ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 12:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

comparison

Browse Source
This commit is contained in:
vanhauser-thc
2023-06-06 16:55:32 +02:00
parent 4deb45f3b3
commit 14e25340fb
2 changed files with 115 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

155
include/afl-mutations.h
View File

@ -78,83 +78,84 @@ enum {
};
#define MUT_NORMAL_ARRAY_SIZE 77
u32 normal_splice[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING16,
MUT_INTERESTING16,
MUT_INTERESTING16BE,
MUT_INTERESTING16BE,
MUT_INTERESTING32,
MUT_INTERESTING32,
MUT_INTERESTING32BE,
MUT_INTERESTING32BE,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_FIXED,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_FIXED,
MUT_BYTEADD,
MUT_BYTESUB,
MUT_FLIP8,
MUT_SWITCH,
MUT_SWITCH,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT};
u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_FLIPBIT,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING8,
MUT_INTERESTING16,
MUT_INTERESTING16,
MUT_INTERESTING16BE,
MUT_INTERESTING16BE,
MUT_INTERESTING32,
MUT_INTERESTING32,
MUT_INTERESTING32BE,
MUT_INTERESTING32BE,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8_,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH8,
MUT_ARITH16_,
MUT_ARITH16_,
MUT_ARITH16BE_,
MUT_ARITH16BE_,
MUT_ARITH16,
MUT_ARITH16,
MUT_ARITH16BE,
MUT_ARITH16BE,
MUT_ARITH32_,
MUT_ARITH32_,
MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32,
MUT_ARITH32,
MUT_ARITH32BE,
MUT_ARITH32BE,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_RAND8,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_COPY,
MUT_CLONE_FIXED,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY,
MUT_OVERWRITE_FIXED,
MUT_BYTEADD,
MUT_BYTESUB,
MUT_FLIP8,
MUT_SWITCH,
MUT_SWITCH,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_DEL,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_OVERWRITE,
MUT_EXTRA_INSERT,
MUT_EXTRA_INSERT,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_OVERWRITE,
MUT_AUTO_EXTRA_INSERT,
MUT_AUTO_EXTRA_INSERT,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_OVERWRITE,
MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT};
#define MUT_SPLICE_ARRAY_SIZE 81
u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT,
MUT_FLIPBIT,

59
src/afl-fuzz-one.c
View File

@ -2081,34 +2081,49 @@ havoc_stage:
where we take the input file and make random stacked tweaks. */
u32 *mutation_array;
u32 stack_max; // stack_max_pow = afl->havoc_stack_pow2;
u32 stack_max, rand_max; // stack_max_pow = afl->havoc_stack_pow2;
if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text?
if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) {
if (likely(afl->fuzz_mode == 0)) { // is exploration?
mutation_array = full_splice_array;
rand_max = MUT_SPLICE_ARRAY_SIZE;
mutation_array = (unsigned int *)&mutation_strategy_exploration_text;
} else {
} else { // is exploitation!
mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
}
} else { // is binary!
if (likely(afl->fuzz_mode == 0)) { // is exploration?
mutation_array = (unsigned int *)&mutation_strategy_exploration_binary;
} else { // is exploitation!
mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
}
mutation_array = normal_splice_array;
rand_max = MUT_NORMAL_ARRAY_SIZE;
}
/*
if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text?
if (likely(afl->fuzz_mode == 0)) { // is exploration?
mutation_array = (unsigned int *)&mutation_strategy_exploration_text;
} else { // is exploitation!
mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
}
} else { // is binary!
if (likely(afl->fuzz_mode == 0)) { // is exploration?
mutation_array = (unsigned int *)&mutation_strategy_exploration_binary;
} else { // is exploitation!
mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
}
}
*/
/*
if (temp_len < 64) {
@ -2180,7 +2195,7 @@ havoc_stage:
retry_havoc_step : {
u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item;
u32 r = rand_below(afl, rand_max), item;
switch (mutation_array[r]) {