpus.sh to afl-cmin. It is now a first-class
|
| + utility bundled with the fuzzer.
|
| +
|
| + - Made significant improvements to afl-cmin to make it faster, more
|
| + robust, and more versatile.
|
| +
|
| + - Refactored some of afl-tmin code to make it a bit more readable.
|
| +
|
| + - Made assorted changes to the doc to document afl-cmin and other stuff.
|
| +
|
| +--------------
|
| +Version 1.20b:
|
| +--------------
|
| +
|
| + - Added AFL_DUMB_FORKSRV, as requested by Jakub Wilk. This works only
|
| + in -n mode and allows afl-fuzz to run with "dummy" fork servers that
|
| + don't output any instrumentation, but follow the same protocol.
|
| +
|
| + - Renamed AFL_SKIP_CHECKS to AFL_SKIP_BIN_CHECK to make it at least
|
| + somewhat descriptive.
|
| +
|
| + - Switched to using clang as the default assembler on MacOS X to work
|
| + around Xcode issues with newer builds of clang. Testing and patch by
|
| + Nico Weber.
|
| +
|
| + - Fixed a typo (via Jakub Wilk).
|
| +
|
| +--------------
|
| +Version 1.19b:
|
| +--------------
|
| +
|
| + - Improved exec failure detection in afl-fuzz and afl-showmap.
|
| +
|
| + - Improved Ctrl-C handling in afl-showmap.
|
| +
|
| + - Added afl-tmin, a handy instrumentation-enabled minimizer.
|
| +
|
| +--------------
|
| +Version 1.18b:
|
| +--------------
|
| +
|
| + - Fixed a serious but short-lived bug in the resumption behavior introduced
|
| + in version 1.16b.
|
| +
|
| + - Added -t nn+ mode for soft-skipping timing-out paths.
|
| +
|
| +--------------
|
| +Version 1.17b:
|
| +--------------
|
| +
|
| + - Fixed a compiler warning introduced in 1.16b for newer versions of GCC.
|
| + Thanks to Jakub Wilk and Ilfak Guilfanov.
|
| +
|
| + - Improved the consistency of saving fuzzer_stats, bitmap info, and
|
| + auto-dictionaries when aborting fuzzing sessions.
|
| +
|
| + - Made several noticeable performance improvements to deterministic arith
|
| + and known int steps.
|
| +
|
| +--------------
|
| +Version 1.16b:
|
| +--------------
|
| +
|
| + - Added a bit of code to make resumption pick up from the last known
|
| + offset in the queue, rather than always rewinding to the start. Suggested
|
| + by Jakub Wilk.
|
| +
|
| + - Switched to tighter timeout control for slow programs (3x rather than
|
| + 5x average exec speed at init).
|
| +
|
| +--------------
|
| +Version 1.15b:
|
| +--------------
|
| +
|
| + - Added support for AFL_NO_VAR_CHECK to speed up resumption and inhibit
|
| + variable path warnings for some programs.
|
| +
|
| + - Made the trimmer run even for variable paths, since there is no special
|
| + harm in doing so and it can be very beneficial if the trimming still
|
| + pans out.
|
| +
|
| + - Made the UI a bit more descriptive by adding "n/a" instead of "0" in a
|
| + couple of corner cases.
|
| +
|
| +--------------
|
| +Version 1.14b:
|
| +--------------
|
| +
|
| + - Added a (partial) dictionary for JavaScript.
|
| +
|
| + - Added AFL_NO_CPU_RED, as suggested by Jakub Wilk.
|
| +
|
| + - Tweaked the havoc scaling logic added in 1.12b.
|
| +
|
| +--------------
|
| +Version 1.13b:
|
| +--------------
|
| +
|
| + - Improved the performance of minimize_corpus.sh by switching to a
|
| + sort-based approach.
|
| +
|
| + - Made several minor revisions to the docs.
|
| +
|
| +--------------
|
| +Version 1.12b:
|
| +--------------
|
| +
|
| + - Made an improvement to dictionary generation to avoid runs of identical
|
| + bytes.
|
| +
|
| + - Added havoc cycle scaling to help with slow binaries in -d mode. Based on
|
| + a thread with Sami Liedes.
|
| +
|
| + - Added AFL_SYNC_FIRST for afl-fuzz. This is useful for those who obsess
|
| + over stats, no special purpose otherwise.
|
| +
|
| + - Switched to more robust box drawing codes, suggested by Jakub Wilk.
|
| +
|
| + - Created faster 64-bit variants of several critical-path bitmap functions
|
| + (sorry, no difference on 32 bits).
|
| +
|
| + - Fixed moar typos, as reported by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.11b:
|
| +--------------
|
| +
|
| + - Added a bit more info about dictionary strategies to the status screen.
|
| +
|
| +--------------
|
| +Version 1.10b:
|
| +--------------
|
| +
|
| + - Revised the dictionary behavior to use insertion and overwrite in
|
| + deterministic steps, rather than just the latter. This improves coverage
|
| + with SQL and the like.
|
| +
|
| + - Added a mention of "*" in status_screen.txt, as suggested by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 1.09b:
|
| +--------------
|
| +
|
| + - Corrected a cosmetic problem with 'extras' stage count not always being
|
| + accurate in the stage yields view.
|
| +
|
| + - Fixed a typo reported by Jakub Wilk and made some minor documentation
|
| + improvements.
