moved autodict extras away from extras_a

2025-06-15 03:18:07 +00:00 · 2020-08-18 01:31:40 +02:00
parent 7470b475a9
commit 1a94cfe2af
5 changed files with 86 additions and 29 deletions
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@ -913,6 +913,7 @@ u8 has_new_bits(afl_state_t *, u8 *);
 void load_extras_file(afl_state_t *, u8 *, u32 *, u32 *, u32);
 void load_extras(afl_state_t *, u8 *);
 void add_extra(afl_state_t *afl, u8 *mem, u32 len);
 void maybe_add_auto(afl_state_t *, u8 *, u32);
 void save_auto(afl_state_t *);
 void load_auto(afl_state_t *);
--- a/include/forkserver.h
+++ b/include/forkserver.h
@ -91,7 +91,7 @@ typedef struct afl_forkserver {
  u8 *afl_ptr;                          /* for autodictionary: afl ptr      */
-  void (*autodict_func)(void *afl_ptr, u8 *mem, u32 len);
+  void (*add_extra_func)(void *afl_ptr, u8 *mem, u32 len);
 } afl_forkserver_t;
--- a/src/afl-forkserver.c
+++ b/src/afl-forkserver.c
@ -630,7 +630,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
      if ((status & FS_OPT_AUTODICT) == FS_OPT_AUTODICT) {
-        if (fsrv->autodict_func == NULL || fsrv->afl_ptr == NULL) {
+        if (fsrv->add_extra_func == NULL || fsrv->afl_ptr == NULL) {
          // this is not afl-fuzz - we deny and return
          if (fsrv->use_shmem_fuzz) {
@ -715,7 +715,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
        while (offset < (u32)status &&
               (u8)dict[offset] + offset < (u32)status) {
-          fsrv->autodict_func(fsrv->afl_ptr, dict + offset + 1,
+          fsrv->add_extra_func(fsrv->afl_ptr, dict + offset + 1,
                              (u8)dict[offset]);
          offset += (1 + dict[offset]);
          count++;
--- a/src/afl-fuzz-extras.c
+++ b/src/afl-fuzz-extras.c
@ -227,6 +227,38 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len,
 }
 static void extras_check_and_sort(afl_state_t *afl, u32 min_len, u32 max_len, u8 *dir) {
  u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX];
  if (!afl->extras_cnt) { 
    FATAL("No usable files in '%s'", dir); }
  qsort(afl->extras, afl->extras_cnt, sizeof(struct extra_data),
        compare_extras_len);
  OKF("Loaded %u extra tokens, size range %s to %s.", afl->extras_cnt,
      stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), min_len),
      stringify_mem_size(val_bufs[1], sizeof(val_bufs[1]), max_len));
  if (max_len > 32) {
    WARNF("Some tokens are relatively large (%s) - consider trimming.",
          stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), max_len));
  }
  if (afl->extras_cnt > MAX_DET_EXTRAS) {
    WARNF("More than %d tokens - will use them probabilistically.",
          MAX_DET_EXTRAS);
  }
 }
 /* Read extras from the extras directory and sort them by size. */
 void load_extras(afl_state_t *afl, u8 *dir) {
@ -256,7 +288,8 @@ void load_extras(afl_state_t *afl, u8 *dir) {
    if (errno == ENOTDIR) {
      load_extras_file(afl, dir, &min_len, &max_len, dict_level);
-      goto check_and_sort;
+      extras_check_and_sort(afl, min_len, max_len, dir);
      return;
    }
@ -321,30 +354,7 @@ void load_extras(afl_state_t *afl, u8 *dir) {
  closedir(d);
-check_and_sort:
+  extras_check_and_sort(afl, min_len, max_len, dir);
  if (!afl->extras_cnt) { FATAL("No usable files in '%s'", dir); }
  qsort(afl->extras, afl->extras_cnt, sizeof(struct extra_data),
        compare_extras_len);
  OKF("Loaded %u extra tokens, size range %s to %s.", afl->extras_cnt,
      stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), min_len),
      stringify_mem_size(val_bufs[1], sizeof(val_bufs[1]), max_len));
  if (max_len > 32) {
    WARNF("Some tokens are relatively large (%s) - consider trimming.",
          stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), max_len));
  }
  if (afl->extras_cnt > MAX_DET_EXTRAS) {
    WARNF("More than %d tokens - will use them probabilistically.",
          MAX_DET_EXTRAS);
  }
 }
@ -362,6 +372,52 @@ static inline u8 memcmp_nocase(u8 *m1, u8 *m2, u32 len) {
 }
 /* Adds a new extra / dict entry. */
 void add_extra(afl_state_t *afl, u8 *mem, u32 len) {
  u8 val_bufs[2][STRINGIFY_VAL_SIZE_MAX];
  if (len > MAX_DICT_FILE) {
    FATAL(
        "Extra '%.*s' is too big (%s, limit is %s)", (int)len, mem,
        stringify_mem_size(val_bufs[0], sizeof(val_bufs[0]), len),
        stringify_mem_size(val_bufs[1], sizeof(val_bufs[1]), MAX_DICT_FILE));
  } else if (len > 32) {
    WARNF(
      "Extra '%.*s' is pretty large, consider trimming.", (int)len, mem
    );
  }
  afl->extras =
      afl_realloc((void **)&afl->extras,
                  (afl->extras_cnt + 1) * sizeof(struct extra_data));
  if (unlikely(!afl->extras)) { PFATAL("alloc"); }
  afl->extras[afl->extras_cnt].data = ck_alloc(len);
  afl->extras[afl->extras_cnt].len = len;
  memcpy(afl->extras[afl->extras_cnt].data, mem, len);
  afl->extras_cnt++;
  qsort(afl->extras, afl->extras_cnt, sizeof(struct extra_data),
        compare_extras_len);
  /* We only want to print this once */
  if (afl->extras_cnt == MAX_DET_EXTRAS + 1) {
    WARNF("More than %d tokens - will use them probabilistically.",
          MAX_DET_EXTRAS);
  }
 }
 /* Maybe add automatic extra. */
 void maybe_add_auto(afl_state_t *afl, u8 *mem, u32 len) {
--- a/src/afl-fuzz-state.c
+++ b/src/afl-fuzz-state.c
@ -114,7 +114,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
  afl->fsrv.map_size = map_size;
  // afl_state_t is not available in forkserver.c
  afl->fsrv.afl_ptr = (void *)afl;
-  afl->fsrv.autodict_func = (void (*)(void *, u8 *, u32)) & maybe_add_auto;
+  afl->fsrv.add_extra_func = (void (*)(void *, u8 *, u32)) &add_extra;
  afl->cal_cycles = CAL_CYCLES;
  afl->cal_cycles_long = CAL_CYCLES_LONG;