ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-18 04:38:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix not using autodict

Browse Source
This commit is contained in:
vanhauser-thc
2024-02-29 14:31:47 +01:00
parent acc178e5dd
commit 6062668679
4 changed files with 65 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/afl-forkserver.c
View File

@ -724,7 +724,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
}
/* autodict in Nyx mode */
if (!ignore_autodict) {
if (!ignore_autodict && fsrv->add_extra_func) {
char *x =
alloc_printf("%s/workdir/dump/afl_autodict.txt", fsrv->out_dir_path);
@ -1111,7 +1111,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
}
if ((status & FS_NEW_OPT_SHDMEM_FUZZ)) {
if ((status & FS_NEW_OPT_SHDMEM_FUZZ) && fsrv->add_extra_func &&
!ignore_autodict) {
if (fsrv->support_shmem_fuzz) {
@ -1130,6 +1131,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
if ((status & FS_NEW_OPT_AUTODICT)) {
// even if we do not need the dictionary we have to read it
u32 dict_size;
if (read(fsrv->fsrv_st_fd, &dict_size, 4) != 4) {
@ -1173,14 +1176,24 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv,
offset = 0;
while (offset < dict_size && (u8)dict[offset] + offset < dict_size) {
if (!ignore_autodict && fsrv->add_extra_func) {
fsrv->add_extra_func(fsrv->afl_ptr, dict + offset + 1,
(u8)dict[offset]);
offset += (1 + dict[offset]);
count++;
}
if (!be_quiet) { ACTF("Loaded %u autodictionary entries", count); }
offset += (1 + dict[offset]);
}
if (!be_quiet && count) {
ACTF("Loaded %u autodictionary entries", count);
}
ck_free(dict);
}
@ -2067,7 +2080,7 @@ store_persistent_record: {
snprintf(fn, sizeof(fn), persistent_out_fmt, fsrv->persistent_record_dir,
fsrv->persistent_record_cnt, writecnt++,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->file_extension ? (const char *)afl->file_extension : "");
int fd = open(fn, O_CREAT | O_TRUNC | O_WRONLY, 0644);
if (fd >= 0) {

27
src/afl-fuzz-bitmap.c
View File

@ -527,19 +527,19 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#ifndef SIMPLE_FILES
queue_fn =
alloc_printf("%s/queue/id:%06u,%s%s%s", afl->out_dir, afl->queued_items,
queue_fn = alloc_printf(
"%s/queue/id:%06u,%s%s%s", afl->out_dir, afl->queued_items,
describe_op(afl, new_bits + is_timeout,
NAME_MAX - strlen("id:000000,")),
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->file_extension ? (const char *)afl->file_extension : "");
#else
queue_fn =
alloc_printf("%s/queue/id_%06u", afl->out_dir, afl->queued_items,
queue_fn = alloc_printf(
"%s/queue/id_%06u", afl->out_dir, afl->queued_items,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->file_extension ? (const char *)afl->file_extension : "");
#endif /* ^!SIMPLE_FILES */
fd = open(queue_fn, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION);
@ -747,14 +747,13 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
afl->saved_hangs,
describe_op(afl, 0, NAME_MAX - strlen("id:000000,")),
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->file_extension ? (const char *)afl->file_extension : "");
#else
snprintf(fn, PATH_MAX, "%s/hangs/id_%06llu%s%s", afl->out_dir,
afl->saved_hangs,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->saved_hangs, afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : "");
#endif /* ^!SIMPLE_FILES */
@ -800,18 +799,18 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
#ifndef SIMPLE_FILES
snprintf(fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s%s", afl->out_dir,
afl->saved_crashes, afl->fsrv.last_kill_signal,
snprintf(fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s%s",
afl->out_dir, afl->saved_crashes, afl->fsrv.last_kill_signal,
describe_op(afl, 0, NAME_MAX - strlen("id:000000,sig:00,")),
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->file_extension ? (const char *)afl->file_extension : "");
#else
snprintf(fn, PATH_MAX, "%s/crashes/id_%06llu_%02u%s%s", afl->out_dir,
afl->saved_crashes, afl->fsrv.last_kill_signal,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->file_extension ? (const char *)afl->file_extension : "");
#endif /* ^!SIMPLE_FILES */

6
src/afl-fuzz-extras.c
View File

@ -742,10 +742,10 @@ void save_auto(afl_state_t *afl) {
for (i = 0; i < MIN((u32)USE_AUTO_EXTRAS, afl->a_extras_cnt); ++i) {
u8 *fn =
alloc_printf("%s/queue/.state/auto_extras/auto_%06u%s%s", afl->out_dir, i,
u8 *fn = alloc_printf(
"%s/queue/.state/auto_extras/auto_%06u%s%s", afl->out_dir, i,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->file_extension ? (const char *)afl->file_extension : "");
s32 fd;

41
src/afl-fuzz-init.c
View File

@ -1157,22 +1157,22 @@ void perform_dry_run(afl_state_t *afl) {
#ifndef SIMPLE_FILES
snprintf(crash_fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s%s%s",
snprintf(
crash_fn, PATH_MAX, "%s/crashes/id:%06llu,sig:%02u,%s%s%s%s",
afl->out_dir, afl->saved_crashes, afl->fsrv.last_kill_signal,
describe_op(afl, 0,
NAME_MAX - strlen("id:000000,sig:00,") -
strlen(use_name)),
use_name,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
describe_op(
afl, 0,
NAME_MAX - strlen("id:000000,sig:00,") - strlen(use_name)),
use_name, afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : "");
#else
snprintf(crash_fn, PATH_MAX, "%s/crashes/id_%06llu_%02u%s%s",
afl->out_dir, afl->saved_crashes,
afl->fsrv.last_kill_signal,
snprintf(
crash_fn, PATH_MAX, "%s/crashes/id_%06llu_%02u%s%s", afl->out_dir,
afl->saved_crashes, afl->fsrv.last_kill_signal,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->file_extension ? (const char *)afl->file_extension : "");
#endif
@ -1443,9 +1443,9 @@ void pivot_inputs(afl_state_t *afl) {
u32 src_id;
afl->resuming_fuzz = 1;
nfn = alloc_printf("%s/queue/%s%s%s", afl->out_dir, rsl,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
nfn = alloc_printf(
"%s/queue/%s%s%s", afl->out_dir, rsl, afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : "");
/* Since we're at it, let's also get the parent and figure out the
appropriate depth for this entry. */
@ -1485,16 +1485,17 @@ void pivot_inputs(afl_state_t *afl) {
}
nfn = alloc_printf("%s/queue/id:%06u,time:0,execs:%llu,orig:%s%s%s",
afl->out_dir, id, afl->fsrv.total_execs, use_name,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
nfn = alloc_printf(
"%s/queue/id:%06u,time:0,execs:%llu,orig:%s%s%s", afl->out_dir, id,
afl->fsrv.total_execs, use_name, afl->file_extension ? "." : "",
afl->file_extension ? (const char *)afl->file_extension : "");
#else
nfn = alloc_printf("%s/queue/id_%06u%s%s", afl->out_dir, id,
nfn = alloc_printf(
"%s/queue/id_%06u%s%s", afl->out_dir, id,
afl->file_extension ? "." : "",
afl->file_extension ? (const char*)afl->file_extension : "");
afl->file_extension ? (const char *)afl->file_extension : "");
#endif /* ^!SIMPLE_FILES */