|
| +
|
| +--------------
|
| +Version 1.08b:
|
| +--------------
|
| +
|
| + - Fixed a div-by-zero bug in the newly-added code when using a dictionary.
|
| +
|
| +--------------
|
| +Version 1.07b:
|
| +--------------
|
| +
|
| + - Added code that automatically finds and extracts syntax tokens from the
|
| + input corpus.
|
| +
|
| + - Fixed a problem with ld dead-code removal option on MacOS X, reported
|
| + by Filipe Cabecinhas.
|
| +
|
| + - Corrected minor typos spotted by Jakub Wilk.
|
| +
|
| + - Added a couple of more exotic archive format samples.
|
| +
|
| +--------------
|
| +Version 1.06b:
|
| +--------------
|
| +
|
| + - Switched to slightly more accurate (if still not very helpful) reporting
|
| + of short read and short write errors. These theoretically shouldn't happen
|
| + unless you kill the forkserver or run out of disk space. Suggested by
|
| + Jakub Wilk.
|
| +
|
| + - Revamped some of the allocator and debug code, adding comments and
|
| + cleaning up other mess.
|
| +
|
| + - Tweaked the odds of fuzzing non-favored test cases to make sure that
|
| + baseline coverage of all inputs is reached sooner.
|
| +
|
| +--------------
|
| +Version 1.05b:
|
| +--------------
|
| +
|
| + - Added a dictionary for WebP.
|
| +
|
| + - Made some additional performance improvements to minimize_corpus.sh,
|
| + getting deeper into the bash woods.
|
| +
|
| +--------------
|
| +Version 1.04b:
|
| +--------------
|
| +
|
| + - Made substantial performance improvements to minimize_corpus.sh with
|
| + large datasets, albeit at the expense of having to switch back to bash
|
| + (other shells may have limits on array sizes, etc).
|
| +
|
| + - Tweaked afl-showmap to support the format used by the new script.
|
| +
|
| +--------------
|
| +Version 1.03b:
|
| +--------------
|
| +
|
| + - Added code to skip README.txt in the input directory to make the crash
|
| + exploration mode work better. Suggested by Jakub Wilk.
|
| +
|
| + - Added a dictionary for SQLite.
|
| +
|
| +--------------
|
| +Version 1.02b:
|
| +--------------
|
| +
|
| + - Reverted the ./ search path in minimize_corpus.sh because people did
|
| + not like it.
|
| +
|
| + - Added very explicit warnings not to run various shell scripts that
|
| + read or write to /tmp/ (since this is generally a pretty bad idea on
|
| + multi-user systems).
|
| +
|
| + - Added a check for /tmp binaries and -f locations in afl-fuzz.
|
| +
|
| +--------------
|
| +Version 1.01b:
|
| +--------------
|
| +
|
| + - Added dictionaries for XML and GIF.
|
| +
|
| +--------------
|
| +Version 1.00b:
|
| +--------------
|
| +
|
| + - Slightly improved the performance of minimize_corpus.sh, especially on
|
| + Linux.
|
| +
|
| + - Made a couple of improvements to calibration timeouts for resumed scans.
|
| +
|
| +--------------
|
| +Version 0.99b:
|
| +--------------
|
| +
|
| + - Fixed minimize_corpus.sh to work with dash, as suggested by Jakub Wilk.
|
| +
|
| + - Modified minimize_corpus.sh to try locate afl-showmap in $PATH and ./.
|
| + The first part requested by Jakub Wilk.
|
| +
|
| + - Added support for afl-as --version, as required by one funky build
|
| + script. Reported by William Robinet.
|
| +
|
| +--------------
|
| +Version 0.98b:
|
| +--------------
|
| +
|
| + - Added a dictionary for TIFF.
|
| +
|
| + - Fixed another cosmetic snafu with stage exec counts for -x.
|
| +
|
| + - Switched afl-plot to /bin/sh, since it seems bashism-free. Also tried
|
| + to remove any obvious bashisms from other experimental/ scripts,
|
| + most notably including minimize_corpus.sh and triage_crashes.sh.
|
| + Requested by Jonathan Gray.
|
| +
|
| +--------------
|
| +Version 0.97b:
|
| +--------------
|
| +
|
| + - Fixed cosmetic issues around the naming of -x strategy files.
|
| +
|
| + - Added a dictionary for JPEG.
|
| +
|
| + - Fixed a very rare glitch when running instrumenting 64-bit code that makes
|
| + heavy use of xmm registers that are also touched by glibc.
|
| +
|
| +--------------
|
| +Version 0.96b:
|
| +--------------
|
| +
|
| + - Added support for extra dictionaries, provided testcases/_extras/png/
|
| + as a demo.
|
| +
|
| + - Fixed a minor bug in number formatting routines used by the UI.
|
| +
|
| + - Added several additional PNG test cases that are relatively unlikely
|
| + to be hit by chance.
|
| +
|
| + - Fixed afl-plot syntax for gnuplot 5.x. Reported by David Necas.
|
| +
|
| +--------------
|
| +Version 0.95b:
|
| +--------------
|
| +
|
| + - Cleaned up the OSX ReportCrash code. Thanks to Tobias Ospelt for help.
|
| +
|
| + - Added some extra tips for AFL_NO_FORKSERVER on OSX.
|
| +
|
| + - Refreshed the INSTALL file.
|
| +
|
| +--------------
|
| +Version 0.94b:
|
| +--------------
|
| +
|
| + - Added in-place resume (-i-) to address a common user complaint.
