ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 03:18:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

enforce mandatary custom functions

Browse Source
This commit is contained in:
van Hauser
2020-05-12 17:05:12 +02:00
parent 6177954773
commit 060f4ea320
3 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
docs/custom_mutators.md
View File

@ -84,13 +84,16 @@ def queue_new_entry(filename_new_queue, filename_orig_queue):
- `queue_get` (optional): - `queue_get` (optional):
This method determines whether the fuzzer should fuzz the current queue This method determines whether the custom fuzzer should fuzz the current
entry or not queue entry or not
- `fuzz` (required): - `fuzz` (optional):
This method performs custom mutations on a given input. It also accepts an This method performs custom mutations on a given input. It also accepts an
additional test case. additional test case.
Note that this function is optional - but it makes sense to use it.
You would only skip this if `pre_send` is used to fix checksums etc.
so you are using it e.g. as a post processing library.
- `havoc_mutation` and `havoc_mutation_probability` (optional): - `havoc_mutation` and `havoc_mutation_probability` (optional):
@ -114,6 +117,13 @@ def queue_new_entry(filename_new_queue, filename_orig_queue):
This methods is called after adding a new test case to the queue. This methods is called after adding a new test case to the queue.
- `deinit`:
The last method to be called, deinitializing the state.
Note that there are also three functions for trimming as described in the
next section.
### Trimming Support ### Trimming Support
The generic trimming routines implemented in AFL++ can easily destroy the The generic trimming routines implemented in AFL++ can easily destroy the
@ -160,10 +170,8 @@ trimmed input. Here's a quick API description:
In any case, this method must return the next trim iteration index (from 0 In any case, this method must return the next trim iteration index (from 0
to the maximum amount of steps you returned in `init_trim`). to the maximum amount of steps you returned in `init_trim`).
`deinit` the last method to be called, deinitializing the state. Omitting any of three trimming methods will cause the trimming to be disabled
and trigger a fallback to the builtin default trimming routine.
Omitting any of three methods will cause the trimming to be disabled and trigger
a fallback to the builtin default trimming routine.
### Environment Variables ### Environment Variables

6
src/afl-fuzz-mutators.c
View File

@ -151,7 +151,7 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
/* Mutator */ /* Mutator */
/* "afl_custom_init", optional for backward compatibility */ /* "afl_custom_init", optional for backward compatibility */
mutator->afl_custom_init = dlsym(dh, "afl_custom_init"); mutator->afl_custom_init = dlsym(dh, "afl_custom_init");
if (!mutator->afl_custom_init) WARNF("Symbol 'afl_custom_init' not found."); if (!mutator->afl_custom_init) FATAL("Symbol 'afl_custom_init' not found.");
/* "afl_custom_fuzz" or "afl_custom_mutator", required */ /* "afl_custom_fuzz" or "afl_custom_mutator", required */
mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_fuzz"); mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_fuzz");
@ -162,13 +162,13 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) {
mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_mutator"); mutator->afl_custom_fuzz = dlsym(dh, "afl_custom_mutator");
if (!mutator->afl_custom_fuzz) if (!mutator->afl_custom_fuzz)
FATAL("Symbol 'afl_custom_mutator' not found."); WARNF("Symbol 'afl_custom_mutator' not found.");
} }
/* "afl_custom_deinit", optional for backward compatibility */ /* "afl_custom_deinit", optional for backward compatibility */
mutator->afl_custom_deinit = dlsym(dh, "afl_custom_deinit"); mutator->afl_custom_deinit = dlsym(dh, "afl_custom_deinit");
if (!mutator->afl_custom_deinit) WARNF("Symbol 'afl_custom_init' not found."); if (!mutator->afl_custom_deinit) FATAL("Symbol 'afl_custom_init' not found.");
/* "afl_custom_pre_save", optional */ /* "afl_custom_pre_save", optional */
mutator->afl_custom_pre_save = dlsym(dh, "afl_custom_pre_save"); mutator->afl_custom_pre_save = dlsym(dh, "afl_custom_pre_save");

8
src/afl-fuzz-python.c
View File

@ -135,7 +135,13 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {
u8 py_notrim = 0, py_idx; u8 py_notrim = 0, py_idx;
/* init, required */ /* init, required */
py_functions[PY_FUNC_INIT] = PyObject_GetAttrString(py_module, "init"); py_functions[PY_FUNC_INIT] = PyObject_GetAttrString(py_module, "init");
if (!py_functions[PY_FUNC_INIT])
FATAL("init function not found in python module");
py_functions[PY_FUNC_FUZZ] = PyObject_GetAttrString(py_module, "fuzz"); py_functions[PY_FUNC_FUZZ] = PyObject_GetAttrString(py_module, "fuzz");
if (!py_functions[PY_FUNC_FUZZ])
py_functions[PY_FUNC_FUZZ] = PyObject_GetAttrString(py_module, "mutate");
if (!py_functions[PY_FUNC_FUZZ])
WARNF("fuzz function not found in python module");
py_functions[PY_FUNC_PRE_SAVE] = py_functions[PY_FUNC_PRE_SAVE] =
PyObject_GetAttrString(py_module, "pre_save"); PyObject_GetAttrString(py_module, "pre_save");
py_functions[PY_FUNC_INIT_TRIM] = py_functions[PY_FUNC_INIT_TRIM] =
@ -152,6 +158,8 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {
py_functions[PY_FUNC_QUEUE_NEW_ENTRY] = py_functions[PY_FUNC_QUEUE_NEW_ENTRY] =
PyObject_GetAttrString(py_module, "queue_new_entry"); PyObject_GetAttrString(py_module, "queue_new_entry");
py_functions[PY_FUNC_DEINIT] = PyObject_GetAttrString(py_module, "deinit"); py_functions[PY_FUNC_DEINIT] = PyObject_GetAttrString(py_module, "deinit");
if (!py_functions[PY_FUNC_DEINIT])
FATAL("deinit function not found in python module");
for (py_idx = 0; py_idx < PY_FUNC_COUNT; ++py_idx) { for (py_idx = 0; py_idx < PY_FUNC_COUNT; ++py_idx) {