8c35c9fb0cbd1855c6f3683d1814f1131.57bdimstar_suseadd the american fuzzing language292839bc784d240d219222f391be78b7df434f1.58bdimstar_suseafl 1.58b and libexedir improvement293476bbfe60a91b9383dd661e691b638da8ce1.60bdimstar_suse12951817d61228e9dff4dcf0eee4f320306618d1.62bdimstar_suseafl 1.62b (forwarded request 295378 from AndreasStieger)295379bbad7d1d768914bdc1c77abdcc26832d1.69bdimstar_suse1297081f30177a8de7bfd170ad865b2439400961.71bdimstar_suseafl 1.71b (forwarded request 298226 from AndreasStieger)2982272e49df504cf7a56177611519f1baee181.73bdimstar_suseAutomatic submission by obs-autosubmit30527597c4bf2651a0bd0acefcebe8bbf5a8e81.77bcoolo1305943db4b525688240242ddc7674270a3a96b1.78bcoolo1307842db4b525688240242ddc7674270a3a96b1.78bcoolo13078425e87531019b5c79509f8d1ba6a5f0cee1.80bdimstar_suseafl 1.80b3096674f6523b0efa0bd29c2c8d66aabac8ec11.83bcooloafl 1.83b312108eaf83f5522eff95579d23c547a36a42a1.85bdimstar_suse13207425c6d482bd88021fd927cb140f3d783371.86bdimstar_suse13217701628482f22422f979becc6274aa619ee1.92bdimstar_suseafl 1.92b3295196a4aa3a40023cd11a728f59a8aaafd861.94bdimstar_suse1335943007ecf44597a2d4da46d281a9fc4236a1.95bdimstar_suse1344165c0f6c65ac1165980f113f74e02d4a9301.96bdimstar_suse1349658e5e3e0df73b9ed0d4bd56fbdeedb7db62.01bdimstar_suseafl 2.01359642767913d5ac695a2272b88d536cace58b2.04bdimstar_suse136131085572331ca9d924c6a5ae3b37d17f5572.05bdimstar_suseafl 2.05b362828e1c08ff2bd624521d36db15bdd5b31682.09bdimstar_suse13812460fd16dce5ebed81c2047edbcc9ac0b0e2.10bdimstar_suse1390313cead3c2a1dc5319382c0a683cfa462e92.11bdimstar_suse1393279cabb5e16f91716ecdf2060b80be7fc8c2.13bdimstar_suse139910849349cb50a98f813061dc619c6a698a02.14bdimstar_suseafl 2.14b (forwarded request 402522 from AndreasStieger)402531aa85b19b1f41c48196100d8cf8abcde22.17bdimstar_suseafl 2.17b4051559a4dbdaa762893c4c8fceb98c64e9d932.21bdimstar_suseafl 2.21b4147168e48ec90552b9472e2317d6363b603822.32bdimstar_suse- Version 2.32b:
- Added a check for AFL_HARDEN combined with AFL_USE_*SAN. Suggested by Hanno Boeck.
- Made several other cosmetic adjustments to cycle timing in the wake of the big tweak made in 2.31b.
- Version 2.31b:
- Changed havoc cycle counts for a marked performance boost, especially
with -S / -d. See the discussion of FidgetyAFL in:
https://groups.google.com/forum/#!topic/afl-users/fOPeb62FZUg
While this does not implement the approach proposed by the authors of
the CCS paper, the solution is a result of digging into that research;
more improvements may follow as I do more experiments and get more
definitive data.
- Version 2.30b:
- Made minor improvements to persistent mode to avoid the remote
possibility of "no instrumentation detected" issues with very low
instrumentation densities.
- Fixed a minor glitch with a leftover process in persistent mode.
Reported by Jakub Wilk and Daniel Stender.
- Made persistent mode bitmaps a bit more consistent and adjusted the way
this is shown in the UI, especially in persistent mode.
- Version 2.29b:
- Made a minor #include fix to llvm_mode. Suggested by Jonathan Metzman.
- Made cosmetic updates to the docs.
- Version 2.28b:
- Added "life pro tips" to docs/.
- Moved testcases/_extras/ to dictionaries/ for visibility.
- Made minor improvements to install scripts.
- Added an important safety tip.
- Version 2.27b:
- Added libtokencap, a simple feature to intercept strcmp / memcmp and
generate dictionary entries that can help extend coverage. (forwarded request 422107 from msmeissn)422108ca74e618a16398028a9ce8ecc6d246262.35bdimstar_suse1436567d545fbda19625ba14aa6969b2f2ea0312.39bdimstar_suse- update to 2.39b:
- Improved error reporting in afl-cmin. Suggested by floyd.
- Made a minor tweak to trace-pc-guard support. Suggested by kcc.
- Added a mention of afl-monitor.
- update to 2.38b:
* Added -mllvm -sanitizer-coverage-block-threshold=0 to
trace-pc-guard mode
* Fixed a cosmetic bad free() bug when aborting -S sessions
* Made a small change to afl-whatsup to sort fuzzers by name.
