ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
van Hauser
2020-08-09 12:35:52 +02:00
parent a1129b67c2
commit 32db31b555
5 changed files with 28 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
include/afl-fuzz.h
View File

@ -838,7 +838,8 @@ struct custom_mutator {
}; };
void afl_state_init(afl_state_t *, uint32_t map_size); void afl_state_init_1(afl_state_t *, uint32_t map_size);
void afl_state_init_2(afl_state_t *, uint32_t map_size);
void afl_state_deinit(afl_state_t *); void afl_state_deinit(afl_state_t *);
/* Set stop_soon flag on all childs, kill all childs */ /* Set stop_soon flag on all childs, kill all childs */

1
src/afl-fuzz-bitmap.c
View File

@ -257,7 +257,6 @@ u32 count_bytes_len(afl_state_t *afl, u8 *mem, u32 len) {
} }
/* Count the number of non-255 bytes set in the bitmap. Used strictly for the /* Count the number of non-255 bytes set in the bitmap. Used strictly for the
status screen, several calls per second or so. */ status screen, several calls per second or so. */

6
src/afl-fuzz-run.c
View File

@ -480,10 +480,10 @@ abort_calibration:
0) { 0) {
u32 len = q->len; u32 len = q->len;
if (len % 4) if (len % 4) len = len + 4 - (q->len % 4);
len = len + 4 - (q->len % 4);
u32 bytes = count_bytes_len(afl, afl->taint_fsrv.trace_bits, len); u32 bytes = count_bytes_len(afl, afl->taint_fsrv.trace_bits, len);
if (afl->debug) fprintf(stderr, "Debug: tainted bytes: %u\n", bytes); if (afl->debug)
fprintf(stderr, "Debug: tainted %u out of %u bytes\n", bytes, q->len);
} }

30
src/afl-fuzz-state.c
View File

@ -75,7 +75,7 @@ static list_t afl_states = {.element_prealloc_count = 0};
/* Initializes an afl_state_t. */ /* Initializes an afl_state_t. */
void afl_state_init(afl_state_t *afl, uint32_t map_size) { void afl_state_init_1(afl_state_t *afl, uint32_t map_size) {
/* thanks to this memset, growing vars like out_buf /* thanks to this memset, growing vars like out_buf
and out_size are NULL/0 by default. */ and out_size are NULL/0 by default. */
@ -100,16 +100,6 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
afl->cpu_aff = -1; /* Selected CPU core */ afl->cpu_aff = -1; /* Selected CPU core */
#endif /* HAVE_AFFINITY */ #endif /* HAVE_AFFINITY */
afl->virgin_bits = ck_alloc(map_size);
afl->virgin_tmout = ck_alloc(map_size);
afl->virgin_crash = ck_alloc(map_size);
afl->var_bytes = ck_alloc(map_size);
afl->top_rated = ck_alloc(map_size * sizeof(void *));
afl->clean_trace = ck_alloc(map_size);
afl->clean_trace_custom = ck_alloc(map_size);
afl->first_trace = ck_alloc(map_size);
afl->map_tmp_buf = ck_alloc(map_size);
afl->fsrv.use_stdin = 1; afl->fsrv.use_stdin = 1;
afl->fsrv.map_size = map_size; afl->fsrv.map_size = map_size;
afl->fsrv.function_opt = (u8 *)afl; afl->fsrv.function_opt = (u8 *)afl;
@ -160,6 +150,24 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
} }
void afl_state_init_2(afl_state_t *afl, uint32_t map_size) {
afl->shm.map_size = map_size ? map_size : MAP_SIZE;
afl->virgin_bits = ck_alloc(map_size);
afl->virgin_tmout = ck_alloc(map_size);
afl->virgin_crash = ck_alloc(map_size);
afl->var_bytes = ck_alloc(map_size);
afl->top_rated = ck_alloc(map_size * sizeof(void *));
afl->clean_trace = ck_alloc(map_size);
afl->clean_trace_custom = ck_alloc(map_size);
afl->first_trace = ck_alloc(map_size);
afl->map_tmp_buf = ck_alloc(map_size);
afl->fsrv.map_size = map_size;
}
/*This sets up the environment variables for afl-fuzz into the afl_state /*This sets up the environment variables for afl-fuzz into the afl_state
* struct*/ * struct*/

6
src/afl-fuzz.c
View File

@ -262,7 +262,7 @@ int main(int argc, char **argv_orig, char **envp) {
if (get_afl_env("AFL_DEBUG")) { debug = afl->debug = 1; } if (get_afl_env("AFL_DEBUG")) { debug = afl->debug = 1; }
map_size = get_map_size(); map_size = get_map_size();
afl_state_init(afl, map_size); afl_state_init_1(afl, map_size);
afl->debug = debug; afl->debug = debug;
afl_fsrv_init(&afl->fsrv); afl_fsrv_init(&afl->fsrv);
@ -827,10 +827,12 @@ int main(int argc, char **argv_orig, char **envp) {
if (afl->fsrv.taint_mode && afl->fsrv.map_size < MAX_FILE) { if (afl->fsrv.taint_mode && afl->fsrv.map_size < MAX_FILE) {
afl->fsrv.map_size = afl->shm.map_size = MAX_FILE; map_size = afl->fsrv.map_size = afl->shm.map_size = MAX_FILE;
} }
afl_state_init_2(afl, map_size);
if (!mem_limit_given && afl->shm.cmplog_mode) afl->fsrv.mem_limit += 260; if (!mem_limit_given && afl->shm.cmplog_mode) afl->fsrv.mem_limit += 260;
OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" " OKF("afl++ is maintained by Marc \"van Hauser\" Heuse, Heiko \"hexcoder\" "