| Index: third_party/afl/src/afl-fuzz.c
|
| diff --git a/third_party/afl/src/afl-fuzz.c b/third_party/afl/src/afl-fuzz.c
|
| index c113f19e04b7bf044d753aa1c99efbce291d19fc..e730cb2936482f6622aee5c0340ed17941fb16f6 100644
|
| --- a/third_party/afl/src/afl-fuzz.c
|
| +++ b/third_party/afl/src/afl-fuzz.c
|
| @@ -3906,7 +3906,7 @@ static void show_stats(void) {
|
|
|
| /* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */
|
|
|
| - if (!dumb_mode && cycles_wo_finds > 50 && !pending_not_fuzzed &&
|
| + if (!dumb_mode && cycles_wo_finds > 100 && !pending_not_fuzzed &&
|
| getenv("AFL_EXIT_WHEN_DONE")) stop_soon = 2;
|
|
|
| if (total_crashes && getenv("AFL_BENCH_UNTIL_CRASH")) stop_soon = 2;
|
| @@ -3980,10 +3980,10 @@ static void show_stats(void) {
|
| if (queue_cycle == 1) strcpy(tmp, cMGN); else
|
|
|
| /* Subsequent cycles, but we're still making finds. */
|
| - if (cycles_wo_finds < 5) strcpy(tmp, cYEL); else
|
| + if (cycles_wo_finds < 25) strcpy(tmp, cYEL); else
|
|
|
| /* No finds for a long time and no test cases to try. */
|
| - if (cycles_wo_finds > 50 && !pending_not_fuzzed) strcpy(tmp, cLGN);
|
| + if (cycles_wo_finds > 100 && !pending_not_fuzzed) strcpy(tmp, cLGN);
|
|
|
| /* Default: cautiously OK to stop? */
|
| else strcpy(tmp, cLBL);
|
| @@ -4669,9 +4669,9 @@ static u32 calculate_score(struct queue_entry* q) {
|
|
|
| case 0 ... 3: break;
|
| case 4 ... 7: perf_score *= 2; break;
|
| - case 8 ... 13: perf_score *= 4; break;
|
| - case 14 ... 25: perf_score *= 6; break;
|
| - default: perf_score *= 8;
|
| + case 8 ... 13: perf_score *= 3; break;
|
| + case 14 ... 25: perf_score *= 4; break;
|
| + default: perf_score *= 5;
|
|
|
| }
|
|
|
| @@ -4924,8 +4924,11 @@ static u8 fuzz_one(char** argv) {
|
|
|
| #endif /* ^IGNORE_FINDS */
|
|
|
| - if (not_on_tty)
|
| - ACTF("Fuzzing test case #%u (%u total)...", current_entry, queued_paths);
|
| + if (not_on_tty) {
|
| + ACTF("Fuzzing test case #%u (%u total, %llu uniq crashes found)...",
|
| + current_entry, queued_paths, unique_crashes);
|
| + fflush(stdout);
|
| + }
|
|
|
| /* Map the test case into memory. */
|
|
|
| @@ -6922,6 +6925,12 @@ static void check_if_tty(void) {
|
|
|
| struct winsize ws;
|
|
|
| + if (getenv("AFL_NO_UI")) {
|
| + OKF("Disabling the UI because AFL_NO_UI is set.");
|
| + not_on_tty = 1;
|
| + return;
|
| + }
|
| +
|
| if (ioctl(1, TIOCGWINSZ, &ws)) {
|
|
|
| if (errno == ENOTTY) {
|
| @@ -7308,8 +7317,9 @@ static void get_core_count(void) {
|
|
|
| #endif /* __APPLE__ || __FreeBSD__ || __OpenBSD__ */
|
|
|
| - OKF("You have %u CPU cores and %u runnable tasks (utilization: %0.0f%%).",
|
| - cpu_core_count, cur_runnable, cur_runnable * 100.0 / cpu_core_count);
|
| + OKF("You have %u CPU core%s and %u runnable tasks (utilization: %0.0f%%).",
|
| + cpu_core_count, cpu_core_count > 1 ? "s" : "",
|
| + cur_runnable, cur_runnable * 100.0 / cpu_core_count);
|
|
|
| if (cpu_core_count > 1) {
|
|
|
| @@ -7652,7 +7662,7 @@ int main(int argc, char** argv) {
|
| u8* c;
|
|
|
| if (sync_id) FATAL("Multiple -S or -M options not supported");
|
| - sync_id = optarg;
|
| + sync_id = ck_strdup(optarg);
|
|
|
| if ((c = strchr(sync_id, ':'))) {
|
|
|
| @@ -7673,7 +7683,7 @@ int main(int argc, char** argv) {
|
| case 'S':
|
|
|
| if (sync_id) FATAL("Multiple -S or -M options not supported");
|
| - sync_id = optarg;
|
| + sync_id = ck_strdup(optarg);
|
| break;
|
|
|
| case 'f': /* target file */
|
| @@ -7982,6 +7992,7 @@ stop_fuzzing:
|
| destroy_queue();
|
| destroy_extras();
|
| ck_free(target_path);
|
| + ck_free(sync_id);
|
|
|
| alloc_report();
|
|
|
|
|
Chromium Code Reviews
Issue 2662883002:
Roll AFL 2.31b:2.38b and switch coverage to use trace-pc-guard. (Closed)