|
| +
|
| + - Added an awful workaround for ReportCrash on MacOS X. Problem
|
| + spotted by Joseph Gentle.
|
| +
|
| +--------------
|
| +Version 0.93b:
|
| +--------------
|
| +
|
| + - Fixed the link() workaround, as reported by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 0.92b:
|
| +--------------
|
| +
|
| + - Added support for reading test cases from another filesystem.
|
| + Requested by Jakub Wilk.
|
| +
|
| + - Added pointers to the mailing list.
|
| +
|
| + - Added a sample PDF document.
|
| +
|
| +--------------
|
| +Version 0.91b:
|
| +--------------
|
| +
|
| + - Refactored minimize_corpus.sh to make it a bit more user-friendly and to
|
| + select for smallest files, not largest bitmaps. Offers a modest corpus
|
| + size improvement in most cases.
|
| +
|
| + - Slightly improved the performance of splicing code.
|
| +
|
| +--------------
|
| +Version 0.90b:
|
| +--------------
|
| +
|
| + - Moved to an algorithm where paths are marked as preferred primarily based
|
| + on size and speed, rather than bitmap coverage. This should offer
|
| + noticeable performance gains in many use cases.
|
| +
|
| + - Refactored path calibration code; calibration now takes place as soon as a
|
| + test case is discovered, to facilitate better prioritization decisions later
|
| + on.
|
| +
|
| + - Changed the way of marking variable paths to avoid .state metadata
|
| + inconsistencies.
|
| +
|
| + - Made sure that calibration routines always create a new test case to avoid
|
| + hypothetical problems with utilities that modify the input file.
|
| +
|
| + - Added bitmap saturation to fuzzer stats and plot data.
|
| +
|
| + - Added a testcase for JPEG XR.
|
| +
|
| + - Added a tty check for the colors warning in Makefile, to keep distro build
|
| + logs tidy. Suggested by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 0.89b:
|
| +--------------
|
| +
|
| + - Renamed afl-plot.sh to afl-plot, as requested by Padraig Brady.
|
| +
|
| + - Improved the compatibility of afl-plot with older versions of gnuplot.
|
| +
|
| + - Added banner information to fuzzer_stats, populated it to afl-plot.
|
| +
|
| +--------------
|
| +Version 0.88b:
|
| +--------------
|
| +
|
| + - Added support for plotting, with design and implementation based on a
|
| + prototype design proposed by Michael Rash. Huge thanks!
|
| +
|
| + - Added afl-plot.sh, which allows you to, well, generate a nice plot using
|
| + this data.
|
| +
|
| + - Refactored the code slightly to make more frequent updates to fuzzer_stats
|
| + and to provide more detail about synchronization.
|
| +
|
| + - Added a fflush(stdout) call for non-tty operation, as requested by
|
| + Joonas Kuorilehto.
|
| +
|
| + - Added some detail to fuzzer_stats for parity with plot_file.
|
| +
|
| +--------------
|
| +Version 0.87b:
|
| +--------------
|
| +
|
| + - Added support for MSAN, via AFL_USE_MSAN, same gotchas as for ASAN.
|
| +
|
| +--------------
|
| +Version 0.86b:
|
| +--------------
|
| +
|
| + - Added AFL_NO_FORKSRV, allowing the forkserver to be bypassed. Suggested
|
| + by Ryan Govostes.
|
| +
|
| + - Simplified afl-showmap.c to make use of the no-forkserver mode.
|
| +
|
| + - Made minor improvements to crash_triage.sh, as suggested by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 0.85b:
|
| +--------------
|
| +
|
| + - Fixed the CPU counting code - no sysctlbyname() on OpenBSD, d'oh. Bug
|
| + reported by Daniel Dickman.
|
| +
|
| + - Made a slight correction to error messages - the advice on testing
|
| + with ulimit was a tiny bit off by a factor of 1024.
|
| +
|
| +--------------
|
| +Version 0.84b:
|
| +--------------
|
| +
|
| + - Added support for the CPU widget on some non-Linux platforms (I hope).
|
| + Based on feedback from Ryan Govostes.
|
| +
|
| + - Cleaned up the changelog (very meta).
|
| +
|
| +--------------
|
| +Version 0.83b:
|
| +--------------
|
| +
|
| + - Added experimental/clang_asm_normalize/ and related notes in
|
| + env_variables.txt and afl-as.c. Thanks to Ryan Govostes for the idea.
|
| +
|
| + - Added advice on hardware utilization in README.
|
| +
|
| +--------------
|
| +Version 0.82b:
|
| +--------------
|
| +
|
| + - Made additional fixes for Xcode support, juggling -Q and -q flags. Thanks to
|
| + Ryan Govostes.
|
| +
|
| + - Added a check for __asm__ blocks and switches to .intel_syntax in assembly.
|
| + Based on feedback from Ryan Govostes.
|
| +
|
| +--------------
|
| +Version 0.81b:
|
| +--------------
|
| +
|
| + - A workaround for Xcode 6 as -Q flag glitch. Spotted by Ryan Govostes.
|
| +
|
| + - Improved Solaris build instructions, as suggested by Martin Carpenter.
|
| +
|
| + - Fix for a slightly busted path scoring conditional. Minor practical impact.
|
| +
|
| +--------------
|
| +Version 0.80b:
|
| +--------------
|
| +
|
| + - Added a check for $PATH-induced loops. Problem noticed by Kartik Agaram.
