ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-19 04:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

mut changes

Browse Source
This commit is contained in:
vanhauser-thc
2023-04-05 09:33:09 +02:00
parent 41a452d4e8
commit 53b70ef104
2 changed files with 37 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

83
include/afl-mutations.h
View File

@ -65,14 +65,13 @@ enum {
/* 27 */ MUT_DELONE, /* 27 */ MUT_DELONE,
/* 28 */ MUT_INSERTONE, /* 28 */ MUT_INSERTONE,
/* 29 */ MUT_ASCIINUM, /* 29 */ MUT_ASCIINUM,
/* 30 */ MUT_NEG, /* 30 */ MUT_INSERTASCIINUM,
/* 31 */ MUT_INSERTASCIINUM, /* 31 */ MUT_EXTRA_OVERWRITE,
/* 32 */ MUT_EXTRA_OVERWRITE, /* 32 */ MUT_EXTRA_INSERT,
/* 33 */ MUT_EXTRA_INSERT, /* 33 */ MUT_AUTO_EXTRA_OVERWRITE,
/* 34 */ MUT_AUTO_EXTRA_OVERWRITE, /* 34 */ MUT_AUTO_EXTRA_INSERT,
/* 35 */ MUT_AUTO_EXTRA_INSERT, /* 35 */ MUT_SPLICE_OVERWRITE,
/* 36 */ MUT_SPLICE_OVERWRITE, /* 36 */ MUT_SPLICE_INSERT,
/* 37 */ MUT_SPLICE_INSERT,
MUT_MAX MUT_MAX
@ -199,6 +198,7 @@ u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_CLONE_INSERT, MUT_CLONE_INSERT,
MUT_CLONE_INSERT, MUT_CLONE_INSERT,
MUT_CLONE_INSERT, MUT_CLONE_INSERT,
MUT_CLONE_INSERT,
MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY,
@ -233,6 +233,9 @@ u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_SWITCH, MUT_SWITCH,
MUT_SWITCH, MUT_SWITCH,
MUT_SWITCH, MUT_SWITCH,
@ -276,12 +279,8 @@ u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_NEG, MUT_ASCIINUM,
MUT_NEG, MUT_INSERTASCIINUM,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
@ -335,7 +334,7 @@ u32 mutation_strategy_exploration_text[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT
}; };
@ -468,6 +467,7 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_CLONE_INSERT, MUT_CLONE_INSERT,
MUT_CLONE_INSERT, MUT_CLONE_INSERT,
MUT_CLONE_INSERT, MUT_CLONE_INSERT,
MUT_CLONE_INSERT,
MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY,
MUT_OVERWRITE_COPY, MUT_OVERWRITE_COPY,
@ -504,6 +504,10 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_SWITCH, MUT_SWITCH,
MUT_SWITCH, MUT_SWITCH,
MUT_SWITCH, MUT_SWITCH,
@ -541,12 +545,6 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
@ -596,7 +594,7 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT
}; };
@ -766,6 +764,9 @@ u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_SWITCH, MUT_SWITCH,
MUT_SWITCH, MUT_SWITCH,
MUT_SWITCH, MUT_SWITCH,
@ -785,6 +786,7 @@ u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_SHUFFLE, MUT_SHUFFLE,
MUT_SHUFFLE, MUT_SHUFFLE,
MUT_SHUFFLE, MUT_SHUFFLE,
MUT_SHUFFLE,
MUT_DELONE, MUT_DELONE,
MUT_DELONE, MUT_DELONE,
MUT_DELONE, MUT_DELONE,
@ -801,12 +803,8 @@ u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_NEG, MUT_ASCIINUM,
MUT_NEG, MUT_INSERTASCIINUM,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
@ -857,7 +855,7 @@ u32 mutation_strategy_exploitation_text[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT
}; };
@ -959,6 +957,8 @@ u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_ARITH32BE_, MUT_ARITH32BE_,
MUT_ARITH32BE_, MUT_ARITH32BE_,
MUT_ARITH32BE_, MUT_ARITH32BE_,
MUT_ARITH32BE_,
MUT_ARITH32,
MUT_ARITH32, MUT_ARITH32,
MUT_ARITH32, MUT_ARITH32,
MUT_ARITH32, MUT_ARITH32,
@ -1027,6 +1027,10 @@ u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8, MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_FLIP8,
MUT_SWITCH, MUT_SWITCH,
MUT_SWITCH, MUT_SWITCH,
MUT_SWITCH, MUT_SWITCH,
@ -1062,12 +1066,6 @@ u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_ASCIINUM, MUT_ASCIINUM,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_NEG,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
MUT_INSERTASCIINUM, MUT_INSERTASCIINUM,
@ -1118,7 +1116,9 @@ u32 mutation_strategy_exploitation_binary[MUT_STRATEGY_ARRAY_SIZE] = {
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT, MUT_SPLICE_INSERT,
MUT_SPLICE_INSERT}; MUT_SPLICE_INSERT
};
u32 afl_mutate(afl_state_t *, u8 *, u32, u32, bool, bool, u8 *, u32, u32); u32 afl_mutate(afl_state_t *, u8 *, u32, u32, bool, bool, u8 *, u32, u32);
u32 choose_block_len(afl_state_t *, u32); u32 choose_block_len(afl_state_t *, u32);
@ -1865,17 +1865,6 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps,
} }
case MUT_NEG: {
/* Neg byte. */
item = rand_below(afl, len);
buf[item] = ~buf[item];
break;
}
case MUT_INSERTASCIINUM: { case MUT_INSERTASCIINUM: {
u32 len = 1 + rand_below(afl, 8); u32 len = 1 + rand_below(afl, 8);

17
src/afl-fuzz-one.c
View File

@ -2659,7 +2659,7 @@ havoc_stage:
case MUT_FLIP8: { case MUT_FLIP8: {
/* Flip byte. */ /* Flip byte with a XOR 0xff. This is the same as NEG. */
#ifdef INTROSPECTION #ifdef INTROSPECTION
snprintf(afl->m_tmp, sizeof(afl->m_tmp), " FLIP8_"); snprintf(afl->m_tmp, sizeof(afl->m_tmp), " FLIP8_");
@ -2987,21 +2987,6 @@ havoc_stage:
} }
case MUT_NEG: {
/* Neg byte. */
#ifdef INTROSPECTION
snprintf(afl->m_tmp, sizeof(afl->m_tmp), " NEG_");
strcat(afl->mutation, afl->m_tmp);
#endif
item = rand_below(afl, temp_len);
out_buf[item] = ~out_buf[item];
break;
}
case MUT_INSERTASCIINUM: { case MUT_INSERTASCIINUM: {
u32 len = 1 + rand_below(afl, 8); u32 len = 1 + rand_below(afl, 8);