ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

better foreign sync name

Browse Source
This commit is contained in:
van Hauser
2021-01-26 22:45:59 +01:00
parent 9c393adbb9
commit 36b5336152
3 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/afl-fuzz-init.c
View File

@ -460,6 +460,7 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
u32 i, iter;
u8 val_buf[2][STRINGIFY_VAL_SIZE_MAX];
u8 foreign_name[16];
for (iter = 0; iter < afl->foreign_sync_cnt; iter++) {
@ -468,6 +469,18 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
if (first) ACTF("Scanning '%s'...", afl->foreign_syncs[iter].dir);
time_t ctime_max = 0;
u8 * name = rindex(afl->foreign_syncs[iter].dir, '/');
if (!name) { name = afl->foreign_syncs[iter].dir; }
if (!strcmp(name, "queue") || !strcmp(name, "out") ||
!strcmp(name, "default")) {
snprintf(foreign_name, sizeof(foreign_name), "foreign_%u", iter);
} else {
snprintf(foreign_name, sizeof(foreign_name), "%s_%u", name, iter);
}
/* We use scandir() + alphasort() rather than readdir() because otherwise,
the ordering of test cases would vary somewhat randomly and would be
@ -581,7 +594,7 @@ void read_foreign_testcases(afl_state_t *afl, int first) {
write_to_testcase(afl, mem, st.st_size);
fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout);
afl->syncing_party = "foreign";
afl->syncing_party = foreign_name;
afl->queued_imported +=
save_if_interesting(afl, mem, st.st_size, fault);
afl->syncing_party = 0;

4
src/afl-fuzz-redqueen.c
View File

@ -249,7 +249,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len,
afl->stage_cur = 0;
// in colorization we do not classify counts, hence we have to calculate
// the original checksum!
// the original checksum.
if (unlikely(get_exec_checksum(afl, buf, len, &exec_cksum))) {
goto checksum_fail;
@ -2368,7 +2368,7 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
u64 orig_hit_cnt, new_hit_cnt;
u64 orig_execs = afl->fsrv.total_execs;
orig_hit_cnt = afl->queued_paths + afl->unique_crashes;
u64 screen_update = 1000000 / afl->queue_cur->exec_us,
u64 screen_update = 100000 / afl->queue_cur->exec_us,
execs = afl->fsrv.total_execs;
afl->stage_name = "input-to-state";

10
src/afl-fuzz.c
View File

@ -559,6 +559,16 @@ int main(int argc, char **argv_orig, char **envp) {
FATAL("Maximum %u entried of -F option can be specified",
FOREIGN_SYNCS_MAX);
afl->foreign_syncs[afl->foreign_sync_cnt].dir = optarg;
while (afl->foreign_syncs[afl->foreign_sync_cnt]
.dir[strlen(afl->foreign_syncs[afl->foreign_sync_cnt].dir) -
1] == '/') {
afl->foreign_syncs[afl->foreign_sync_cnt]
.dir[strlen(afl->foreign_syncs[afl->foreign_sync_cnt].dir) - 1] =
0;
}
afl->foreign_sync_cnt++;
break;