|
| +
|
| + - Added AFL_KEEP_ASSEMBLY for easier troubleshooting.
|
| +
|
| + - Added an override for AFL_USE_ASAN if set at afl compile time. Requested by
|
| + Hanno Boeck.
|
| +
|
| +--------------
|
| +Version 0.79b:
|
| +--------------
|
| +
|
| + - Made minor adjustments to path skipping logic.
|
| +
|
| + - Made several documentation updates to reflect the path selection changes
|
| + made in 0.78b.
|
| +
|
| +--------------
|
| +Version 0.78b:
|
| +--------------
|
| +
|
| + - Added a CPU governor check. Bug report from Joe Zbiciak.
|
| +
|
| + - Favored paths are now selected strictly based on new edges, not hit
|
| + counts. This speeds up the first pass by a factor of 3-6x without
|
| + significantly impacting ultimate coverage (tested with libgif, libpng,
|
| + libjpeg).
|
| +
|
| + It also allows some performance & memory usage improvements by making
|
| + some of the in-memory bitmaps much smaller.
|
| +
|
| + - Made multiple significant performance improvements to bitmap checking
|
| + functions, plus switched to a faster hash.
|
| +
|
| + - Owing largely to these optimizations, bumped the size of the bitmap to
|
| + 64k and added a warning to detect older binaries that rely on smaller
|
| + bitmaps.
|
| +
|
| +--------------
|
| +Version 0.77b:
|
| +--------------
|
| +
|
| + - Added AFL_SKIP_CHECKS to bypass binary checks when really warranted.
|
| + Feature requested by Jakub Wilk.
|
| +
|
| + - Fixed a couple of typos.
|
| +
|
| + - Added a warning for runs that are aborted early on.
|
| +
|
| +--------------
|
| +Version 0.76b:
|
| +--------------
|
| +
|
| + - Incorporated another signal handling fix for Solaris. Suggestion
|
| + submitted by Martin Carpenter.
|
| +
|
| +--------------
|
| +Version 0.75b:
|
| +--------------
|
| +
|
| + - Implemented a slightly more "elegant" kludge for the %llu glitch (see
|
| + types.h).
|
| +
|
| + - Relaxed CPU load warnings to stay in sync with reality.
|
| +
|
| +--------------
|
| +Version 0.74b:
|
| +--------------
|
| +
|
| + - Switched to more responsive exec speed averages and better UI speed
|
| + scaling.
|
| +
|
| + - Fixed a bug with interrupted reads on Solaris. Issue spotted by Martin
|
| + Carpenter.
|
| +
|
| +--------------
|
| +Version 0.73b:
|
| +--------------
|
| +
|
| + - Fixed a stray memcpy() instead of memmove() on overlapping buffers.
|
| + Mostly harmless but still dumb. Mistake spotted thanks to David Higgs.
|
| +
|
| +--------------
|
| +Version 0.72b:
|
| +--------------
|
| +
|
| + - Bumped map size up to 32k. You may want to recompile instrumented
|
| + binaries (but nothing horrible will happen if you don't).
|
| +
|
| + - Made huge performance improvements for bit-counting functions.
|
| +
|
| + - Default optimizations now include -funroll-loops. This should have
|
| + interesting effects on the instrumentation. Frankly, I'm just going to
|
| + ship it and see what happens next. I have a good feeling about this.
|
| +
|
| + - Made a fix for stack alignment crash on MacOS X 10.10; looks like the
|
| + rhetorical question in the comments in afl-as.h has been answered.
|
| + Tracked down by Mudge Zatko.
|
| +
|
| +--------------
|
| +Version 0.71b:
|
| +--------------
|
| +
|
| + - Added a fix for the nonsensical MacOS ELF check. Spotted by Mudge Zatko.
|
| +
|
| + - Made some improvements to ASAN checks.
|
| +
|
| +--------------
|
| +Version 0.70b:
|
| +--------------
|
| +
|
| + - Added explicit detection of ASANified binaries.
|
| +
|
| + - Fixed compilation issues on Solaris. Reported by Martin Carpenter.
|
| +
|
| +--------------
|
| +Version 0.69b:
|
| +--------------
|
| +
|
| + - Improved the detection of non-instrumented binaries.
|
| +
|
| + - Made the crash counter in -C mode accurate.
|
| +
|
| + - Fixed an obscure install bug that made afl-as non-functional with the tool
|
| + installed to /usr/bin instead of /usr/local/bin. Found by Florian Kiersch.
|
| +
|
| + - Fixed for a cosmetic SIGFPE when Ctrl-C is pressed while the fork server
|
| + is spinning up.
|
| +
|
| +--------------
|
| +Version 0.68b:
|
| +--------------
|
| +
|
| + - Added crash exploration mode! Woot!
|
| +
|
| +--------------
|
| +Version 0.67b:
|
| +--------------
|
| +
|
| + - Fixed several more typos, the project is now cartified 100% typo-free.
|
| + Thanks to Thomas Jarosch and Jakub Wilk.
|
| +
|
| + - Made a change to write fuzzer_stats early on.
|
| +
|
| + - Fixed a glitch when (not!) running on MacOS X as root. Spotted by Tobias
|
| + Ospelt.
