Merge pull request AFLplusplus#340 from AFLplusplus/dev

dev -> master

Author: vanhauser-thc

docs/Changelog.md

@@ -13,6 +13,8 @@ sending a mail to <[email protected]>.
   - afl-fuzz:
      - AFL_MAP_SIZE was not working correctly
      - better python detection
+     - an old, old bug in afl that would show negative stability in rare
+       circumstances is now hopefully fixed
   - llvm_mode:
      - if LLVM 11 is installed the posix shm_open+mmap is used and a fixed
        address for the shared memory map is used as this increases the

llvm_mode/afl-llvm-common.cc

@@ -12,6 +12,7 @@
 #include <string>
 #include <fstream>
 
+#include <llvm/Support/raw_ostream.h>
 #include "afl-llvm-common.h"
 
 using namespace llvm;

src/afl-fuzz-run.c

@@ -193,6 +193,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
   if (q->exec_cksum) {
 
     memcpy(afl->first_trace, afl->fsrv.trace_bits, afl->fsrv.map_size);
+    u8 hnb = has_new_bits(afl, afl->virgin_bits);
+    if (hnb > new_bits) { new_bits = hnb; }
 
   }
 
@@ -226,12 +228,11 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
     }
 
     cksum = hash32(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
+    u8 hnb = has_new_bits(afl, afl->virgin_bits);
+    if (hnb > new_bits) { new_bits = hnb; }
 
     if (q->exec_cksum != cksum) {
 
-      u8 hnb = has_new_bits(afl, afl->virgin_bits);
-      if (hnb > new_bits) { new_bits = hnb; }
-
       if (q->exec_cksum) {
 
         u32 i;