ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support multiple custom mutators (#282)

Browse Source 
* Make a list of custom mutators using env variable

* Set up multiple custom mutators

* Add destroy custom mutator and changes to load_custom_mutator

* Use array instead of list, make changes to afl-fuzz-one for multiple mutators

* Make change to fuzz-one custom_queue_get to support multiple mutators

* Modify custom python mutator support

* Fix bug

* Fix missing afl->mutator->data

* Revert to list with max count

* Change custom_pre_save hook and code format

* Free custom_mutator struct in the list

* Add testcase for multiple custom mutators

* Resolve merge conflict
This commit is contained in:
Rishi Ranjan
2020-05-08 23:38:27 +05:30
committed by GitHub
parent 768053b6f2
commit 190f3024da
10 changed files with 363 additions and 254 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
src/afl-fuzz-python.c
View File

@ -295,88 +295,94 @@ void deinit_py(void *py_mutator) {
}
void load_custom_mutator_py(afl_state_t *afl, char *module_name) {
struct custom_mutator * load_custom_mutator_py(afl_state_t *afl, char *module_name) {
afl->mutator = ck_alloc(sizeof(struct custom_mutator));
afl->mutator->pre_save_buf = NULL;
afl->mutator->pre_save_size = 0;
struct custom_mutator * mutator;
afl->mutator->name = module_name;
mutator = ck_alloc(sizeof(struct custom_mutator));
mutator->pre_save_buf = NULL;
mutator->pre_save_size = 0;
mutator->name = module_name;
ACTF("Loading Python mutator library from '%s'...", module_name);
py_mutator_t *py_mutator;
py_mutator = init_py_module(afl, module_name);
afl->mutator->data = py_mutator;
mutator->data = py_mutator;
if (!py_mutator) { FATAL("Failed to load python mutator."); }
PyObject **py_functions = py_mutator->py_functions;
if (py_functions[PY_FUNC_INIT]) {
afl->mutator->afl_custom_init = unsupported;
mutator->afl_custom_init = unsupported;
}
if (py_functions[PY_FUNC_DEINIT]) {
afl->mutator->afl_custom_deinit = deinit_py;
mutator->afl_custom_deinit = deinit_py;
}
/* "afl_custom_fuzz" should not be NULL, but the interface of Python mutator
is quite different from the custom mutator. */
afl->mutator->afl_custom_fuzz = fuzz_py;
mutator->afl_custom_fuzz = fuzz_py;
if (py_functions[PY_FUNC_PRE_SAVE]) {
afl->mutator->afl_custom_pre_save = pre_save_py;
mutator->afl_custom_pre_save = pre_save_py;
}
if (py_functions[PY_FUNC_INIT_TRIM]) {
afl->mutator->afl_custom_init_trim = init_trim_py;
mutator->afl_custom_init_trim = init_trim_py;
}
if (py_functions[PY_FUNC_POST_TRIM]) {
afl->mutator->afl_custom_post_trim = post_trim_py;
mutator->afl_custom_post_trim = post_trim_py;
}
if (py_functions[PY_FUNC_TRIM]) { afl->mutator->afl_custom_trim = trim_py; }
if (py_functions[PY_FUNC_TRIM]) { mutator->afl_custom_trim = trim_py; }
if (py_functions[PY_FUNC_HAVOC_MUTATION]) {
afl->mutator->afl_custom_havoc_mutation = havoc_mutation_py;
mutator->afl_custom_havoc_mutation = havoc_mutation_py;
}
if (py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY]) {
afl->mutator->afl_custom_havoc_mutation_probability =
mutator->afl_custom_havoc_mutation_probability =
havoc_mutation_probability_py;
}
if (py_functions[PY_FUNC_QUEUE_GET]) {
afl->mutator->afl_custom_queue_get = queue_get_py;
mutator->afl_custom_queue_get = queue_get_py;
}
if (py_functions[PY_FUNC_QUEUE_NEW_ENTRY]) {
afl->mutator->afl_custom_queue_new_entry = queue_new_entry_py;
mutator->afl_custom_queue_new_entry = queue_new_entry_py;
}
OKF("Python mutator '%s' installed successfully.", module_name);
/* Initialize the custom mutator */
init_py(afl, py_mutator, rand_below(afl, 0xFFFFFFFF));
return mutator;
}
size_t pre_save_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf) {