|
| +
|
| + - Made it possible to override -O3 in Makefile. Suggested by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 0.66b:
|
| +--------------
|
| +
|
| + - Fixed a very obscure issue with build systems that use gcc as an assembler
|
| + for hand-written .s files; this would confuse afl-as. Affected nss, reported
|
| + by Hanno Boeck.
|
| +
|
| + - Fixed a bug when cleaning up synchronized fuzzer output dirs. Issue reported
|
| + by Thomas Jarosch.
|
| +
|
| +--------------
|
| +Version 0.65b:
|
| +--------------
|
| +
|
| + - Cleaned up shell printf escape codes in Makefile. Reported by Jakub Wilk.
|
| +
|
| + - Added more color to fuzzer_stats, provided short documentation of the file
|
| + format, and made several other stats-related improvements.
|
| +
|
| +--------------
|
| +Version 0.64b:
|
| +--------------
|
| +
|
| + - Enabled GCC support on MacOS X.
|
| +
|
| +--------------
|
| +Version 0.63b:
|
| +--------------
|
| +
|
| + - Provided a new, simplified way to pass data in files (@@). See README.
|
| +
|
| + - Made additional fixes for 64-bit MacOS X, working around a crashing bug in
|
| + their linker (umpf) and several other things. It's alive!
|
| +
|
| + - Added a minor workaround for a bug in 64-bit FreeBSD (clang -m32 -g doesn't
|
| + work on that platform, but clang -m32 does, so we no longer insert -g).
|
| +
|
| + - Added a build-time warning for inverse video terminals and better
|
| + instructions in status_screen.txt.
|
| +
|
| +--------------
|
| +Version 0.62b:
|
| +--------------
|
| +
|
| + - Made minor improvements to the allocator, as suggested by Tobias Ospelt.
|
| +
|
| + - Added example instrumented memcmp() in experimental/instrumented_cmp.
|
| +
|
| + - Added a speculative fix for MacOS X (clang detection, again).
|
| +
|
| + - Fixed typos in parallel_fuzzing.txt. Problems spotted by Thomas Jarosch.
|
| +
|
| +--------------
|
| +Version 0.61b:
|
| +--------------
|
| +
|
| + - Fixed a minor issue with clang detection on systems with a clang cc
|
| + wrapper, so that afl-gcc doesn't confuse it with GCC.
|
| +
|
| + - Made cosmetic improvements to docs and to the CPU load indicator.
|
| +
|
| + - Fixed a glitch with crash removal (README.txt left behind, d'oh).
|
| +
|
| +--------------
|
| +Version 0.60b:
|
| +--------------
|
| +
|
| + - Fixed problems with jump tables generated by exotic versions of GCC. This
|
| + solves an outstanding problem on OpenBSD when using afl-gcc + PIE (not
|
| + present with afl-clang).
|
| +
|
| + - Fixed permissions on one of the sample archives.
|
| +
|
| + - Added a lahf / sahf workaround for OpenBSD (their assembler doesn't know
|
| + about these opcodes).
|
| +
|
| + - Added docs/INSTALL.
|
| +
|
| +--------------
|
| +Version 0.59b:
|
| +--------------
|
| +
|
| + - Modified 'make install' to also install test cases.
|
| +
|
| + - Provided better pointers to installed README in afl-fuzz.
|
| +
|
| + - More work on RLIMIT_AS for OpenBSD.
|
| +
|
| +--------------
|
| +Version 0.58b:
|
| +--------------
|
| +
|
| + - Added a core count check on Linux.
|
| +
|
| + - Refined the code for the lack-of-RLIMIT_AS case on OpenBSD.
|
| +
|
| + - Added a rudimentary CPU utilization meter to help with optimal loading.
|
| +
|
| +--------------
|
| +Version 0.57b:
|
| +--------------
|
| +
|
| + - Made fixes to support FreeBSD and OpenBSD: use_64bit is now inferred if not
|
| + explicitly specified when calling afl-as, and RLIMIT_AS is behind an #ifdef.
|
| + Thanks to Fabian Keil and Jonathan Gray for helping troubleshoot this.
|
| +
|
| + - Modified 'make install' to also install docs (in /usr/local/share/doc/afl).
|
| +
|
| + - Fixed a typo in status_screen.txt.
|
| +
|
| + - Made a couple of Makefile improvements as proposed by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 0.56b:
|
| +--------------
|
| +
|
| + - Added probabilistic instrumentation density reduction in ASAN mode. This
|
| + compensates for ASAN-specific branches in a crude but workable way.
|
| +
|
| + - Updated notes_for_asan.txt.
|
| +
|
| +--------------
|
| +Version 0.55b:
|
| +--------------
|
| +
|
| + - Implemented smarter out_dir behavior, automatically deleting directories
|
| + that don't contain anything of special value. Requested by several folks,
|
| + including Hanno Boeck.
|
| +
|
| + - Added more detail in fuzzer_stats (start time, run time, fuzzer PID).
|
| +
|
| + - Implemented support for configurable install prefixes in Makefile
|
| + ($PREFIX), as requested by Luca Barbato.
|
| +
|
| + - Made it possible to resume by doing -i <out_dir>, without having to specify
|
| + -i <out_dir>/queue/.
|
| +
|
| +--------------
|
| +Version 0.54b:
|
| +--------------
|
| +
|
| + - Added a fix for -Wformat warning messages (oops, I thought this had been in
|
| + place for a while).
