ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 20:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix not using autodict

Browse Source
This commit is contained in:
vanhauser-thc
2024-02-29 14:31:47 +01:00
parent acc178e5dd
commit 6062668679
4 changed files with 65 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/afl-forkserver.c
View File

@ -724,7 +724,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
} }
/* autodict in Nyx mode */ /* autodict in Nyx mode */
if (!ignore_autodict) { if (!ignore_autodict && fsrv->add_extra_func) {
char *x = char *x =
alloc_printf("%s/workdir/dump/afl_autodict.txt", fsrv->out_dir_path); alloc_printf("%s/workdir/dump/afl_autodict.txt", fsrv->out_dir_path);
@ -1111,7 +1111,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
} }
if ((status & FS_NEW_OPT_SHDMEM_FUZZ)) { if ((status & FS_NEW_OPT_SHDMEM_FUZZ) && fsrv->add_extra_func &&
!ignore_autodict) {
if (fsrv->support_shmem_fuzz) { if (fsrv->support_shmem_fuzz) {
@ -1130,6 +1131,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
if ((status & FS_NEW_OPT_AUTODICT)) { if ((status & FS_NEW_OPT_AUTODICT)) {
// even if we do not need the dictionary we have to read it
u32 dict_size; u32 dict_size;
if (read(fsrv->fsrv_st_fd, &dict_size, 4) != 4) { if (read(fsrv->fsrv_st_fd, &dict_size, 4) != 4) {
@ -1173,14 +1176,24 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
offset = 0; offset = 0;
while (offset < dict_size && (u8)dict[offset] + offset < dict_size) { while (offset < dict_size && (u8)dict[offset] + offset < dict_size) {
if (!ignore_autodict && fsrv->add_extra_func) {
fsrv->add_extra_func(fsrv->afl_ptr, dict + offset + 1, fsrv->add_extra_func(fsrv->afl_ptr, dict + offset + 1,
(u8)dict[offset]); (u8)dict[offset]);
offset += (1 + dict[offset]);
count++; count++;
} }
if (!be_quiet) { ACTF("Loaded %u autodictionary entries", count); } offset += (1 + dict[offset]);
}
if (!be_quiet && count) {
ACTF("Loaded %u autodictionary entries", count);
}
ck_free(dict); ck_free(dict);
} }

15
src/afl-fuzz-bitmap.c
View File

@ -527,8 +527,8 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#ifndef SIMPLE_FILES #ifndef SIMPLE_FILES
queue_fn = queue_fn = alloc_printf(
alloc_printf("%s/queue/id:%06u,%s%s%s", afl->out_dir, afl->queued_items, "%s/queue/id:%06u,%s%s%s", afl->out_dir, afl->queued_items,
describe_op(afl, new_bits + is_timeout, describe_op(afl, new_bits + is_timeout,
NAME_MAX - strlen("id:000000,")), NAME_MAX - strlen("id:000000,")),
afl->file_extension ? "." : "", afl->file_extension ? "." : "",
@ -536,8 +536,8 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#else #else
queue_fn = queue_fn = alloc_printf(
alloc_printf("%s/queue/id_%06u", afl->out_dir, afl->queued_items, "%s/queue/id_%06u", afl->out_dir, afl->queued_items,
afl->file_extension ? "." : "", afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : ""); afl->file_extension ? (const char *)afl->file_extension : "");
@ -752,8 +752,7 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#else #else
snprintf(fn, PATH_MAX, "%s/hangs/id_%06llu%s%s", afl->out_dir, snprintf(fn, PATH_MAX, "%s/hangs/id_%06llu%s%s", afl->out_dir,
afl->saved_hangs, afl->saved_hangs, afl->file_extension ? "." : "",
afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : ""); afl->file_extension ? (const char *)afl->file_extension : "");
#endif /* ^!SIMPLE_FILES */ #endif /* ^!SIMPLE_FILES */
@ -800,8 +799,8 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#ifndef SIMPLE_FILES #ifndef SIMPLE_FILES
snprintf(fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s%s", afl->out_dir, snprintf(fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s%s",
afl->saved_crashes, afl->fsrv.last_kill_signal, afl->out_dir, afl->saved_crashes, afl->fsrv.last_kill_signal,
describe_op(afl, 0, NAME_MAX - strlen("id:000000,sig:00,")), describe_op(afl, 0, NAME_MAX - strlen("id:000000,sig:00,")),
afl->file_extension ? "." : "", afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : ""); afl->file_extension ? (const char *)afl->file_extension : "");

