ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-19 04:58:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

cleanup

Browse Source
This commit is contained in:
van Hauser
2021-01-19 13:05:42 +01:00
parent ca1eb32552
commit 95ee2cdd57
1 changed files with 47 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/afl-fuzz-redqueen.c
View File

@ -29,7 +29,7 @@
#include "cmplog.h" #include "cmplog.h"
//#define _DEBUG //#define _DEBUG
//#define COMBINE #define COMBINE
#define CMPLOG_INTROSPECTION #define CMPLOG_INTROSPECTION
//#define ARITHMETIC_LESSER_GREATER //#define ARITHMETIC_LESSER_GREATER
@ -1103,14 +1103,13 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
u32 len, u32 lvl, struct tainted *taint) { u32 len, u32 lvl, struct tainted *taint) {
struct cmp_header *h = &afl->shm.cmp_map->headers[key]; struct cmp_header *h = &afl->shm.cmp_map->headers[key];
struct tainted * t; // FP handling only from lvl 2 onwards
u32 i, j, idx, taint_len; if ((h->attribute & IS_FP) && lvl < LVL2) { return 0; }
u32 have_taint = 1, is_n = 0;
u32 loggeds = h->hits;
if (h->hits > CMP_MAP_H) { loggeds = CMP_MAP_H; }
u8 status = 0; struct tainted *t;
u8 found_one = 0; u32 i, j, idx, taint_len, loggeds;
u32 have_taint = 1, is_n = 0;
u8 status = 0, found_one = 0;
/* loop cmps are useless, detect and ignore them */ /* loop cmps are useless, detect and ignore them */
#ifdef WORD_SIZE_64 #ifdef WORD_SIZE_64
@ -1121,6 +1120,16 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
u8 s_v0_inc = 1, s_v1_inc = 1; u8 s_v0_inc = 1, s_v1_inc = 1;
u8 s_v0_dec = 1, s_v1_dec = 1; u8 s_v0_dec = 1, s_v1_dec = 1;
if (h->hits > CMP_MAP_H) {
loggeds = CMP_MAP_H;
} else {
loggeds = h->hits;
}
switch (SHAPE_BYTES(h->shape)) { switch (SHAPE_BYTES(h->shape)) {
case 1: case 1:
@ -1133,9 +1142,6 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf,
} }
// FP handling only from lvl 2 onwards
if ((h->attribute & IS_FP) && lvl < LVL2) return 0;
for (i = 0; i < loggeds; ++i) { for (i = 0; i < loggeds; ++i) {
struct cmp_operands *o = &afl->shm.cmp_map->log[key][i]; struct cmp_operands *o = &afl->shm.cmp_map->log[key][i];
@ -1742,6 +1748,8 @@ exit_its:
} }
#ifdef COMBINE #ifdef COMBINE
if (afl->queued_paths + afl->unique_crashes > orig_hit_cnt + 1) {
// copy the current virgin bits so we can recover the information // copy the current virgin bits so we can recover the information
u8 *virgin_save = afl_realloc((void **)&afl->eff_buf, afl->shm.map_size); u8 *virgin_save = afl_realloc((void **)&afl->eff_buf, afl->shm.map_size);
memcpy(virgin_save, afl->virgin_bits, afl->shm.map_size); memcpy(virgin_save, afl->virgin_bits, afl->shm.map_size);
@ -1787,6 +1795,9 @@ exit_its:
} }
#endif #endif
}
#endif #endif
new_hit_cnt = afl->queued_paths + afl->unique_crashes; new_hit_cnt = afl->queued_paths + afl->unique_crashes;