|
| +
|
| +--------------
|
| +Version 0.53b:
|
| +--------------
|
| +
|
| + - Redesigned the crash & hang duplicate detection code to better deal with
|
| + fault conditions that can be reached in a multitude of ways.
|
| +
|
| + The old approach could be compared to hashing stack traces to de-dupe
|
| + crashes, a method prone to crash count inflation. The alternative I
|
| + wanted to avoid would be equivalent to just looking at crash %eip,
|
| + which can have false negatives in common functions such as memcpy().
|
| +
|
| + The middle ground currently used in afl-fuzz can be compared to looking
|
| + at every line item in the stack trace and tagging crashes as unique if
|
| + we see any function name that we haven't seen before (or if something that
|
| + we have *always* seen there suddenly disappears). We do the comparison
|
| + without paying any attention to ordering or hit counts. This can still
|
| + cause some crash inflation early on, but the problem will quickly taper
|
| + off. So, you may get 20 dupes instead of 5,000.
|
| +
|
| + - Added a fix for harmless but absurd trim ratios shown if the first exec in
|
| + the trimmer timed out. Spotted by @EspenGx.
|
| +
|
| +--------------
|
| +Version 0.52b:
|
| +--------------
|
| +
|
| + - Added a quick summary of the contents in experimental/.
|
| +
|
| + - Made a fix to the process of writing fuzzer_stats.
|
| +
|
| + - Slightly reorganized the .state/ directory, now recording redundant paths,
|
| + too. Note that this breaks the ability to properly resume older sessions
|
| + - sorry about that.
|
| +
|
| + (To fix this, simply move <out_dir>/.state/* from an older run
|
| + to <out_dir>/.state/deterministic_done/*.)
|
| +
|
| +--------------
|
| +Version 0.51b:
|
| +--------------
|
| +
|
| + - Changed the search order for afl-as to avoid the problem with older copies
|
| + installed system-wide; this also means that I can remove the Makefile check
|
| + for that.
|
| +
|
| + - Made it possible to set instrumentation ratio of 0%.
|
| +
|
| + - Introduced some typos, fixed others.
|
| +
|
| + - Fixed the test_prev target in Makefile, as reported by Ozzy Johnson.
|
| +
|
| +--------------
|
| +Version 0.50b:
|
| +--------------
|
| +
|
| + - Improved the 'make install' logic, as suggested by Padraig Brady.
|
| +
|
| + - Revamped various bits of the documentation, especially around perf_tips.txt;
|
| + based on the feedback from Alexander Cherepanov.
|
| +
|
| + - Added AFL_INST_RATIO to afl-as. The only case where this comes handy is
|
| + ffmpeg, at least as far as I can tell. (Trivia: the current version of
|
| + ffmpeg ./configure also ignores CC and --cc, probably unintentionally).
|
| +
|
| + - Added documentation for all environmental variables (env_variables.txt).
|
| +
|
| + - Implemented a visual warning for excessive or insufficient bitmap density.
|
| +
|
| + - Changed afl-gcc to add -O3 by default; use AFL_DONT_OPTIMIZE if you don't
|
| + like that. Big speed gain for ffmpeg, so seems like a good idea.
|
| +
|
| + - Made a regression fix to afl-as to ignore .LBB labels in gcc mode.
|
| +
|
| +--------------
|
| +Version 0.49b:
|
| +--------------
|
| +
|
| + - Fixed more typos, as found by Jakub Wilk.
|
| +
|
| + - Added support for clang!
|
| +
|
| + - Changed AFL_HARDEN to *not* include ASAN by default. Use AFL_USE_ASAN if
|
| + needed. The reasons for this are in notes_for_asan.txt.
|
| +
|
| + - Switched from configure auto-detection to isatty() to keep afl-as and
|
| + afl-gcc quiet.
|
| +
|
| + - Improved installation process to properly create symlinks, rather than
|
| + copies of binaries.
|
| +
|
| +--------------
|
| +Version 0.48b:
|
| +--------------
|
| +
|
| + - Improved afl-fuzz to force-set ASAN_OPTIONS=abort_on_error=1. Otherwise,
|
| + ASAN crashes wouldn't be caught at all. Reported by Hanno Boeck.
|
| +
|
| + - Improved Makefile mkdir logic, as suggested by Hanno Boeck.
|
| +
|
| + - Improved the 64-bit instrumentation to properly save r8-r11 registers in
|
| + the x86 setup code. The old behavior could cause rare problems running
|
| + *without* instrumentation when the first function called in a particular
|
| + .o file has 5+ parameters. No impact on code running under afl-fuzz or
|
| + afl-showmap. Issue spotted by Padraig Brady.
|
| +
|
| +--------------
|
| +Version 0.47b:
|
| +--------------
|
| +
|
| + - Fixed another Makefile bug for parallel builds of afl. Problem identified
|
| + by Richard W. M. Jones.
|
| +
|
| + - Added support for suffixes for -m.
|
| +
|
| + - Updated the documentation and added notes_for_asan.txt. Based on feedback
|
| + from Hanno Boeck, Ben Laurie, and others.
|
| +
|
| + - Moved the project to http://lcamtuf.coredump.cx/afl/.
|
| +
|
| +--------------
|
| +Version 0.46b:
|
| +--------------
|
| +
|
| + - Cleaned up Makefile dependencies for parallel builds. Requested by
|
| + Richard W. M. Jones.
