ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-16 03:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

less impact

Browse Source
This commit is contained in:
vanhauser-thc
2023-09-03 11:22:54 +02:00
parent 78848f8637
commit a809c3c50c
5 changed files with 45 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
frida_mode/src/instrument/instrument_arm64.c
View File

@ -408,11 +408,7 @@ bool instrument_write_inline(GumArm64Writer *cw, GumAddress code_addr,
* rather than just the operands. So return false and fall back to the * rather than just the operands. So return false and fall back to the
* alternative instrumentation. * alternative instrumentation.
*/ */
if (area_offset > UINT16_MAX) { if (area_offset > UINT16_MAX) { return false; }
return false;
}
code.code.mov_x0_curr_loc |= area_offset << 5; code.code.mov_x0_curr_loc |= area_offset << 5;

1
include/afl-fuzz.h
View File

@ -610,6 +610,7 @@ typedef struct afl_state {
u32 stage_cur, stage_max; /* Stage progression */ u32 stage_cur, stage_max; /* Stage progression */
s32 splicing_with; /* Splicing with which test case? */ s32 splicing_with; /* Splicing with which test case? */
s64 smallest_favored; /* smallest queue id favored */
u32 main_node_id, main_node_max; /* Main instance job splitting */ u32 main_node_id, main_node_max; /* Main instance job splitting */

10
src/afl-fuzz-one.c
View File

@ -3442,7 +3442,12 @@ abandon_entry:
--afl->pending_not_fuzzed; --afl->pending_not_fuzzed;
afl->queue_cur->was_fuzzed = 1; afl->queue_cur->was_fuzzed = 1;
afl->reinit_table = 1; afl->reinit_table = 1;
if (afl->queue_cur->favored) { --afl->pending_favored; } if (afl->queue_cur->favored) {
--afl->pending_favored;
afl->smallest_favored = -1;
}
} }
@ -5905,7 +5910,8 @@ pacemaker_fuzzing:
--afl->pending_not_fuzzed; --afl->pending_not_fuzzed;
afl->queue_cur->was_fuzzed = 1; afl->queue_cur->was_fuzzed = 1;
if (afl->queue_cur->favored) { --afl->pending_favored; } if (afl->queue_cur->favored) { --afl->pending_favored;
afl->smallest_favored = -1; }
} }

13
src/afl-fuzz-queue.c
View File

@ -826,6 +826,8 @@ void cull_queue(afl_state_t *afl) {
/* Let's see if anything in the bitmap isn't captured in temp_v. /* Let's see if anything in the bitmap isn't captured in temp_v.
If yes, and if it has a afl->top_rated[] contender, let's use it. */ If yes, and if it has a afl->top_rated[] contender, let's use it. */
afl->smallest_favored = -1;
for (i = 0; i < afl->fsrv.map_size; ++i) { for (i = 0; i < afl->fsrv.map_size; ++i) {
if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) { if (afl->top_rated[i] && (temp_v[i >> 3] & (1 << (i & 7)))) {
@ -849,7 +851,16 @@ void cull_queue(afl_state_t *afl) {
afl->top_rated[i]->favored = 1; afl->top_rated[i]->favored = 1;
++afl->queued_favored; ++afl->queued_favored;
if (!afl->top_rated[i]->was_fuzzed) { ++afl->pending_favored; } if (!afl->top_rated[i]->was_fuzzed) {
++afl->pending_favored;
if (unlikely(afl->smallest_favored > (s64)afl->top_rated[i]->id)) {
afl->smallest_favored = (s64)afl->top_rated[i]->id;
}
}
} }

28
src/afl-fuzz.c
View File

@ -2707,20 +2707,30 @@ int main(int argc, char **argv_orig, char **envp) {
if (likely(!afl->old_seed_selection)) { if (likely(!afl->old_seed_selection)) {
if (likely(afl->pending_favored)) { if (likely(afl->pending_favored && afl->smallest_favored >= 0)) {
for (u32 iter = 0; iter < afl->queued_items; ++iter) { afl->current_entry = afl->smallest_favored;
if (unlikely(afl->queue_buf[iter]->favored && /*
!afl->queue_buf[iter]->was_fuzzed)) {
afl->current_entry = iter; } else {
afl->queue_cur = afl->queue_buf[afl->current_entry];
break;
} for (s32 iter = afl->queued_items - 1; iter >= 0; --iter)
{
} if (unlikely(afl->queue_buf[iter]->favored &&
!afl->queue_buf[iter]->was_fuzzed)) {
afl->current_entry = iter;
break;
}
}
*/
afl->queue_cur = afl->queue_buf[afl->current_entry];
} else { } else {