From 2e7f191f3bfcdc36bd45eb5cacaa16f06e30401c Mon Sep 17 00:00:00 2001 From: Kuang-che Wu Date: Sat, 24 May 2025 23:50:33 +0800 Subject: [PATCH] extract function to resize map buffers --- include/afl-fuzz.h | 1 + src/afl-fuzz-state.c | 28 ++++++++++++++ src/afl-fuzz.c | 91 ++------------------------------------------ 3 files changed, 33 insertions(+), 87 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index c1e6e0c8..60cc896b 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1140,6 +1140,7 @@ struct custom_mutator { void afl_state_init(afl_state_t *, uint32_t map_size); void afl_state_deinit(afl_state_t *); +void afl_resize_map_buffers(afl_state_t *, u32 old_size, u32 new_size); /* Set stop_soon flag on all children, kill all children */ void afl_states_stop(void); diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 67a3f31d..f1a94910 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -148,6 +148,34 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { } +void afl_resize_map_buffers(afl_state_t *afl, u32 old_size, u32 new_size) { + + afl->virgin_bits = ck_realloc(afl->virgin_bits, new_size); + afl->virgin_tmout = ck_realloc(afl->virgin_tmout, new_size); + afl->virgin_crash = ck_realloc(afl->virgin_crash, new_size); + afl->var_bytes = ck_realloc(afl->var_bytes, new_size); + afl->top_rated = ck_realloc(afl->top_rated, new_size * sizeof(void *)); + afl->clean_trace = ck_realloc(afl->clean_trace, new_size); + afl->clean_trace_custom = ck_realloc(afl->clean_trace_custom, new_size); + afl->first_trace = ck_realloc(afl->first_trace, new_size); + afl->map_tmp_buf = ck_realloc(afl->map_tmp_buf, new_size); + + if (old_size < new_size) { + + u32 size_diff = new_size - old_size; + + memset(afl->var_bytes + old_size, 0, size_diff); + memset(afl->top_rated + old_size * sizeof(void *), 0, + size_diff * sizeof(void *)); + memset(afl->clean_trace + old_size, 0, size_diff); + memset(afl->clean_trace_custom + old_size, 0, size_diff); + memset(afl->first_trace + old_size, 0, size_diff); + memset(afl->map_tmp_buf + old_size, 0, size_diff); + + } + +} + /*This sets up the environment variables for afl-fuzz into the afl_state * struct*/ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 835506b5..ae203349 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2498,30 +2498,8 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->non_instrumented_mode || afl->fsrv.qemu_mode || afl->fsrv.frida_mode || afl->fsrv.cs_mode || afl->unicorn_mode) { - u32 old_map_size = map_size; map_size = afl->fsrv.real_map_size = afl->fsrv.map_size = MAP_SIZE; - afl->virgin_bits = ck_realloc(afl->virgin_bits, map_size); - afl->virgin_tmout = ck_realloc(afl->virgin_tmout, map_size); - afl->virgin_crash = ck_realloc(afl->virgin_crash, map_size); - afl->var_bytes = ck_realloc(afl->var_bytes, map_size); - afl->top_rated = ck_realloc(afl->top_rated, map_size * sizeof(void *)); - afl->clean_trace = ck_realloc(afl->clean_trace, map_size); - afl->clean_trace_custom = ck_realloc(afl->clean_trace_custom, map_size); - afl->first_trace = ck_realloc(afl->first_trace, map_size); - afl->map_tmp_buf = ck_realloc(afl->map_tmp_buf, map_size); - - if (old_map_size < map_size) { - - memset(afl->var_bytes + old_map_size, 0, map_size - old_map_size); - memset(afl->top_rated + old_map_size * sizeof(void *), 0, - (map_size - old_map_size) * sizeof(void *)); - memset(afl->clean_trace + old_map_size, 0, map_size - old_map_size); - memset(afl->clean_trace_custom + old_map_size, 0, - map_size - old_map_size); - memset(afl->first_trace + old_map_size, 0, map_size - old_map_size); - memset(afl->map_tmp_buf + old_map_size, 0, map_size - old_map_size); - - } + afl_resize_map_buffers(afl, map_size, MAP_SIZE); } @@ -2549,32 +2527,7 @@ int main(int argc, char **argv_orig, char **envp) { if (map_size < new_map_size) { OKF("Re-initializing maps to %u bytes", new_map_size); - - u32 old_map_size = map_size; - afl->virgin_bits = ck_realloc(afl->virgin_bits, new_map_size); - afl->virgin_tmout = ck_realloc(afl->virgin_tmout, new_map_size); - afl->virgin_crash = ck_realloc(afl->virgin_crash, new_map_size); - afl->var_bytes = ck_realloc(afl->var_bytes, new_map_size); - afl->top_rated = - ck_realloc(afl->top_rated, new_map_size * sizeof(void *)); - afl->clean_trace = ck_realloc(afl->clean_trace, new_map_size); - afl->clean_trace_custom = - ck_realloc(afl->clean_trace_custom, new_map_size); - afl->first_trace = ck_realloc(afl->first_trace, new_map_size); - afl->map_tmp_buf = ck_realloc(afl->map_tmp_buf, new_map_size); - - if (old_map_size < new_map_size) { - - memset(afl->var_bytes + old_map_size, 0, new_map_size - old_map_size); - memset(afl->top_rated + old_map_size * sizeof(void *), 0, - (new_map_size - old_map_size) * sizeof(void *)); - memset(afl->clean_trace + old_map_size, 0, new_map_size - old_map_size); - memset(afl->clean_trace_custom + old_map_size, 0, - new_map_size - old_map_size); - memset(afl->first_trace + old_map_size, 0, new_map_size - old_map_size); - memset(afl->map_tmp_buf + old_map_size, 0, new_map_size - old_map_size); - - } + afl_resize_map_buffers(afl, map_size, new_map_size); afl_fsrv_kill(&afl->fsrv); afl_shm_deinit(&afl->shm); @@ -2666,18 +2619,7 @@ int main(int argc, char **argv_orig, char **envp) { OKF("Re-initializing maps to %u bytes due to SAN instrumented binary", new_map_size); - - afl->virgin_bits = ck_realloc(afl->virgin_bits, new_map_size); - afl->virgin_tmout = ck_realloc(afl->virgin_tmout, new_map_size); - afl->virgin_crash = ck_realloc(afl->virgin_crash, new_map_size); - afl->var_bytes = ck_realloc(afl->var_bytes, new_map_size); - afl->top_rated = - ck_realloc(afl->top_rated, new_map_size * sizeof(void *)); - afl->clean_trace = ck_realloc(afl->clean_trace, new_map_size); - afl->clean_trace_custom = - ck_realloc(afl->clean_trace_custom, new_map_size); - afl->first_trace = ck_realloc(afl->first_trace, new_map_size); - afl->map_tmp_buf = ck_realloc(afl->map_tmp_buf, new_map_size); + afl_resize_map_buffers(afl, map_size, new_map_size); afl_fsrv_kill(&afl->fsrv); afl_fsrv_kill(&afl->san_fsrvs[i]); @@ -2743,32 +2685,7 @@ int main(int argc, char **argv_orig, char **envp) { if (map_size < new_map_size) { OKF("Re-initializing maps to %u bytes due cmplog", new_map_size); - - u32 old_map_size = map_size; - afl->virgin_bits = ck_realloc(afl->virgin_bits, new_map_size); - afl->virgin_tmout = ck_realloc(afl->virgin_tmout, new_map_size); - afl->virgin_crash = ck_realloc(afl->virgin_crash, new_map_size); - afl->var_bytes = ck_realloc(afl->var_bytes, new_map_size); - afl->top_rated = - ck_realloc(afl->top_rated, new_map_size * sizeof(void *)); - afl->clean_trace = ck_realloc(afl->clean_trace, new_map_size); - afl->clean_trace_custom = - ck_realloc(afl->clean_trace_custom, new_map_size); - afl->first_trace = ck_realloc(afl->first_trace, new_map_size); - afl->map_tmp_buf = ck_realloc(afl->map_tmp_buf, new_map_size); - - if (old_map_size < new_map_size) { - - memset(afl->var_bytes + old_map_size, 0, new_map_size - old_map_size); - memset(afl->top_rated + old_map_size * sizeof(void *), 0, - (new_map_size - old_map_size) * sizeof(void *)); - memset(afl->clean_trace + old_map_size, 0, new_map_size - old_map_size); - memset(afl->clean_trace_custom + old_map_size, 0, - new_map_size - old_map_size); - memset(afl->first_trace + old_map_size, 0, new_map_size - old_map_size); - memset(afl->map_tmp_buf + old_map_size, 0, new_map_size - old_map_size); - - } + afl_resize_map_buffers(afl, map_size, new_map_size); afl_fsrv_kill(&afl->fsrv); afl_fsrv_kill(&afl->cmplog_fsrv);