From ec4c5ae88a8453370a695c6e1ee9be0e1d35229e Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Tue, 13 Jul 2021 16:15:12 +0200
Subject: [PATCH] remove timeout on crash (#224)

---
 libafl/src/executors/inprocess.rs |  3 ++
 libafl/src/executors/timeout.rs   | 49 ++++++++++++-------------------
 2 files changed, 22 insertions(+), 30 deletions(-)

diff --git a/libafl/src/executors/inprocess.rs b/libafl/src/executors/inprocess.rs
index 3c98721af3..654c55aa99 100644
--- a/libafl/src/executors/inprocess.rs
+++ b/libafl/src/executors/inprocess.rs
@@ -275,6 +275,7 @@ mod unix_signal_handler {
         events::{Event, EventFirer, EventRestarter},
         executors::{
             inprocess::{InProcessExecutorHandlerData, GLOBAL_STATE},
+            timeout::remove_timeout,
             ExitKind,
         },
         feedbacks::Feedback,
@@ -422,6 +423,8 @@ mod unix_signal_handler {
         I: Input,
         Z: HasObjective<I, OF, S>,
     {
+        remove_timeout();
+
         #[cfg(all(target_os = "android", target_arch = "aarch64"))]
         let _context = *(((_context as *mut _ as *mut c_void as usize) + 128) as *mut c_void
             as *mut ucontext_t);
diff --git a/libafl/src/executors/timeout.rs b/libafl/src/executors/timeout.rs
index 85c91bb12a..701a707ba3 100644
--- a/libafl/src/executors/timeout.rs
+++ b/libafl/src/executors/timeout.rs
@@ -11,7 +11,7 @@ use crate::{
 };
 
 #[cfg(unix)]
-use core::ptr::null_mut;
+use core::{mem::zeroed, ptr::null_mut};
 #[cfg(unix)]
 use libc::c_int;
 
@@ -37,13 +37,24 @@ extern "C" {
 #[cfg(unix)]
 const ITIMER_REAL: c_int = 0;
 
+/// Reset and remove the timeout
+pub fn remove_timeout() {
+    #[cfg(unix)]
+    unsafe {
+        let mut itimerval_zero: Itimerval = zeroed();
+        setitimer(ITIMER_REAL, &mut itimerval_zero, null_mut());
+    }
+    #[cfg(windows)]
+    {
+        // TODO
+    }
+}
+
 /// The timeout excutor is a wrapper that sets a timeout before each run
 pub struct TimeoutExecutor<E> {
     executor: E,
     #[cfg(unix)]
     itimerval: Itimerval,
-    #[cfg(unix)]
-    itimerval_zero: Itimerval,
 }
 
 impl<E> TimeoutExecutor<E> {
@@ -52,34 +63,21 @@ impl<E> TimeoutExecutor<E> {
     #[cfg(unix)]
     pub fn new(executor: E, exec_tmout: Duration) -> Self {
         let milli_sec = exec_tmout.as_millis();
-        let it_value_some = Timeval {
+        let it_value = Timeval {
             tv_sec: (milli_sec / 1000) as i64,
             tv_usec: (milli_sec % 1000) as i64,
         };
-        let it_value_zero = Timeval {
-            tv_sec: 0,
-            tv_usec: 0,
-        };
-        let it_interval_some = Timeval {
-            tv_sec: 0,
-            tv_usec: 0,
-        };
-        let it_interval_zero = Timeval {
+        let it_interval = Timeval {
             tv_sec: 0,
             tv_usec: 0,
         };
         let itimerval = Itimerval {
-            it_value: it_value_some,
-            it_interval: it_interval_some,
-        };
-        let itimerval_zero = Itimerval {
-            it_value: it_value_zero,
-            it_interval: it_interval_zero,
+            it_value: it_value,
+            it_interval: it_interval,
         };
         Self {
             executor,
             itimerval,
-            itimerval_zero,
         }
     }
 
@@ -116,16 +114,7 @@ where
         }
 
         let ret = self.executor.run_target(fuzzer, state, mgr, input);
-
-        #[cfg(unix)]
-        unsafe {
-            setitimer(ITIMER_REAL, &mut self.itimerval_zero, null_mut());
-        }
-        #[cfg(windows)]
-        {
-            // TODO
-        }
-
+        remove_timeout();
         ret
     }
 }