mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 19:08:08 +00:00
added AFL_MAX_DET_EXTRAS env var
This commit is contained in:
@ -353,7 +353,7 @@ typedef struct afl_env_vars {
|
||||
afl_cal_fast, afl_cycle_schedules, afl_expand_havoc;
|
||||
|
||||
u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path,
|
||||
*afl_hang_tmout, *afl_skip_crashes, *afl_preload;
|
||||
*afl_hang_tmout, *afl_skip_crashes, *afl_preload, *afl_max_det_extras;
|
||||
|
||||
} afl_env_vars_t;
|
||||
|
||||
@ -506,7 +506,8 @@ typedef struct afl_state {
|
||||
useless_at_start, /* Number of useless starting paths */
|
||||
var_byte_count, /* Bitmap bytes with var behavior */
|
||||
current_entry, /* Current queue entry ID */
|
||||
havoc_div; /* Cycle count divisor for havoc */
|
||||
havoc_div, /* Cycle count divisor for havoc */
|
||||
max_det_extras; /* deterministic extra count (dicts)*/
|
||||
|
||||
u64 total_crashes, /* Total number of crashes */
|
||||
unique_crashes, /* Crashes with unique signatures */
|
||||
|
@ -102,6 +102,7 @@ static char *afl_environment_variables[] = {
|
||||
"AFL_NO_X86", // not really an env but we dont want to warn on it
|
||||
"AFL_MAP_SIZE",
|
||||
"AFL_MAPSIZE",
|
||||
"AFL_MAX_DET_EXTRAS",
|
||||
"AFL_PATH",
|
||||
"AFL_PERFORMANCE_FILE",
|
||||
"AFL_PRELOAD",
|
||||
|
@ -115,7 +115,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) {
|
||||
fsrv_to->out_file = NULL;
|
||||
|
||||
fsrv_to->init_child_func = fsrv_exec_child;
|
||||
//Note: do not copy ->add_extra_func
|
||||
// Note: do not copy ->add_extra_func
|
||||
|
||||
list_append(&fsrv_list, fsrv_to);
|
||||
|
||||
|
@ -248,10 +248,10 @@ static void extras_check_and_sort(afl_state_t *afl, u32 min_len, u32 max_len,
|
||||
|
||||
}
|
||||
|
||||
if (afl->extras_cnt > MAX_DET_EXTRAS) {
|
||||
if (afl->extras_cnt > afl->max_det_extras) {
|
||||
|
||||
WARNF("More than %d tokens - will use them probabilistically.",
|
||||
MAX_DET_EXTRAS);
|
||||
afl->max_det_extras);
|
||||
|
||||
}
|
||||
|
||||
@ -403,10 +403,10 @@ void add_extra(afl_state_t *afl, u8 *mem, u32 len) {
|
||||
|
||||
/* We only want to print this once */
|
||||
|
||||
if (afl->extras_cnt == MAX_DET_EXTRAS + 1) {
|
||||
if (afl->extras_cnt == afl->max_det_extras + 1) {
|
||||
|
||||
WARNF("More than %d tokens - will use them probabilistically.",
|
||||
MAX_DET_EXTRAS);
|
||||
afl->max_det_extras);
|
||||
|
||||
}
|
||||
|
||||
|
@ -1509,13 +1509,13 @@ skip_interest:
|
||||
|
||||
for (j = 0; j < afl->extras_cnt; ++j) {
|
||||
|
||||
/* Skip extras probabilistically if afl->extras_cnt > MAX_DET_EXTRAS. Also
|
||||
skip them if there's no room to insert the payload, if the token
|
||||
/* Skip extras probabilistically if afl->extras_cnt > AFL_MAX_DET_EXTRAS.
