ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix afl_custom_post_process with multiple custom mutators

Browse Source
This commit is contained in:
vanhauser-thc
2021-06-01 10:40:25 +02:00
parent 5b5dff4584
commit 17e904eedf
2 changed files with 19 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
docs/Changelog.md
View File

@ -22,13 +22,14 @@ sending a mail to <afl-users+subscribe@googlegroups.com>.
to allow replay of non-reproducable crashes, see to allow replay of non-reproducable crashes, see
AFL_PERSISTENT_RECORD in config.h and docs/envs.h AFL_PERSISTENT_RECORD in config.h and docs/envs.h
- fixed a bug when trimming for stdin targets - fixed a bug when trimming for stdin targets
- default cmplog level (-l) is now 2, better efficiency. - cmplog -l: default cmplog level is now 2, better efficiency.
- cmplog level 3 (-l 3) now performs redqueen on everything. level 3 now performs redqueen on everything. use with care.
use with care. - better fuzzing strategy yield display for enabled options
- better fuzzing strategy yields for enabled options
- ensure one fuzzer sync per cycle - ensure one fuzzer sync per cycle
- fix afl_custom_queue_new_entry original file name when syncing - fix afl_custom_queue_new_entry original file name when syncing
from fuzzers from fuzzers
- fixed a crash when more than one custom mutator was used together
with afl_custom_post_process
- on a crashing seed potentially the wrong input was disabled - on a crashing seed potentially the wrong input was disabled
- added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in
-i dir crashes the target or results in a timeout. By default -i dir crashes the target or results in a timeout. By default

28
src/afl-fuzz-run.c
View File

@ -107,28 +107,22 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len) {
new_size = new_size =
el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf); el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf);
if (unlikely(!new_buf && new_size <= 0)) {
FATAL("Custom_post_process failed (ret: %lu)",
(long unsigned)new_size);
} }
new_mem = new_buf; new_mem = new_buf;
}
}); });
if (unlikely(!new_buf && (new_size <= 0))) { /* everything as planned. use the potentially new data. */
FATAL("Custom_post_process failed (ret: %lu)", (long unsigned)new_size);
} else if (likely(new_buf)) {
/* everything as planned. use the new data. */
afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size);
} else {
/* custom mutators do not has a custom_post_process function */
afl_fsrv_write_to_testcase(&afl->fsrv, mem, len);
}
} else { } else {
/* boring uncustom. */ /* boring uncustom. */
@ -188,17 +182,17 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at,
new_size = new_size =
el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf); el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf);
if (unlikely(!new_buf || (new_size <= 0))) { if (unlikely(!new_buf || new_size <= 0)) {
FATAL("Custom_post_process failed (ret: %lu)", FATAL("Custom_post_process failed (ret: %lu)",
(long unsigned)new_size); (long unsigned)new_size);
} }
}
new_mem = new_buf; new_mem = new_buf;
}
}); });
} }