Comments (2)
afl-fuzz.c : save_if_interesting() function
switch (fault) {
case FAULT_TMOUT:
/* Timeouts are not very interesting, but we're still obliged to keep
a handful of samples. We use the presence of new bits in the
hang-specific bitmap as a signal of uniqueness. In "dumb" mode, we
just keep everything. */
total_tmouts++;
//some_code
fn = alloc_printf("%s/replayable-hangs/id_%06llu", out_dir,
unique_hangs);
So the test cases you're looking for should be in replayable-hangs folder.
But I suppose that in your case, this folder could be emply if the target doesn't yield in timeout when a latter is more generous
/* Before saving, we make sure that it's a genuine hang by re-running
the target with a more generous timeout (unless the default timeout
is already generous). */
if (exec_tmout < hang_tmout) {
u8 new_fault;
write_to_testcase(mem, len);
new_fault = run_target(argv, hang_tmout);
/* A corner case that one user reported bumping into: increasing the
timeout actually uncovers a crash. Make sure we don't discard it if
so. */
if (!stop_soon && new_fault == FAULT_CRASH) goto keep_as_crash;
if (stop_soon || new_fault != FAULT_TMOUT) return keeping;
}
from afl.
Thanks for that information, when I reported this I don't think I had a /replayable-hangs/
folder (or it was empty) but now that I know where to look for timeout-handling code I should be able to change it so that it logs all timeouts next time I use AFL.
from afl.
Related Issues (20)
- Any way to use -n when parallel fuzzing?
- argv-fuzz-inl.h contains a buffer overflow
- How to calculate coverage? HOT 4
- documentation refers to missing README HOT 1
- Extracting Seeds from a fuzz test HOT 1
- Fuzz with multiple input file
- AFL-FUZZ and ASAN Stuck at dup2
- Several potential bugs of memory/File Descriptor leak
- How to use -C flag
- how?
- llvm_mode error with llvm 13: "Oops, the instrumentation does not seem to be behaving correctly" HOT 1
- Can't understand the opeartion `orig ^ (orig + j)` in arith stage
- timeout while initializing fork server
- How do I debug AFL? Only use gdb?
- Security Policy violation Binary Artifacts HOT 54
- llvm_mode doesn't seem to support Clang 13 HOT 1
- How to let AFL ignore certain expected abort() situations?
- Communication issues with parent-child processes HOT 1
- Is it necessary to put the "-fsanitize-undefined-trap-on-error" flag when using AFL with UBSan?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from afl.