ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 20:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

comparison

Browse Source
This commit is contained in:
vanhauser-thc
2023-06-06 16:55:32 +02:00
parent 4deb45f3b3
commit 14e25340fb
2 changed files with 115 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
include/afl-mutations.h
View File

@ -78,83 +78,84 @@ enum {
}; };
#define MUT_NORMAL_ARRAY_SIZE 77 #define MUT_NORMAL_ARRAY_SIZE 77
u32 normal_splice[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT, u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
MUT_FLIPBIT, MUT_FLIPBIT,
MUT_FLIPBIT, MUT_FLIPBIT,
MUT_FLIPBIT, MUT_FLIPBIT,
MUT_INTERESTING8, MUT_INTERESTING8,
MUT_INTERESTING8, MUT_INTERESTING8,
MUT_INTERESTING8, MUT_INTERESTING8,
MUT_INTERESTING8, MUT_INTERESTING8,
MUT_INTERESTING16, MUT_INTERESTING16,
MUT_INTERESTING16, MUT_INTERESTING16,
MUT_INTERESTING16BE, MUT_INTERESTING16BE,
MUT_INTERESTING16BE, MUT_INTERESTING16BE,
MUT_INTERESTING32, MUT_INTERESTING32,
MUT_INTERESTING32, MUT_INTERESTING32,
MUT_INTERESTING32BE, MUT_INTERESTING32BE,
MUT_INTERESTING32BE, MUT_INTERESTING32BE,
MUT_ARITH8_, MUT_ARITH8_,
MUT_ARITH8_, MUT_ARITH8_,
MUT_ARITH8_, MUT_ARITH8_,
MUT_ARITH8_, MUT_ARITH8_,
MUT_ARITH8, MUT_ARITH8,
MUT_ARITH8, MUT_ARITH8,
MUT_ARITH8, MUT_ARITH8,
MUT_ARITH8, MUT_ARITH8,
MUT_ARITH16_, MUT_ARITH16_,
MUT_ARITH16_, MUT_ARITH16_,
MUT_ARITH16BE_, MUT_ARITH16BE_,
MUT_ARITH16BE_, MUT_ARITH16BE_,
MUT_ARITH16, MUT_ARITH16,
MUT_ARITH16, MUT_ARITH16,
MUT_ARITH16BE, MUT_ARITH16BE,
MUT_ARITH16BE, MUT_ARITH16BE,
MUT_ARITH32_, MUT_ARITH32_,
MUT_ARITH32_, MUT_ARITH32_,
MUT_ARITH32BE_, MUT_ARITH32BE_,
MUT_ARITH32BE_, MUT_ARITH32BE_,
MUT_ARITH32, MUT_ARITH32,
MUT_ARITH32, MUT_ARITH32,
MUT_ARITH32BE, MUT_ARITH32BE,
MUT_ARITH32BE, MUT_ARITH32BE,
MUT_RAND8, MUT_RAND8,
MUT_RAND8, MUT_RAND8,
MUT_RAND8, MUT_RAND8,
MUT_RAND8, MUT_RAND8,
MUT_CLONE_COPY, MUT_CLONE_COPY,
MUT_CLONE_COPY, MUT_CLONE_COPY,
MUT_CLONE_COPY, MUT_CLONE_COPY,
MUT_CLONE_FIXED, MUT_CLONE_FIXED,
MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY,
MUT_OVERWRITE_FIXED, MUT_OVERWRITE_FIXED,
MUT_BYTEADD, MUT_BYTEADD,
MUT_BYTESUB, MUT_BYTESUB,
MUT_FLIP8, MUT_FLIP8,
MUT_SWITCH, MUT_SWITCH,
MUT_SWITCH, MUT_SWITCH,
MUT_DEL, MUT_DEL,
MUT_DEL, MUT_DEL,
MUT_DEL, MUT_DEL,
MUT_DEL, MUT_DEL,
MUT_DEL, MUT_DEL,
MUT_DEL, MUT_DEL,
MUT_DEL, MUT_DEL,
MUT_DEL, MUT_DEL,
MUT_EXTRA_OVERWRITE, MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE, MUT_EXTRA_OVERWRITE,
MUT_EXTRA_INSERT, MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT, MUT_EXTRA_INSERT,
MUT_AUTO_EXTRA_OVERWRITE, MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE, MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_INSERT, MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT, MUT_AUTO_EXTRA_INSERT,
MUT_SPLICE_OVERWRITE, MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE, MUT_SPLICE_OVERWRITE,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT}; MUT_SPLICE_INSERT};
#define MUT_SPLICE_ARRAY_SIZE 81 #define MUT_SPLICE_ARRAY_SIZE 81
u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT, u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT,
MUT_FLIPBIT, MUT_FLIPBIT,

59
src/afl-fuzz-one.c
View File

@ -2081,34 +2081,49 @@ havoc_stage:
where we take the input file and make random stacked tweaks. */ where we take the input file and make random stacked tweaks. */
u32 *mutation_array; u32 *mutation_array;
u32 stack_max; // stack_max_pow = afl->havoc_stack_pow2; u32 stack_max, rand_max; // stack_max_pow = afl->havoc_stack_pow2;
if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text? if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) {
if (likely(afl->fuzz_mode == 0)) { // is exploration? mutation_array = full_splice_array;
rand_max = MUT_SPLICE_ARRAY_SIZE;
mutation_array = (unsigned int *)&mutation_strategy_exploration_text; } else {
} else { // is exploitation! mutation_array = normal_splice_array;
rand_max = MUT_NORMAL_ARRAY_SIZE;
mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
}
} else { // is binary!
if (likely(afl->fuzz_mode == 0)) { // is exploration?
mutation_array = (unsigned int *)&mutation_strategy_exploration_binary;
} else { // is exploitation!
mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
}
} }
/*
if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text?
if (likely(afl->fuzz_mode == 0)) { // is exploration?
mutation_array = (unsigned int *)&mutation_strategy_exploration_text;
} else { // is exploitation!
mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
}
} else { // is binary!
if (likely(afl->fuzz_mode == 0)) { // is exploration?
mutation_array = (unsigned int *)&mutation_strategy_exploration_binary;
} else { // is exploitation!
mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
}
}
*/
/* /*
if (temp_len < 64) { if (temp_len < 64) {
@ -2180,7 +2195,7 @@ havoc_stage:
retry_havoc_step : { retry_havoc_step : {
u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item; u32 r = rand_below(afl, rand_max), item;
switch (mutation_array[r]) { switch (mutation_array[r]) {