Giters

AFLplusplus / AFLplusplus

The fuzzer afl++ is afl with community patches, qemu 5.1 upgrade, collision-free coverage, enhanced laf-intel & redqueen, AFLfast++ power schedules, MOpt mutators, unicorn_mode, and a lot more!

Home Page:https://aflplus.plus

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

afl-showmap + persistent mode appears broken after 6062668679

manyhus opened this issue · comments

commented

Describe the bug
Before 6062668 running afl-showmap on all the files in a corpus would produce many different outputs as expected, but starting at that commit I only see three unique outputs (across the same number of output files). This is most easily seen by running afl-cmin which ends up reducing the corpus to two files in my case. This only appears to happen when the target is built with persistent mode support. afl-fuzz also appears to work fine even when afl-showmap doesn't.

To Reproduce
Steps to reproduce the behavior:

  1. Checkout and build 6062668 or later
  2. Run afl-cmin on something that should produce a decent output corpus
  3. cmin outputs a smaller corpus than expected, probably only two or three files

Expected behavior
afl-showmap output contains accurate traces for all inputs

Screen output/Screenshots
With 6062668:

afl-cmin -i cmin_in -o cmin_out -- ./target_afl
corpus minimization tool for AFL++ (awk version)

[*] Are you aware of the '-T all' parallelize option that improves the speed for large/slow corpuses?
[*] Testing the target binary...
[+] OK, 329 tuples recorded.
[*] Obtaining traces for 2547 input files in 'cmin_in'.
    Processing 2547 files (forkserver mode)...
[*] Processing traces for input files in 'cmin_in'.
    Processing file 2547/2547
    Processing tuple 313/313 with count 2547...
[+] Found 313 unique tuples across 2547 files.
[+] Narrowed down to 2 files, saved in 'cmin_out'.

With 6062668^:

afl-cmin -i cmin_in -o cmin_out -- ./target_afl
corpus minimization tool for AFL++ (awk version)

[*] Are you aware of the '-T all' parallelize option that improves the speed for large/slow corpuses?
[*] Testing the target binary...
[+] OK, 329 tuples recorded.
[*] Obtaining traces for 2547 input files in 'cmin_in'.
    Processing 2547 files (forkserver mode)...
[*] Processing traces for input files in 'cmin_in'.
    Processing file 2547/2547
    Processing tuple 23344/23344 with count 2547...
[+] Found 23344 unique tuples across 2547 files.
[+] Narrowed down to 2356 files, saved in 'cmin_out'.
commented

uh yes I did a big bug there, thanks for reporting.
can you please test the new dev branch state if it works for you again?

commented

Looks good now, thanks