timeout option, auto use default/ if necessary

Author: vanhauser-thc

README.md

@@ -18,13 +18,15 @@ Version: 0.6.6
 This is a modified afl-cov fork because the original author's account is
 inactive :-(
 
-It has four changes:
+It has several improvements:
  * afl-cov now accepts "@@" like AFL++ in the target command parameters
  * afl-cov now can send to targets that read on stdin (just omit @@)
+ * afl-cov has a timeout -T option to hangs are not an issue, default 5s
  * afl-cov.sh makes using afl-cov easier (just needs two parameters)
- * afl-cov-build.sh makes builing a target for coverage easier
+ * afl-cov-build.sh makes builing a target for coverage easier, just type
+   `afl-cov-build.sh make`
  * afl-cov/afl-cov.sh/afl-cov-build.sh now support clang coverage, just add
-   -c to afl-cov.sh/afl-cov-build.sh (and --clang to afl-cov)
+   -c to afl-cov.sh/afl-cov-build.sh (--clang for afl-cov)
  * afl-stat.sh shows the statistics of a run (in progress or completed)
 
 Enjoy!

afl-cov

@@ -186,10 +186,10 @@ def process_afl_test_cases(cargs):
                 ### for the current AFL test case file
                 if run_once:
                     run_cmd(cargs.coverage_cmd.replace('AFL_FILE', f),
-                            cov_paths['log_file'], cargs, NO_OUTPUT, True, f)
+                            cov_paths['log_file'], cargs, NO_OUTPUT, True, f, cargs.timeout)
                 else:
                     out_lines = run_cmd(cargs.coverage_cmd.replace('AFL_FILE', f),
-                            cov_paths['log_file'], cargs, WANT_OUTPUT, True, f)[1]
+                            cov_paths['log_file'], cargs, WANT_OUTPUT, True, f, cargs.timeout)[1]
                     run_once = True
 
                 if cargs.afl_queue_id_limit \
@@ -694,7 +694,7 @@ def get_running_pid(stats_file, pid_re):
                 break
     return pid
 
-def run_cmd(cmd, log_file, cargs, collect, aflrun, fn):
+def run_cmd(cmd, log_file, cargs, collect, aflrun, fn, timeout=None):
 
     out = []
 
@@ -714,6 +714,9 @@ def run_cmd(cmd, log_file, cargs, collect, aflrun, fn):
         else:
             print("    CMD: %s" % cmd)
 
+    if timeout:
+        cmd = 'timeout -s KILL %s %s' % (timeout, cmd)
+
     es = subprocess.call(cmd, stdin=None,
             stdout=fh, stderr=subprocess.STDOUT, shell=True)
 
@@ -1215,6 +1218,8 @@ def parse_cmdline():
             help="Print version and exit", default=False)
     p.add_argument("-q", "--quiet", action='store_true',
             help="Quiet mode", default=False)
+    p.add_argument("-T", "--timeout", type=str,
+            help="timeout (default 5 seconds)", default='5')
 
     return p.parse_args()
 

afl-cov.sh

@@ -19,10 +19,18 @@ test "$1" = "-c" && { OPT2="--clang" ; shift ; }
 test "$1" = "-v" && { OPT1="-v" ; shift ; }
 
 test -d "$1" || { echo Error: not a directory: $1 ; exit 1 ; } 
-test -e "$1"/queue || { echo Error: not an afl-fuzz -o out directory ; exit 1 ; }
 
-HOMEPATH=`dirname $0`
+
 DST=`realpath "$1"`
+test -e "$DST"/queue || {
+  DST="$DST/default"
+  test -e "$DST"/queue || {
+    echo Error: not an afl-fuzz -o out directory
+    exit 1
+  }
+}
+
+HOMEPATH=`dirname $0`
 export PATH=$HOMEPATH:$PATH
 
 afl-cov $OPT1 $OPT2 -d "$DST" --cover-corpus --coverage-cmd "$2" --code-dir . --overwrite