|
| +
|
| + - Added support for DESTDIR in Makefile. Once again suggested by
|
| + Richard W. M. Jones :-)
|
| +
|
| + - Removed all the USE_64BIT stuff; we now just auto-detect compilation mode.
|
| + As requested by many callers to the show.
|
| +
|
| + - Fixed rare problems with programs that use snippets of assembly and
|
| + switch between .code32 and .code64. Addresses a glitch spotted by
|
| + Hanno Boeck with compiling ToT gdb.
|
| +
|
| +--------------
|
| +Version 0.45b:
|
| +--------------
|
| +
|
| + - Implemented a test case trimmer. Results in 20-30% size reduction for many
|
| + types of work loads, with very pronounced improvements in path discovery
|
| + speeds.
|
| +
|
| + - Added better warnings for various problems with input directories.
|
| +
|
| + - Added a Makefile warning for older copies, based on counterintuitive
|
| + behavior observed by Hovik Manucharyan.
|
| +
|
| + - Added fuzzer_stats file for status monitoring. Suggested by @dronesec.
|
| +
|
| + - Fixed moar typos, thanks to Alexander Cherepanov.
|
| +
|
| + - Implemented better warnings for ASAN memory requirements, based on calls
|
| + from several angry listeners.
|
| +
|
| + - Switched to saner behavior with non-tty stdout (less output generated,
|
| + no ANSI art).
|
| +
|
| +--------------
|
| +Version 0.44b:
|
| +--------------
|
| +
|
| + - Added support for AFL_CC and AFL_CXX, based on a patch from Ben Laurie.
|
| +
|
| + - Replaced afl-fuzz -S -D with -M for simplicity.
|
| +
|
| + - Added a check for .section .text; lack of this prevented main() from
|
| + getting instrumented for some users. Reported by Tom Ritter.
|
| +
|
| + - Reorganized the testcases/ directory.
|
| +
|
| + - Added an extra check to confirm that the build is operational.
|
| +
|
| + - Made more consistent use of color reset codes, as suggested by Oliver
|
| + Kunz.
|
| +
|
| +--------------
|
| +Version 0.43b:
|
| +--------------
|
| +
|
| + - Fixed a bug with 64-bit gcc -shared relocs.
|
| +
|
| + - Removed echo -e from Makefile for compatibility with dash. Suggested
|
| + by Jakub Wilk.
|
| +
|
| + - Added status_screen.txt.
|
| +
|
| + - Added experimental/canvas_harness.
|
| +
|
| + - Made a minor change to the Makefile GCC check. Suggested by Hanno Boeck.
|
| +
|
| +--------------
|
| +Version 0.42b:
|
| +--------------
|
| +
|
| + - Fixed a bug with red zone handling for 64-bit (oops!). Problem reported by
|
| + Felix Groebert.
|
| +
|
| + - Implemented horribly experimental ARM support in experimental/arm_support.
|
| +
|
| + - Made several improvements to error messages.
|
| +
|
| + - Added AFL_QUIET to silence afl-gcc and afl-as when using wonky build
|
| + systems. Reported by Hanno Boeck.
|
| +
|
| + - Improved check for 64-bit compilation, plus several sanity checks
|
| + in Makefile.
|
| +
|
| +--------------
|
| +Version 0.41b:
|
| +--------------
|
| +
|
| + - Fixed a fork served bug for processes that call execve().
|
| +
|
| + - Made minor compatibility fixes to Makefile, afl-gcc; suggested by Jakub
|
| + Wilk.
|
| +
|
| + - Fixed triage_crashes.sh to work with the new layout of output directories.
|
| + Suggested by Jakub Wilk.
|
| +
|
| + - Made multiple performance-related improvements to the injected
|
| + instrumentation.
|
| +
|
| + - Added visual indication of the number of imported paths.
|
| +
|
| + - Fixed afl-showmap to make it work well with new instrumentation.
|
| +
|
| + - Added much better error messages for crashes when importing test cases
|
| + or otherwise calibrating the binary.
|
| +
|
| +--------------
|
| +Version 0.40b:
|
| +--------------
|
| +
|
| + - Added support for parallelized fuzzing. Inspired by earlier patch
|
| + from Sebastian Roschke.
|
| +
|
| + - Added an example in experimental/distributed_fuzzing/.
|
| +
|
| +--------------
|
| +Version 0.39b:
|
| +--------------
|
| +
|
| + - Redesigned status screen, now 90% more spiffy.
|
| +
|
| + - Added more verbose and user-friendly messages for some common problems.
|
| +
|
| + - Modified the resumption code to reconstruct path depth.
|
| +
|
| + - Changed the code to inhibit core dumps and improve the ability to detect
|
| + SEGVs.
|
| +
|
| + - Added a check for redirection of core dumps to programs.
|
| +
|
| + - Made a minor improvement to the handling of variable paths.
|
| +
|
| + - Made additional performance tweaks to afl-fuzz, chiefly around mem limits.
|
| +
|
| + - Added performance_tips.txt.
|
| +
|
| +--------------
|
| +Version 0.38b:
|
| +--------------
|
| +
|
| + - Fixed an fd leak and +cov tracking bug resulting from changes in 0.37b.
|
| +
|
| + - Implemented auto-scaling for screen update speed.
|
| +
|
| + - Added a visual indication when running in non-instrumented mode.
|
| +
|
| +--------------
|
| +Version 0.37b:
|
| +--------------
|
| +
|
| + - Added fuzz state tracking for more seamless resumption of aborted
|
| + fuzzing sessions.