* Fixed a minor issue with malloc(0) in libdislocator
* Changed the clobber pattern in libdislocator to a slightly more
reliable one
* Added a note about THP performance
* Added a somewhat unofficial support for running afl-tmin with a
baseline "mask" that causes it to minimize only for edges that
are unique to the input file, but not to the "boring" baseline.
* "Fixed" a getPassName() problem with never versions of clang.455996ec4b501d4c50da1313978bd08678ba182.39bdimstar_suse147789757752c02c42137ca7e6edf4480793ebc2.41bmaxlin_factory- update to 2.41b:
- Addressed a major user complaint related to timeout detection. Timing out
inputs are now binned as "hangs" only if they exceed a far more generous
time limit than the one used to reject slow paths.
- update to 2.40b:
- Fixed a minor oversight in the insertion strategy for dictionary words.
Spotted by Andrzej Jackowski.
- Made a small improvement to the havoc block insertion strategy.
- Adjusted color rules for "is it done yet?" indicators.4874887fbfd8fecf54971d0c2b26aea9ec86102.44bdimstar_suseafl 2.44b507727f2cd2248f217c48d48674fa270aca0a42.45bdimstar_suse- update to 2.45b:
- Added strstr, strcasestr support to libtokencap. Contributed by
Daniel Hodson.
- Fixed a resumption offset glitch spotted by Jakub Wilk.
- There are definitely no bugs in afl-showmap -c now.508930c8763e4829d04296667284a307c42eff2.49bdimstar_suse- Version 2.49b
- Added AFL_TMIN_EXACT to allow path constraint for crash minimization.
- Added dates for releases (retroactively for all of 2017).
- Version 2.48b
- Added AFL_ALLOW_TMP to permit some scripts to run in /tmp.
- Fixed cwd handling in afl-analyze (similar to the quirk in afl-tmin).
- Made it possible to point -o and -f to the same file in afl-tmin.
- Version 2.47b
- Fixed cwd handling in afl-tmin. Spotted by Jakub Wilk.
- Version 2.46b
- libdislocator now supports AFL_LD_NO_CALLOC_OVER for folks who do not
want to abort on calloc() overflows.
- Made a minor fix to libtokencap. Reported by Daniel Stender.
- Added a small JSON dictionary, inspired on a dictionary done by Jakub Wilk. (forwarded request 512610 from msmeissn)512611b30044222b6c770b2a993257c06521002.49bmaxlin_factory- include docs/README513056e81fb0fea818447a41a6c11bab29df502.51bdimstar_suseafl 2.51b520490ffd3bd2daa7929b375a62c97d54be7502.52bdimstar_suse5391041871a0125bbbbb6474e1a968f1c1b5242.52bdimstar_suse6323540de895c49b90ed5dc6037cc2ea2af3a02.52cdimstar_suse711649d6be61645c82848a72b5aaee4f1636102.52cdimstar_suse7394674bf57340ef562a229a5a1d27d3fe57232.58cdimstar_suse- updated to 2.58c
- reverted patch to not unlink and recreate the input file, it resulted in performance loss of ~10%
- added test/test-performance.sh script
- (re)added gcc_plugin, fast inline instrumentation is not yet finished, however it includes the whitelisting and persistance feature! by hexcoder-
- gcc_plugin tests added to testing framework
- jump to 2.57 instead of 2.55 to catch up with Google's versioning
- persistent mode for QEMU (see qemu_mode/README.md)
- custom mutator library is now an additional mutator, to exclusivly use it
- add AFL_CUSTOM_MUTATOR_ONLY (that will trigger the previous behaviour)
- new library qemu_mode/unsigaction which filters sigaction events
- afl-fuzz: new command line option -I to execute a command on a new crash
- no more unlinking the input file, this way the input file can also be a
- FIFO or disk partition
- setting LLVM_CONFIG for llvm_mode will now again switch to the selected
- llvm version. If your setup is correct.
- fuzzing strategy yields for custom mutator were missing from the UI, added them :)
- added "make tests" which will perform checks to see that all functionality
- is working as expected. this is currently the starting point, its not complete :)
- added mutation documentation feature ("make document"), creates afl-fuzz-document
- and saves all mutations of the first run on the first file into out/queue/mutations
- libtokencap and libdislocator now compile to the afl_root directory and are
- installed to the .../lib/afl directory when present during make install
- more BSD support, e.g. free CPU binding code for FreeBSD (thanks to devnexen)
- reducing duplicate code in afl-fuzz
- added "make help"
- removed compile warnings from python internal stuff
- added man page for afl-clang-fast[++]
- updated documentation
- Wine mode to run Win32 binaries with the QEMU instrumentation (-W)
- CompareCoverage for ARM target in QEMU/Unicorn7508472ac8241680c609af39976da23e77e4542.59cdimstar_suse- updated to 2.59c
- qbdi_mode: fuzz android native libraries via QBDI framework
- unicorn_mode: switched to the new unicornafl, thanks domenukk
(see https://github.com/vanhauser-thc/unicorn)
- afl-fuzz:
- added radamsa as (an optional) mutator stage (-R[R])
- added -u command line option to not unlink the fuzz input file
- Python3 support (autodetect)
- AFL_DISABLE_TRIM env var to disable the trim stage
- CPU affinity support for DragonFly
- llvm_mode:
- float splitting is now configured via AFL_LLVM_LAF_SPLIT_FLOATS
- support for llvm 10 included now (thanks to devnexen)
- libtokencap:
- support for *BSD/OSX/Dragonfly added
- hook common *cmp functions from widely used libraries
- compcov:
- hook common *cmp functions from widely used libraries
- floating point splitting support for QEMU on x86 targets
- qemu_mode: AFL_QEMU_DISABLE_CACHE env to disable QEMU TranslationBlocks caching
- afl-analyze: added AFL_SKIP_BIN_CHECK support
- better random numbers for gcc_plugin and llvm_mode (thanks to devnexen)
- Dockerfile by courtesy of devnexen
- added regex.dictionary
- qemu and unicorn download scripts now try to download until the full
download succeeded. f*ckin travis fails downloading 40% of the time!
