Merge pull request #2496 from AFLplusplus/dev

vanhauser-thc · web-flow · commit 7d77cbd89e29 · 2025-07-10T17:34:24.000+02:00
push to stable
diff --git a/README.md b/README.md
@@ -4,7 +4,7 @@
 
 Release version: [4.33c](https://github.com/AFLplusplus/AFLplusplus/releases)
 
-GitHub version: 4.33c
+GitHub version: 4.34a
 
 Repository:
 [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus)
diff --git a/docs/Changelog.md b/docs/Changelog.md
@@ -4,6 +4,13 @@
   release of the tool. See README.md for the general instruction manual.
 
 
+### Version ++4.34a (dev)
+  - afl-showmap
+    - fix -C parameter breakage introduced in v4.33c
+  - qemu_mode:
+    - fix compilation for a few platforms
+
+
 ### Version ++4.33c (release)
   - afl-fuzz:
     - Use `AFL_PRELOAD_DISCRIMINATE_FORKSERVER_PARENT` if you use AFL_PRELOAD
diff --git a/include/config.h b/include/config.h
@@ -26,7 +26,7 @@
 /* Version string: */
 
 // c = release, a = volatile github dev, e = experimental branch
-#define VERSION "++4.33c"
+#define VERSION "++4.34a"
 
 /******************************************************
  *                                                    *
diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION
@@ -1 +1 @@
-8c7f180c5a
+a93b2934c5
diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl
@@ -1 +1 @@
-Subproject commit 8c7f180c5a1e3c6ecf7a2136c3dda22cf4b64881
+Subproject commit a93b2934c5dc1e59a874fc9188eeb38e2e463910
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c
@@ -46,10 +46,10 @@
 #include <signal.h>
 #include <fcntl.h>
 #include <limits.h>
+#include <poll.h>
 #include <sys/time.h>
 #include <sys/wait.h>
 #include <sys/resource.h>
-#include <sys/select.h>
 #include <sys/stat.h>
 #include <grp.h>
 
@@ -400,31 +400,28 @@ void afl_fsrv_setup_preload(afl_forkserver_t *fsrv, char *argv0) {
 
 }
 
-/* Wrapper for select() and read(), reading a 32 bit var.
+/* Wrapper for poll() and read(), reading a 32 bit var.
   Returns the time passed to read.
   If the wait times out, returns timeout_ms + 1;
   Returns 0 if an error occurred (fd closed, signal, ...); */
 static u32 __attribute__((hot)) read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms,
                                                volatile u8 *stop_soon_p) {
 
-  fd_set readfds;
-  FD_ZERO(&readfds);
-  FD_SET(fd, &readfds);
-  struct timeval timeout;
-  int            sret;
-  ssize_t        len_read;
+  int           pret;
+  ssize_t       len_read;
+  struct pollfd fds[1];
+  int           nfds = 1;
 
-  timeout.tv_sec = (timeout_ms / 1000);
-  timeout.tv_usec = (timeout_ms % 1000) * 1000;
-#if !defined(__linux__)
   u32 read_start = get_cur_time_us();
-#endif
 
-  /* set exceptfds as well to return when a child exited/closed the pipe. */
-restart_select:
-  sret = select(fd + 1, &readfds, NULL, NULL, &timeout);
+  memset(&fds, 0, sizeof(fds));
+  fds[0].fd = fd;
+  fds[0].events = POLLIN;
 
-  if (likely(sret > 0)) {
+  /* set exceptfds as well to return when a child exited/closed the pipe. */
+restart_poll:
+  pret = poll(fds, nfds, timeout_ms);
+  if (likely(pret > 0)) {
 
   restart_read:
     if (*stop_soon_p) {
@@ -438,13 +435,7 @@ static u32 __attribute__((hot)) read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms,
 
     if (likely(len_read == 4)) {  // for speed we put this first
 
-#if defined(__linux__)
-      u32 exec_ms = MIN(
-          timeout_ms,
-          ((u64)timeout_ms - (timeout.tv_sec * 1000 + timeout.tv_usec / 1000)));
-#else
       u32 exec_ms = MIN(timeout_ms, (get_cur_time_us() - read_start) / 1000);
-#endif
 
       // ensure to report 1 ms has passed (0 is an error)
       return exec_ms > 0 ? exec_ms : 1;
@@ -459,14 +450,14 @@ static u32 __attribute__((hot)) read_s32_timed(s32 fd, s32 *buf, u32 timeout_ms,
 
     }
 
-  } else if (unlikely(!sret)) {
+  } else if (unlikely(!pret)) {
 
     *buf = -1;
     return timeout_ms + 1;
 
-  } else if (unlikely(sret < 0)) {
+  } else if (unlikely(pret < 0)) {
 
-    if (likely(errno == EINTR)) goto restart_select;
+    if (likely(errno == EINTR)) goto restart_poll;
 
     *buf = -1;
     return 0;
diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c
@@ -24,8 +24,6 @@
 
  */
 
-#include <sys/select.h>
-
 #include "afl-fuzz.h"
 #include "cmplog.h"
 
diff --git a/src/afl-fuzz-sanfuzz.c b/src/afl-fuzz-sanfuzz.c
@@ -26,8 +26,6 @@
 
 /* This file roughly follows afl-fuzz-asanfuzz */
 
-#include <sys/select.h>
-
 #include "afl-fuzz.h"
 
 void sanfuzz_exec_child(afl_forkserver_t *fsrv, char **argv) {
diff --git a/src/afl-showmap.c b/src/afl-showmap.c
@@ -1613,7 +1613,7 @@ int main(int argc, char **argv_orig, char **envp) {
 
       // only reinitialize when it makes sense
       if (map_size < new_map_size ||
-          (new_map_size < map_size && map_size - new_map_size > MAP_SIZE)) {
+          (new_map_size > map_size && new_map_size - map_size >= MAP_SIZE)) {
 
         if (!be_quiet)
           ACTF("Acquired new map size for target: %u bytes\n", new_map_size);
@@ -1719,7 +1719,7 @@ int main(int argc, char **argv_orig, char **envp) {
     } else {
 
       if ((coverage_map = (u8 *)malloc(map_size + 64)) == NULL)
-        FATAL("could not grab memory");
+        FATAL("could not allocate memory");
       edges_only = false;
 
     }
