Implement an option for treating crashing seeds as new crash #1821
Conversation
Signed-off-by: Junwha Hong <[email protected]>
Signed-off-by: Junwha <[email protected]>
include/afl-fuzz.h
Outdated
| old_seed_selection, /* use vanilla afl seed selection */ | ||
| reinit_table; /* reinit the queue weight table */ | ||
| reinit_table, /* reinit the queue weight table */ | ||
| crashing_seeds_as_new_crash; /* treat crashing seeds as normal corpus */ |
There was a problem hiding this comment.
this should be in afl_env_vars
There was a problem hiding this comment.
moved it as env variable!
src/afl-fuzz-init.c
Outdated
| "skipping", | ||
| fn, (int)(s8)afl->fsrv.crash_exitcode); | ||
|
|
||
| } else if (afl->crashing_seeds_as_new_crash) { |
There was a problem hiding this comment.
you need to take care of a crash with uses_crash_exitcode as well (above)
There was a problem hiding this comment.
basically, just reverse the if and else parts
There was a problem hiding this comment.
moved it to the inside of else statement
| close(fd); | ||
|
|
||
| afl->last_crash_time = get_cur_time(); | ||
| afl->last_crash_execs = afl->fsrv.total_execs; |
There was a problem hiding this comment.
you still need to set
q->disabled = 1;
q->perf_score = 0;
so the else should not be an else but mandatory code.
There was a problem hiding this comment.
moved it to the ouside of else
|
fyi - in your code change you saved the crash away but do not disable the crashing seed for fuzzing |
- and fix typo Signed-off-by: Junwha <[email protected]>
|
Thank you for your kindness review!:) is there anything else to fix? |
|
finger crossed AFL_CRASHING_SEEDS_AS_NEW_CRASH will behave as it should, that startup code is quite complex with the queue setup :) |
2 participants
AFL_CRASHING_SEEDS_AS_NEW_CRASH