Skip to content

Commit c6a2a40

Browse files
vanhauser-thcvanhauser-thc
authored
Merge pull request #2092 from fbeqv/dev
Fix runtime underflow & -V exiting before syncing
2 parents 635140b + 6dd5e93 commit c6a2a40

File tree

3 files changed

+13
-26
lines changed

3 files changed

+13
-26
lines changed

src/afl-fuzz-run.c

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1195,4 +1195,3 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
11951195
return 0;
11961196

11971197
}
1198-

src/afl-fuzz-stats.c

Lines changed: 12 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -321,8 +321,9 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
321321
#ifndef __HAIKU__
322322
if (getrusage(RUSAGE_CHILDREN, &rus)) { rus.ru_maxrss = 0; }
323323
#endif
324-
u64 runtime = afl->prev_run_time + cur_time - afl->start_time;
325-
if (!runtime) { runtime = 1; }
324+
u64 runtime_ms = afl->prev_run_time + cur_time - afl->start_time;
325+
u64 overhead_ms = (afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) / 1000;
326+
if (!runtime_ms) { runtime_ms = 1; }
326327

327328
fprintf(
328329
f,
@@ -375,20 +376,17 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg,
375376
"target_mode : %s%s%s%s%s%s%s%s%s%s\n"
376377
"command_line : %s\n",
377378
(afl->start_time /*- afl->prev_run_time*/) / 1000, cur_time / 1000,
378-
runtime / 1000, (u32)getpid(),
379+
runtime_ms / 1000, (u32)getpid(),
379380
afl->queue_cycle ? (afl->queue_cycle - 1) : 0, afl->cycles_wo_finds,
380381
afl->longest_find_time > cur_time - afl->last_find_time
381382
? afl->longest_find_time / 1000
382383
: ((afl->start_time == 0 || afl->last_find_time == 0)
383384
? 0
384385
: (cur_time - afl->last_find_time) / 1000),
385-
(runtime -
386-
((afl->calibration_time_us + afl->sync_time_us + afl->trim_time_us) /
387-
1000)) /
388-
1000,
386+
(runtime_ms - MIN(runtime_ms, overhead_ms)) / 1000,
389387
afl->calibration_time_us / 1000000, afl->sync_time_us / 1000000,
390388
afl->trim_time_us / 1000000, afl->fsrv.total_execs,
391-
afl->fsrv.total_execs / ((double)(runtime) / 1000),
389+
afl->fsrv.total_execs / ((double)(runtime_ms) / 1000),
392390
afl->last_avg_execs_saved, afl->queued_items, afl->queued_favored,
393391
afl->queued_discovered, afl->queued_imported, afl->queued_variable,
394392
afl->max_depth, afl->current_entry, afl->pending_favored,
@@ -632,9 +630,9 @@ void show_stats_normal(afl_state_t *afl) {
632630

633631
cur_ms = get_cur_time();
634632

635-
if (afl->most_time_key) {
633+
if (afl->most_time_key && afl->queue_cycle) {
636634

637-
if (afl->most_time * 1000 < cur_ms - afl->start_time) {
635+
if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) {
638636

639637
afl->most_time_key = 2;
640638
afl->stop_soon = 2;
@@ -643,7 +641,7 @@ void show_stats_normal(afl_state_t *afl) {
643641

644642
}
645643

646-
if (afl->most_execs_key == 1) {
644+
if (afl->most_execs_key == 1 && afl->queue_cycle) {
647645

648646
if (afl->most_execs <= afl->fsrv.total_execs) {
649647

@@ -1462,9 +1460,9 @@ void show_stats_pizza(afl_state_t *afl) {
14621460

14631461
cur_ms = get_cur_time();
14641462

1465-
if (afl->most_time_key) {
1463+
if (afl->most_time_key && afl->queue_cycle) {
14661464

1467-
if (afl->most_time * 1000 < cur_ms - afl->start_time) {
1465+
if (afl->most_time * 1000 + afl->sync_time_us / 1000 < cur_ms - afl->start_time) {
14681466

14691467
afl->most_time_key = 2;
14701468
afl->stop_soon = 2;
@@ -1473,7 +1471,7 @@ void show_stats_pizza(afl_state_t *afl) {
14731471

14741472
}
14751473

1476-
if (afl->most_execs_key == 1) {
1474+
if (afl->most_execs_key == 1 && afl->queue_cycle) {
14771475

14781476
if (afl->most_execs <= afl->fsrv.total_execs) {
14791477

@@ -2505,4 +2503,3 @@ void update_sync_time(afl_state_t *afl, u64 *time) {
25052503
*time = cur;
25062504

25072505
}
2508-

src/afl-fuzz.c

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1806,7 +1806,7 @@ int main(int argc, char **argv_orig, char **envp) {
18061806

18071807
afl->fsrv.use_fauxsrv = afl->non_instrumented_mode == 1 || afl->no_forkserver;
18081808
afl->fsrv.max_length = afl->max_length;
1809-
1809+
18101810
#ifdef __linux__
18111811
if (!afl->fsrv.nyx_mode) {
18121812

@@ -2593,14 +2593,6 @@ int main(int argc, char **argv_orig, char **envp) {
25932593
}
25942594

25952595
sync_fuzzers(afl);
2596-
2597-
if (!afl->queue_cycle && afl->afl_env.afl_import_first) {
2598-
2599-
// real start time, we reset, so this works correctly with -V
2600-
afl->start_time = get_cur_time();
2601-
2602-
}
2603-
26042596
}
26052597

26062598
++afl->queue_cycle;
@@ -3115,4 +3107,3 @@ int main(int argc, char **argv_orig, char **envp) {
31153107
}
31163108

31173109
#endif /* !AFL_LIB */
3118-

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy