ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'dev' into reinit

Browse Source
This commit is contained in:
van Hauser
2023-09-11 12:54:21 +00:00
committed by GitHub
parent 87b33740ea a8185f8ff2
commit 9f023d482b
6 changed files with 76 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
frida_mode/src/lib/lib.c
View File

@ -44,8 +44,10 @@ static gboolean lib_find_exe(const GumModuleDetails *details,
lib_details_t *lib_details = (lib_details_t *)user_data; lib_details_t *lib_details = (lib_details_t *)user_data;
memcpy(lib_details->name, details->name, PATH_MAX); strncpy(lib_details->name, details->name, PATH_MAX);
memcpy(lib_details->path, details->path, PATH_MAX); strncpy(lib_details->path, details->path, PATH_MAX);
lib_details->name[PATH_MAX] = '\0';
lib_details->path[PATH_MAX] = '\0';
lib_details->base_address = details->range->base_address; lib_details->base_address = details->range->base_address;
lib_details->size = details->range->size; lib_details->size = details->range->size;
return FALSE; return FALSE;

1
include/afl-fuzz.h
View File

@ -610,6 +610,7 @@ typedef struct afl_state {
u32 stage_cur, stage_max; /* Stage progression */ u32 stage_cur, stage_max; /* Stage progression */
s32 splicing_with; /* Splicing with which test case? */ s32 splicing_with; /* Splicing with which test case? */
s64 smallest_favored; /* smallest queue id favored */
u32 main_node_id, main_node_max; /* Main instance job splitting */ u32 main_node_id, main_node_max; /* Main instance job splitting */

1
src/afl-forkserver.c
View File

@ -272,6 +272,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) {
fsrv_to->uses_crash_exitcode = from->uses_crash_exitcode; fsrv_to->uses_crash_exitcode = from->uses_crash_exitcode;
fsrv_to->crash_exitcode = from->crash_exitcode; fsrv_to->crash_exitcode = from->crash_exitcode;
fsrv_to->child_kill_signal = from->child_kill_signal; fsrv_to->child_kill_signal = from->child_kill_signal;
fsrv_to->fsrv_kill_signal = from->fsrv_kill_signal;
fsrv_to->debug = from->debug; fsrv_to->debug = from->debug;
// These are forkserver specific. // These are forkserver specific.

13
src/afl-fuzz-one.c
View File

@ -3442,7 +3442,12 @@ abandon_entry:
--afl->pending_not_fuzzed; --afl->pending_not_fuzzed;
afl->queue_cur->was_fuzzed = 1; afl->queue_cur->was_fuzzed = 1;
afl->reinit_table = 1; afl->reinit_table = 1;
if (afl->queue_cur->favored) { --afl->pending_favored; } if (afl->queue_cur->favored) {
--afl->pending_favored;
afl->smallest_favored = -1;
}
} }
@ -5906,8 +5911,10 @@ pacemaker_fuzzing:
--afl->pending_not_fuzzed; --afl->pending_not_fuzzed;
afl->queue_cur->was_fuzzed = 1; afl->queue_cur->was_fuzzed = 1;
afl->reinit_table = 1 afl->reinit_table = 1
if (afl->queue_cur->favored) { --afl->pending_favored; } if (afl->queue_cur->favored) {
--afl->pending_favored;
afl->smallest_favored = -1;
}
} }
} }

19
src/afl-fuzz-queue.c
View File

@ -738,7 +738,11 @@ void update_bitmap_score(afl_state_t *afl, struct queue_entry *q) {
u64 top_rated_fav_factor; u64 top_rated_fav_factor;
u64 top_rated_fuzz_p2; u64 top_rated_fuzz_p2;
if (likely(afl->schedule >= FAST && afl->schedule <= RARE)) { if (likely(afl->schedule >= FAST && afl->schedule < RARE)) {
top_rated_fuzz_p2 = 0; // Skip the fuzz_p2 comparison
} else if (unlikely(afl->schedule == RARE)) {
top_rated_fuzz_p2 = top_rated_fuzz_p2 =
next_pow2(afl->n_fuzz[afl->top_rated[i]->n_fuzz_entry]); next_pow2(afl->n_fuzz[afl->top_rated[i]->n_fuzz_entry]);
@ -827,6 +831,8 @@ void cull_queue(afl_state_t *afl) {
/* Let's see if anything in the bitmap isn't captured in temp_v. /* Let's see if anything in the bitmap isn't captured in temp_v.
If yes, and if it has a afl->top_rated[] contender, let's use it. */ If yes, and if it has a afl->top_rated[] contender, let's use it. */
afl->smallest_favored = -1;
for (i = 0; i < afl->fsrv.map_size; ++i) { for (i = 0; i < afl->fsrv.map_size; ++i) {
if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) { if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) {
@ -850,7 +856,16 @@ void cull_queue(afl_state_t *afl) {
afl->top_rated[i]->favored = 1; afl->top_rated[i]->favored = 1;
++afl->queued_favored; ++afl->queued_favored;
if (!afl->top_rated[i]->was_fuzzed) { ++afl->pending_favored; } if (!afl->top_rated[i]->was_fuzzed) {
++afl->pending_favored;
if (unlikely(afl->smallest_favored < 0)) {
afl->smallest_favored = (s64)afl->top_rated[i]->id;
}
}
} }

32
src/afl-fuzz.c
View File

@ -2707,10 +2707,38 @@ int main(int argc, char **argv_orig, char **envp) {
if (likely(!afl->old_seed_selection)) { if (likely(!afl->old_seed_selection)) {
if (likely(afl->pending_favored && afl->smallest_favored >= 0)) {
afl->current_entry = afl->smallest_favored;
/*
} else {
for (s32 iter = afl->queued_items - 1; iter >= 0; --iter)
{
if (unlikely(afl->queue_buf[iter]->favored &&
!afl->queue_buf[iter]->was_fuzzed)) {
afl->current_entry = iter;
break;
}
}
*/
afl->queue_cur = afl->queue_buf[afl->current_entry];
} else {
if (unlikely(prev_queued_items < afl->queued_items || if (unlikely(prev_queued_items < afl->queued_items ||
afl->reinit_table)) { afl->reinit_table)) {
// we have new queue entries since the last run, recreate alias table // we have new queue entries since the last run, recreate alias
// table
prev_queued_items = afl->queued_items; prev_queued_items = afl->queued_items;
create_alias_table(afl); create_alias_table(afl);
@ -2726,6 +2754,8 @@ int main(int argc, char **argv_orig, char **envp) {
} }
}
skipped_fuzz = fuzz_one(afl); skipped_fuzz = fuzz_one(afl);
#ifdef INTROSPECTION #ifdef INTROSPECTION
++afl->queue_cur->stats_selected; ++afl->queue_cur->stats_selected;