mirror of
https://github.com/AFLplusplus/AFLplusplus.git
synced 2025-06-14 11:08:06 +00:00
mv cmplog options to config.h
This commit is contained in:
van Hauser
@ -34,6 +34,32 @@
|
|||||||
* *
|
* *
|
||||||
******************************************************/
|
******************************************************/
|
||||||
|
|
||||||
|
/* CMPLOG/REDQUEEN TUNING
|
||||||
|
*
|
||||||
|
* Here you can tuning and solving options for cmplog.
|
||||||
|
* Note that these are run-time options for afl-fuzz, no target
|
||||||
|
* recompilation required.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
/* Enable transform following (XOR/ADD/SUB manipulations, hex en/decoding) */
|
||||||
|
// #define CMPLOG_TRANSFORM
|
||||||
|
|
||||||
|
/* if TRANSFORM is enabled, this additionally enables base64 en/decoding */
|
||||||
|
// #define CMPLOG_TRANSFORM_BASE64
|
||||||
|
|
||||||
|
/* Minimum % of the corpus to perform cmplog on. Default: 20% */
|
||||||
|
#define CMPLOG_CORPUS_PERCENT 20U
|
||||||
|
|
||||||
|
/* Number of potential posititions from which we decide the cmplog becomes
|
||||||
|
useless, default 16384 */
|
||||||
|
#define CMPLOG_POSITIONS_MAX 16384U
|
||||||
|
|
||||||
|
/* Maximum allowed fails per CMP value. Default: 32 * 3 */
|
||||||
|
#define CMPLOG_FAIL_MAX 96
|
||||||
|
|
||||||
|
/* Now non-cmplog configuration options */
|
||||||
|
|
||||||
/* console output colors: There are three ways to configure its behavior
|
/* console output colors: There are three ways to configure its behavior
|
||||||
* 1. default: colored outputs fixed on: defined USE_COLOR && defined
|
* 1. default: colored outputs fixed on: defined USE_COLOR && defined
|
||||||
* ALWAYS_COLORED The env var. AFL_NO_COLOR will have no effect
|
* ALWAYS_COLORED The env var. AFL_NO_COLOR will have no effect
|
||||||
@ -67,7 +93,7 @@
|
|||||||
/* If you want to have the original afl internal memory corruption checks.
|
/* If you want to have the original afl internal memory corruption checks.
|
||||||
Disabled by default for speed. it is better to use "make ASAN_BUILD=1". */
|
Disabled by default for speed. it is better to use "make ASAN_BUILD=1". */
|
||||||
|
|
||||||
//#define _WANT_ORIGINAL_AFL_ALLOC
|
// #define _WANT_ORIGINAL_AFL_ALLOC
|
||||||
|
|
||||||
/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */
|
/* Comment out to disable fancy ANSI boxes and use poor man's 7-bit UI: */
|
||||||
|
|
||||||
|
|||||||
@ -51,7 +51,7 @@ enum {
|
|||||||
enum {
|
enum {
|
||||||
|
|
||||||
LVL1 = 1, // Integer solving
|
LVL1 = 1, // Integer solving
|
||||||
LVL2 = 2, // FP solving
|
LVL2 = 2, // unused except for setting the queue entry
|
||||||
LVL3 = 4 // expensive tranformations
|
LVL3 = 4 // expensive tranformations
|
||||||
|
|
||||||
};
|
};
|
||||||
@ -986,11 +986,10 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
|
|||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
// we only allow this for ascii2integer (above)
|
// we only allow this for ascii2integer (above) so leave if this is the case
|
||||||
if (unlikely(pattern == o_pattern)) { return 0; }
|
if (unlikely(pattern == o_pattern)) { return 0; }
|
||||||
|
|
||||||
if ((lvl & LVL1) || ((lvl & LVL2) && (attr >= IS_FP && attr < IS_FP_MOD)) ||
|
if ((lvl & LVL1) || attr >= IS_FP_MOD) {
|
||||||
attr >= IS_FP_MOD) {
|
|
||||||
|
|
||||||
if (SHAPE_BYTES(h->shape) >= 8 && *status != 1) {
|
if (SHAPE_BYTES(h->shape) >= 8 && *status != 1) {
|
||||||
|
|
||||||
@ -1498,9 +1497,6 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
|
|||||||
u32 len, u32 lvl, struct tainted *taint) {
|
