ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 04:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

added mutation introspection make target

Browse Source
This commit is contained in:
van Hauser
2020-11-01 21:34:08 +01:00
parent a0c0cf9712
commit 0fd98ae8b0
10 changed files with 592 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/afl-fuzz-bitmap.c
View File

@ -587,6 +587,11 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
add_to_queue(afl, queue_fn, len, 0);
#ifdef INTROSPECTION
fprintf(afl->introspection_file, "QUEUE %s = %s\n", afl->mutation,
afl->queue_top->fname);
#endif
if (hnb == 2) {
afl->queue_top->has_new_cov = 1;
@ -659,6 +664,9 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
}
++afl->unique_tmouts;
#ifdef INTROSPECTION
fprintf(afl->introspection_file, "UNIQUE_TIMEOUT %s\n", afl->mutation);
#endif
/* Before saving, we make sure that it's a genuine hang by re-running
the target with a more generous timeout (unless the default timeout
@ -742,6 +750,9 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#endif /* ^!SIMPLE_FILES */
++afl->unique_crashes;
#ifdef INTROSPECTION
fprintf(afl->introspection_file, "UNIQUE_CRASH %s\n", afl->mutation);
#endif
if (unlikely(afl->infoexec)) {
// if the user wants to be informed on new crashes - do that

16
src/afl-fuzz-extras.c
View File

@ -423,8 +423,8 @@ void dedup_extras(afl_state_t *afl) {
}
if (afl->extras_cnt != orig_cnt)
afl->extras = ck_realloc((void **)&afl->extras,
afl->extras_cnt * sizeof(struct extra_data));
afl->extras = afl_realloc_exact(
(void **)&afl->extras, afl->extras_cnt * sizeof(struct extra_data));
}
@ -462,16 +462,8 @@ void add_extra(afl_state_t *afl, u8 *mem, u32 len) {
}
if (afl->extras) {
afl->extras = ck_realloc((void **)&afl->extras,
(afl->extras_cnt + 1) * sizeof(struct extra_data));
} else {
afl->extras = ck_alloc((afl->extras_cnt + 1) * sizeof(struct extra_data));
}
afl->extras = afl_realloc((void **)&afl->extras,
(afl->extras_cnt + 1) * sizeof(struct extra_data));
if (unlikely(!afl->extras)) { PFATAL("alloc"); }

503
src/afl-fuzz-one.c
View File

File diff suppressed because it is too large Load Diff

17
src/afl-fuzz.c
View File

@ -236,6 +236,10 @@ static void usage(u8 *argv0, int more_help) {
SAYF("Compiled with PROFILING\n\n");
#endif
#ifdef INTROSPECTION
SAYF("Compiled with INTROSPECTION\n\n");
#endif
#ifdef _DEBUG
SAYF("Compiled with _DEBUG\n\n");
#endif
@ -1462,6 +1466,19 @@ int main(int argc, char **argv_orig, char **envp) {
u32 prev_queued_paths = 0;
u8 skipped_fuzz;
#ifdef INTROSPECTION
char ifn[4096];
snprintf(ifn, sizeof(ifn), "%s/introspection.txt", afl->out_dir);
if ((afl->introspection_file = fopen(ifn, "w")) == NULL) {
PFATAL("could not create '%s'", ifn);
}
setvbuf(afl->introspection_file, NULL, _IONBF, 0);
OKF("Writing mutation introspection to '%s'", ifn);
#endif
while (likely(!afl->stop_soon)) {
cull_queue(afl);