Skip to content

4.10c
Compare
Choose a tag to compare
@vanhauser-thc vanhauser-thc released this 03 Feb 11:11
· 975 commits to stable since this release
v4.10c
775861e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Version ++4.10c (release)

  • afl-fuzz:
    • default power schedule is now EXPLORE, due a fix in fast schedules
      explore is slightly better now.
    • fixed minor issues in the mutation engine, thanks to @futhewo for
      reporting!
    • better deterministic fuzzing is now available, benchmarks have shown
      to improve fuzzing. Enable with -D. Thanks to @kdsjZh for the PR!
  • afl-cc:
    • large rewrite by @SonicStark which fixes a few corner cases, thanks!
    • LTO mode now requires llvm 12+
    • workaround for ASAN with gcc_plugin mode
  • instrumentation:
    • LLVM 18 support, thanks to @devnexen!
    • Injection (SQL, LDAP, XSS) fuzzing feature now available, see
      instrumentation/README.injections.md how to activate/use/expand.
    • compcov/LAF-intel:
      • floating point splitting bug fix by @hexcoder
      • due a bug in LLVM 17 integer splitting is disabled there!
      • when splitting floats was selected, integers were always split as well,
        fixed to require AFL_LLVM_LAF_SPLIT_COMPARES or _ALL as it should
    • dynamic instrumentation filtering for LLVM NATIVE, thanks @mozilla!
      see utils/dynamic_covfilter/README.md
  • qemu_mode:
    • plugins are now activated by default and a new module is included that
      produces drcov compatible traces for lighthouse/lightkeeper/...
      thanks to @JRomainG to submitting!
  • updated Nyx checkout (fixes a bug) and some QOL
  • updated the custom grammar mutator
  • document afl-cmin does not work on macOS (but afl-cmin.bash does)

Contributors

mozilla, hexcoder, and 5 other contributors
Assets 2
Loading