ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 04:18:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

max_len support

Browse Source
This commit is contained in:
vanhauser-thc
2023-04-04 16:23:19 +02:00
parent fcd2125678
commit 32ffa2664c
2 changed files with 72 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
custom_mutators/aflpp/aflpp.c
View File

@ -4,6 +4,7 @@ typedef struct my_mutator {
afl_state_t *afl;
u8 *buf;
u32 buf_size;
} my_mutator_t;
@ -19,12 +20,15 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) {
}
data->buf = malloc(MAX_FILE);
if (!data->buf) {
if ((data->buf = malloc(MAX_FILE)) == NULL) {
perror("afl_custom_init alloc");
return NULL;
} else {
data->buf_size = MAX_FILE;
}
data->afl = afl;
@ -39,6 +43,23 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
u8 **out_buf, uint8_t *add_buf, size_t add_buf_size,
size_t max_size) {
if (max_size > data->buf_size) {
u8 *ptr = realloc(data->buf, max_size);
if (ptr) {
return 0;
} else {
data->buf = ptr;
data->buf_size = max_size;
}
}
u32 havoc_steps = 1 + rand_below(data->afl, 16);
/* set everything up, costly ... :( */
@ -46,7 +67,7 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size,
/* the mutation */
u32 out_buf_len = afl_mutate(data->afl, data->buf, buf_size, havoc_steps,
false, true, add_buf, add_buf_size);
false, true, add_buf, add_buf_size, max_size);
/* return size of mutated data */
*out_buf = data->buf;