1.94b

Author: thomas-huet

Makefile

@@ -14,7 +14,7 @@
 #
 
 PROGNAME    = afl
-VERSION     = 1.93b
+VERSION     = 1.94b
 
 PREFIX     ?= /usr/local
 BIN_PATH    = $(PREFIX)/bin

afl-as.c

@@ -117,6 +117,12 @@ static void edit_params(int argc, char** argv) {
 
 #endif /* __APPLE__ */
 
+  /* Although this is not documented, GCC also uses TEMP and TMP when TMPDIR
+     is not set. We need to check these non-standard variables to properly
+     handle the pass_thru logic later on. */
+
+  if (!tmp_dir) tmp_dir = getenv("TEMP");
+  if (!tmp_dir) tmp_dir = getenv("TMP");
   if (!tmp_dir) tmp_dir = "/tmp";
 
   as_params = ck_alloc((argc + 32) * sizeof(u8*));
@@ -444,7 +450,8 @@ static void add_instrumentation(void) {
 
   if (!be_quiet) {
 
-    if (!ins_lines) WARNF("No instrumentation targets found.");
+    if (!ins_lines) WARNF("No instrumentation targets found%s.",
+                          pass_thru ? " (pass-thru mode)" : "");
     else OKF("Instrumented %u locations (%s-bit, %s mode, ratio %u%%).",
              ins_lines, use_64bit ? "64" : "32",
              getenv("AFL_HARDEN") ? "hardened" : "non-hardened",

afl-cmin

@@ -18,8 +18,8 @@
 # the starting corpus. This has two uses:
 #
 #   - Screening large corpora of input files before using them as a seed for
-#     seed for afl-fuzz. The tool will remove functionally redundant files and
-#     likely leave you with a much smaller set.
+#     afl-fuzz. The tool will remove functionally redundant files and likely
+#     leave you with a much smaller set.
 #
 #     (In this case, you probably also want to consider running afl-tmin on
 #     the individual files later on to reduce their size.)

alloc-inl.h

@@ -57,17 +57,17 @@
 
 /* Magic tokens used to mark used / freed chunks. */
 
-#define ALLOC_MAGIC_C1  0xFF00
-#define ALLOC_MAGIC_F   0xFE00
-#define ALLOC_MAGIC_C2  0xF0
+#define ALLOC_MAGIC_C1  0xFF00FF00 /* Used head (dword)  */
+#define ALLOC_MAGIC_F   0xFE00FE00 /* Freed head (dword) */
+#define ALLOC_MAGIC_C2  0xF0       /* Used tail (byte)   */
 
 /* Positions of guard tokens in relation to the user-visible pointer. */
 
-#define ALLOC_C1(_ptr)  (((u16*)(_ptr))[-3])
+#define ALLOC_C1(_ptr)  (((u32*)(_ptr))[-2])
 #define ALLOC_S(_ptr)   (((u32*)(_ptr))[-1])
 #define ALLOC_C2(_ptr)  (((u8*)(_ptr))[ALLOC_S(_ptr)])
 
-#define ALLOC_OFF_HEAD  6
+#define ALLOC_OFF_HEAD  8
 #define ALLOC_OFF_TOTAL (ALLOC_OFF_HEAD + 1)
 
 /* Allocator increments for ck_realloc_block(). */

docs/ChangeLog

@@ -16,6 +16,18 @@ Not sure if you should upgrade? The lowest currently recommended version
 is 1.92b. If you're stuck on an earlier release, it's strongly advisable
 to get on with the times.
 
+--------------
+Version 1.94b:
+--------------
+
+  - Changed allocator alignment to improve support for non-x86 systems (now
+    that llvm_mode makes this more feasible).
+
+  - Fixed a minor typo in afl-cmin. Spotted by Jonathan Neuschafer.
+
+  - Fixed an obscure bug that would affect people trying to use afl-gcc
+    with $TMP set but $TMPDIR absent. Spotted by Jeremy Barnes.
+
 --------------
 Version 1.93b:
 --------------

docs/README

@@ -424,6 +424,7 @@ bug reports, or patches from:
   rc0r                                  Jonathan Foote
   Christian Holler                      Dominique Pelle
   Jacek Wielemborek                     Leo Barnes
+  Jeremy Barnes
 
 Thank you!
 

llvm_mode/afl-clang-fast.c

@@ -216,7 +216,6 @@ static void edit_params(u32 argc, char** argv) {
 #else
     "void _I(void) __asm__(\"__afl_manual_init\"); "
 #endif /* ^__APPLE__ */
-
     "_I(); } while (0)";
 
   if (maybe_linking) {