|
||||
Also skip them if there's no room to insert the payload, if the token
|
||||
is redundant, or if its entire span has no bytes set in the effector
|
||||
map. */
|
||||
|
||||
if ((afl->extras_cnt > MAX_DET_EXTRAS &&
|
||||
rand_below(afl, afl->extras_cnt) >= MAX_DET_EXTRAS) ||
|
||||
if ((afl->extras_cnt > afl->max_det_extras &&
|
||||
rand_below(afl, afl->extras_cnt) >= afl->max_det_extras) ||
|
||||
afl->extras[j].len > len - i ||
|
||||
!memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len) ||
|
||||
!memchr(eff_map + EFF_APOS(i), 1,
|
||||
@ -3722,13 +3722,13 @@ skip_interest:
|
||||
|
||||
for (j = 0; j < afl->extras_cnt; ++j) {
|
||||
|
||||
/* Skip extras probabilistically if afl->extras_cnt > MAX_DET_EXTRAS. Also
|
||||
skip them if there's no room to insert the payload, if the token
|
||||
/* Skip extras probabilistically if afl->extras_cnt > AFL_MAX_DET_EXTRAS.
|
||||
Also skip them if there's no room to insert the payload, if the token
|
||||
is redundant, or if its entire span has no bytes set in the effector
|
||||
map. */
|
||||
|
||||
if ((afl->extras_cnt > MAX_DET_EXTRAS &&
|
||||
rand_below(afl, afl->extras_cnt) >= MAX_DET_EXTRAS) ||
|
||||
if ((afl->extras_cnt > afl->max_det_extras &&
|
||||
rand_below(afl, afl->extras_cnt) >= afl->max_det_extras) ||
|
||||
afl->extras[j].len > len - i ||
|
||||
!memcmp(afl->extras[j].data, out_buf + i, afl->extras[j].len) ||
|
||||
!memchr(eff_map + EFF_APOS(i), 1,
|
||||
|
@ -349,6 +349,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
|
||||
afl->afl_env.afl_preload =
|
||||
(u8 *)get_afl_env(afl_environment_variables[i]);
|
||||
|
||||
} else if (!strncmp(env, "AFL_MAX_DET_EXTRAS",
|
||||
|
||||
afl_environment_variable_len)) {
|
||||
|
||||
afl->afl_env.afl_max_det_extras =
|
||||
(u8 *)get_afl_env(afl_environment_variables[i]);
|
||||
|
||||
}
|
||||
|
||||
} else {
|
||||
|
@ -177,6 +177,8 @@ static void usage(u8 *argv0, int more_help) {
|
||||
"AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n"
|
||||
"AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n"
|
||||
" the target was compiled for\n"
|
||||
"AFL_MAX_DET_EXTRAS: if the dict/extras file contains more tokens than this threshold,\n"
|
||||
" the tokens will sometimes be skipped during fuzzing.\n"
|
||||
"AFL_NO_AFFINITY: do not check for an unused cpu core to use for fuzzing\n"
|
||||
"AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n"
|
||||
"AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n"
|
||||
@ -949,8 +951,21 @@ int main(int argc, char **argv_orig, char **envp) {
|
||||
|
||||
if (afl->afl_env.afl_hang_tmout) {
|
||||
|
||||
afl->hang_tmout = atoi(afl->afl_env.afl_hang_tmout);
|
||||
if (!afl->hang_tmout) { FATAL("Invalid value of AFL_HANG_TMOUT"); }
|
||||
s32 hang_tmout = atoi(afl->afl_env.afl_hang_tmout);
|
||||
if (hang_tmout < 1) { FATAL("Invalid value for AFL_HANG_TMOUT"); }
|
||||
afl->hang_tmout = (u32)hang_tmout;
|
||||
|
||||
}
|
||||
|
||||
if (afl->afl_env.afl_max_det_extras) {
|
||||
|
||||
s32 max_det_extras = atoi(afl->afl_env.afl_max_det_extras);
|
||||
if (max_det_extras < 1) { FATAL("Invalid value for AFL_MAX_DET_EXTRAS"); }
|
||||
afl->max_det_extras = (u32)max_det_extras;
|
||||
|
||||
} else {
|
||||
|
||||
afl->max_det_extras = MAX_DET_EXTRAS;
|
||||
|
||||
}
|
||||
|
||||
|
Reference in New Issue
Block a user