4
src/afl-fuzz-extras.c
View File

@ -742,8 +742,8 @@ void save_auto(afl_state_t *afl) {
for (i = 0; i < MIN((u32)USE_AUTO_EXTRAS, afl->a_extras_cnt); ++i) { for (i = 0; i < MIN((u32)USE_AUTO_EXTRAS, afl->a_extras_cnt); ++i) {
u8 *fn = u8 *fn = alloc_printf(
alloc_printf("%s/queue/.state/auto_extras/auto_%06u%s%s", afl->out_dir, i, "%s/queue/.state/auto_extras/auto_%06u%s%s", afl->out_dir, i,
afl->file_extension ? "." : "", afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : ""); afl->file_extension ? (const char *)afl->file_extension : "");

31
src/afl-fuzz-init.c
View File

@ -1157,20 +1157,20 @@ void perform_dry_run(afl_state_t *afl) {
#ifndef SIMPLE_FILES #ifndef SIMPLE_FILES
snprintf(crash_fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s%s%s", snprintf(
crash_fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s%s%s",
afl->out_dir, afl->saved_crashes, afl->fsrv.last_kill_signal, afl->out_dir, afl->saved_crashes, afl->fsrv.last_kill_signal,
describe_op(afl, 0, describe_op(
NAME_MAX - strlen("id:000000,sig:00,") - afl, 0,
strlen(use_name)), NAME_MAX - strlen("id:000000,sig:00,") - strlen(use_name)),
use_name, use_name, afl->file_extension ? "." : "",
afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : ""); afl->file_extension ? (const char *)afl->file_extension : "");
#else #else
snprintf(crash_fn, PATH_MAX, "%s/crashes/id_%06llu_%02u%s%s", snprintf(
afl->out_dir, afl->saved_crashes, crash_fn, PATH_MAX, "%s/crashes/id_%06llu_%02u%s%s", afl->out_dir,
afl->fsrv.last_kill_signal, afl->saved_crashes, afl->fsrv.last_kill_signal,
afl->file_extension ? "." : "", afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : ""); afl->file_extension ? (const char *)afl->file_extension : "");
@ -1443,8 +1443,8 @@ void pivot_inputs(afl_state_t *afl) {
u32 src_id; u32 src_id;
afl->resuming_fuzz = 1; afl->resuming_fuzz = 1;
nfn = alloc_printf("%s/queue/%s%s%s", afl->out_dir, rsl, nfn = alloc_printf(
afl->file_extension ? "." : "", "%s/queue/%s%s%s", afl->out_dir, rsl, afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : ""); afl->file_extension ? (const char *)afl->file_extension : "");
/* Since we're at it, let's also get the parent and figure out the /* Since we're at it, let's also get the parent and figure out the
@ -1485,14 +1485,15 @@ void pivot_inputs(afl_state_t *afl) {
} }
nfn = alloc_printf("%s/queue/id:%06u,time:0,execs:%llu,orig:%s%s%s", nfn = alloc_printf(
afl->out_dir, id, afl->fsrv.total_execs, use_name, "%s/queue/id:%06u,time:0,execs:%llu,orig:%s%s%s", afl->out_dir, id,
afl->file_extension ? "." : "", afl->fsrv.total_execs, use_name, afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : ""); afl->file_extension ? (const char *)afl->file_extension : "");
#else #else
nfn = alloc_printf("%s/queue/id_%06u%s%s", afl->out_dir, id, nfn = alloc_printf(
"%s/queue/id_%06u%s%s", afl->out_dir, id,
afl->file_extension ? "." : "", afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : ""); afl->file_extension ? (const char *)afl->file_extension : "");