- more support for Android (please test!)
- added the few Android stuff we didnt have already from Google afl repository
- removed unnecessary warnings (forwarded request 759706 from msmeissn)759716dc62c5d029166820085bdafeab147fef2.60cdimstar_suse760476f655dde382beeff468c32a9960dd3af62.60cdimstar_suse- added radamsa mutator (forwarded request 772507 from msmeissn)77250863e3900a53a741e64b0c699a730d5ac12.61cdimstar_suse- updated to 2.61c
- use -march=native if available
- most tools now check for mistyped environment variables
- gcc 10 is now supported
- the memory safety checks are now disabled for a little more speed during
fuzzing (only affects creating queue entries), can be toggled in config.h
- afl-fuzz:
- MOpt out of bounds writing crash fixed
- now prints the real python version support compiled in
- set stronger performance compile options and little tweaks
- Android: prefer bigcores when selecting a CPU
- CmpLog forkserver
- Redqueen input-2-state mutator (cmp instructions only ATM)
- all Python 2+3 versions supported now
- changed execs_per_sec in fuzzer_stats from "current" execs per second
(which is pointless) to total execs per second
- bugfix for dictionary insert stage count (fix via Google repo PR)
- added warning if -M is used together with custom mutators with _ONLY option
- AFL_TMPDIR checks are now later and better explained if they fail
- llvm_mode
- InsTrim: three bug fixes:
1. (minor) no pointless instrumentation of 1 block functions
2. (medium) path bug that leads a few blocks not instrumented that
should be
3. (major) incorrect prev_loc was written, fixed!
- afl-clang-fast:
- show in the help output for which llvm version it was compiled for
- now does not need to be recompiled between trace-pc and pass
instrumentation. compile normally and set AFL_LLVM_USE_TRACE_PC :)
- LLVM 11 is supported (forwarded request 779147 from msmeissn)77915312174eb19eb75b29865e72462865b2e72.62cdimstar_suse- updated to 2.62c
- Important fix for memory allocation functions that result in afl-fuzz not identifying crashes - UPDATE!
- Small fix for -E/-V to release the CPU
- CmpLog does not need sancov anymore (forwarded request 780290 from msmeissn)780291c1e019cfa9df801847804e1ddb8d7f902.63cdimstar_suse- updated to 2.63c
- all:
- big code changes to make afl-fuzz thread-safe so afl-fuzz can spawn
multiple fuzzing threads in the future or even become a library
- afl basic tools now report on the environment variables picked up
- more tools get environment variable usage info in the help output
- force all output to stdout (some OK/SAY/WARN messages were sent to
stdout, some to stderr)
- uninstrumented mode uses an internal forkserver ("fauxserver")
- now builds with `-D_FORTIFY_SOURCE=2`
- drastically reduced number of (de)allocations during fuzzing
- afl-fuzz:
- python mutator modules and custom mutator modules now use the same
interface and hence the API changed
- AFL_AUTORESUME will resume execution without the need to specify `-i -`
- added experimental power schedules (-p):
- mmopt: ignores runtime of queue entries, gives higher weighting to
the last 5 queue entries
- rare: puts focus on queue entries that hits rare branches, also ignores
runtime
- llvm_mode:
- added SNAPSHOT feature (using https://github.com/AFLplusplus/AFL-Snapshot-LKM)
- added Control Flow Integrity sanitizer (AFL_USE_CFISAN)
- added AFL_LLVM_INSTRUMENT option to control the instrumentation type
easier: DEFAULT, CFG (INSTRIM), LTO, CTX, NGRAM-x (x=2-16)
- made USE_TRACE_PC compile obsolete
- LTO collision free instrumented added in llvm_mode with afl-clang-lto -
note that this mode is amazing, but quite some targets won't compile
- Added llvm_mode NGRAM prev_loc coverage by Adrean Herrera
(https://github.com/adrianherrera/afl-ngram-pass/), activate by setting (forwarded request 793419 from msmeissn)793420