|
| +
|
| + - Removed the -D option, as it's no longer necessary.
|
| +
|
| + - Refactored calibration code and improved startup reporting.
|
| +
|
| + - Implemented dynamically scaled timeouts, so that you don't need to
|
| + play with -t except in some very rare cases.
|
| +
|
| + - Added visual notification for slow binaries.
|
| +
|
| + - Improved instrumentation to explicitly cover the other leg of every
|
| + branch.
|
| +
|
| +--------------
|
| +Version 0.36b:
|
| +--------------
|
| +
|
| + - Implemented fork server support to avoid the overhead of execve(). A
|
| + nearly-verbatim design from Jann Horn; still pending part 2 that would
|
| + also skip initial setup steps (thinking about reliable heuristics now).
|
| +
|
| + - Added a check for shell scripts used as fuzz targets.
|
| +
|
| + - Added a check for fuzz jobs that don't seem to be finding anything.
|
| +
|
| + - Fixed the way IGNORE_FINDS works (was a bit broken after adding splicing
|
| + and path skip heuristics).
|
| +
|
| +--------------
|
| +Version 0.35b:
|
| +--------------
|
| +
|
| + - Properly integrated 64-bit instrumentation into afl-as.
|
| +
|
| +--------------
|
| +Version 0.34b:
|
| +--------------
|
| +
|
| + - Added a new exec count classifier (the working theory is that it gets
|
| + meaningful coverage with fewer test cases spewed out).
|
| +
|
| +--------------
|
| +Version 0.33b:
|
| +--------------
|
| +
|
| + - Switched to new, somewhat experimental instrumentation that tries to
|
| + target only arcs, rather than every line. May be fragile, but is a lot
|
| + faster (2x+).
|
| +
|
| + - Made several other cosmetic fixes and typo corrections, thanks to
|
| + Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 0.32b:
|
| +--------------
|
| +
|
| + - Another take at fixing the C++ exception thing. Reported by Jakub Wilk.
|
| +
|
| +--------------
|
| +Version 0.31b:
|
| +--------------
|
| +
|
| + - Made another fix to afl-as to address a potential problem with newer
|
| + versions of GCC (introduced in 0.28b). Thanks to Jann Horn.
|
| +
|
| +--------------
|
| +Version 0.30b:
|
| +--------------
|
| +
|
| + - Added more detail about the underlying operations in file names.
|
| +
|
| +--------------
|
| +Version 0.29b:
|
| +--------------
|
| +
|
| + - Made some general improvements to chunk operations.
|
| +
|
| +--------------
|
| +Version 0.28b:
|
| +--------------
|
| +
|
| + - Fixed C++ exception handling in newer versions of GCC. Problem diagnosed
|
| + by Eberhard Mattes.
|
| +
|
| + - Fixed the handling of the overflow flag. Once again, thanks to
|
| + Eberhard Mattes.
|
| +
|
| +--------------
|
| +Version 0.27b:
|
| +--------------
|
| +
|
| + - Added prioritization of new paths over the already-fuzzed ones.
|
| +
|
| + - Included spliced test case ID in the output file name.
|
| +
|
| + - Fixed a rare, cosmetic null ptr deref after Ctrl-C.
|
| +
|
| + - Refactored the code to make copies of test cases in the output directory.
|
| +
|
| + - Switched to better output file names, keeping track of stage and splicing
|
| + sources.
|
| +
|
| +--------------
|
| +Version 0.26b:
|
| +--------------
|
| +
|
| + - Revamped storage of testcases, -u option removed,
|
| +
|
| + - Added a built-in effort minimizer to get rid of potentially redundant
|
| + inputs,
|
| +
|
| + - Provided a testcase count minimization script in experimental/,
|
| +
|
| + - Made miscellaneous improvements to directory and file handling.
|
| +
|
| + - Fixed a bug in timeout detection.
|
| +
|
| +--------------
|
| +Version 0.25b:
|
| +--------------
|
| +
|
| + - Improved count-based instrumentation.
|
| +
|
| + - Improved the hang deduplication logic.
|
| +
|
| + - Added -cov prefixes for test cases.
|
| +
|
| + - Switched from readdir() to scandir() + alphasort() to preserve ordering of
|
| + test cases.
|
| +
|
| + - Added a splicing strategy.
|
| +
|
| + - Made various minor UI improvements and several other bugfixes.
|
| +
|
| +--------------
|
| +Version 0.24b:
|
| +--------------
|
| +
|
| + - Added program name to the status screen, plus the -T parameter to go with
|
| + it.
|
| +
|
| +--------------
|
| +Version 0.23b:
|
| +--------------
|
| +
|
| + - Improved the detection of variable behaviors.
|
| +
|
| + - Added path depth tracking,
|
| +
|
| + - Improved the UI a bit,
|
| +
|
| + - Switched to simplified (XOR-based) tuple instrumentation.
|
| +
|
| +--------------
|
| +Version 0.22b:
|
| +--------------
|
| +
|
| + - Refactored the handling of long bitflips and some swaps.
|
| +
|
| + - Fixed the handling of gcc -pipe, thanks to anonymous reporter.
|
| +
|
| +--------------
|
| +Version 0.21b:
|
| +--------------
|
| +
|
| + - Initial public release.
|
|
|
Chromium Code Reviews
Issue 2075883002:
Add American Fuzzy Lop (afl) to third_party/afl/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master