u32 len, u32 lvl, struct tainted *taint) {
|
||||||
|
|
||||||
struct cmp_header *h = &afl->shm.cmp_map->headers[key];
|
struct cmp_header *h = &afl->shm.cmp_map->headers[key];
|
||||||
// FP handling only from lvl 2 onwards
|
|
||||||
if ((h->attribute & IS_FP) && lvl < LVL2) { return 0; }
|
|
||||||
|
|
||||||
struct tainted *t;
|
struct tainted *t;
|
||||||
u32 i, j, idx, taint_len, loggeds;
|
u32 i, j, idx, taint_len, loggeds;
|
||||||
u32 have_taint = 1, is_n = 0;
|
u32 have_taint = 1, is_n = 0;
|
||||||
@ -2443,21 +2439,7 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
afl->stage_max = 0;
|
afl->stage_max = 0;
|
||||||
afl->stage_cur = 0;
|
afl->stage_cur = 0;
|
||||||
|
|
||||||
u32 lvl;
|
u32 lvl = (afl->queue_cur->colorized ? 0 : LVL1) + (afl->cmplog_lvl == CMPLOG_LVL_MAX ? LVL3 : 0);
|
||||||
u32 cmplog_done = afl->queue_cur->colorized;
|
|
||||||
u32 cmplog_lvl = afl->cmplog_lvl;
|
|
||||||
if (!cmplog_done) {
|
|
||||||
|
|
||||||
lvl = LVL1;
|
|
||||||
|
|
||||||
} else {
|
|
||||||
|
|
||||||
lvl = 0;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cmplog_lvl >= 2 && cmplog_done < 2) { lvl += LVL2; }
|
|
||||||
if (cmplog_lvl >= 3 && cmplog_done < 3) { lvl += LVL3; }
|
|
||||||
|
|
||||||
#ifdef COMBINE
|
#ifdef COMBINE
|
||||||
u8 *cbuf = afl_realloc((void **)&afl->in_scratch_buf, len + 128);
|
u8 *cbuf = afl_realloc((void **)&afl->in_scratch_buf, len + 128);
|
||||||
@ -2473,8 +2455,8 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
|
|
||||||
if (!afl->shm.cmp_map->headers[k].hits) { continue; }
|
if (!afl->shm.cmp_map->headers[k].hits) { continue; }
|
||||||
|
|
||||||
if (afl->pass_stats[k].faileds >= 0x69 ||
|
if (afl->pass_stats[k].faileds >= CMPLOG_FAIL_MAX ||
|
||||||
afl->pass_stats[k].total >= 0x69) {
|
afl->pass_stats[k].total >= CMPLOG_FAIL_MAX) {
|
||||||
|
|
||||||
#ifdef _DEBUG
|
#ifdef _DEBUG
|
||||||
fprintf(stderr, "DISABLED %u\n", k);
|
fprintf(stderr, "DISABLED %u\n", k);
|
||||||
@ -2542,9 +2524,10 @@ u8 input_to_state_stage(afl_state_t *afl, u8 *orig_buf, u8 *buf, u32 len) {
|
|||||||
|
|
||||||
exit_its:
|
exit_its:
|
||||||
|
|
||||||
afl->queue_cur->colorized = afl->cmplog_lvl;
|
|
||||||
if (afl->cmplog_lvl == CMPLOG_LVL_MAX) {
|
if (afl->cmplog_lvl == CMPLOG_LVL_MAX) {
|
||||||
|
|
||||||
|
afl->queue_cur->colorized = CMPLOG_LVL_MAX;
|
||||||
|
|
||||||
ck_free(afl->queue_cur->cmplog_colorinput);
|
ck_free(afl->queue_cur->cmplog_colorinput);
|
||||||
t = taint;
|
t = taint;
|
||||||
while (taint) {
|
while (taint) {
|
||||||
@ -2559,6 +2542,8 @@ exit_its:
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
|
afl->queue_cur->colorized = LVL2;
|
||||||
|
|
||||||
if (!afl->queue_cur->taint) { afl->queue_cur->taint = taint; }
|
if (!afl->queue_cur->taint) { afl->queue_cur->taint = taint; }
|
||||||
|
|
||||||
if (!afl->queue_cur->cmplog_colorinput) {
|
if (!afl->queue_cur->cmplog_colorinput) {
|
||||||
|
|||||||
@ -123,8 +123,7 @@ static void usage(u8 *argv0, int more_help) {
|
|||||||
"it.\n"
|
"it.\n"
|
||||||
" if using QEMU, just use -c 0.\n"
|
" if using QEMU, just use -c 0.\n"
|
||||||
" -l cmplog_level - set the complexity/intensivity of CmpLog.\n"
|
" -l cmplog_level - set the complexity/intensivity of CmpLog.\n"
|
||||||
" Values: 1 (integer+string), 2 (+FP) and 3 "
|
" Values: 1 (basic), 2 (larger files) and 3 (transform)\n\n"
|
||||||
"(+transform)\n\n"
|
|
||||||
|
|
||||||
"Fuzzing behavior settings:\n"
|
"Fuzzing behavior settings:\n"
|
||||||
" -Z - sequential queue selection instead of weighted "
|
" -Z - sequential queue selection instead of weighted "
|
||||||
|
|||||||
Reference in New Issue
Block a user