ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-08 08:11:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add option for random cmplog colorization

Browse Source
This commit is contained in:
guyf2010 2022-11-13 14:37:33 +00:00
parent c5f8869778
commit bb81fb784e
3 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/afl-fuzz.h
View File

@ -656,7 +656,7 @@ typedef struct afl_state {
u32 cmplog_max_filesize; u32 cmplog_max_filesize;
u32 cmplog_lvl; u32 cmplog_lvl;
u32 colorize_success; u32 colorize_success;
u8 cmplog_enable_arith, cmplog_enable_transform; u8 cmplog_enable_arith, cmplog_enable_transform, cmplog_random_colorization;
struct afl_pass_stat *pass_stats; struct afl_pass_stat *pass_stats;
struct cmp_map *orig_cmp_map; struct cmp_map *orig_cmp_map;

11
src/afl-fuzz-redqueen.c
View File

@ -167,6 +167,13 @@ static u8 get_exec_checksum(afl_state_t *afl, u8 *buf, u32 len, u64 *cksum) {
} }
/* replace everything with different values */
static void random_replace(afl_state_t *afl, u8 *buf, u32 len){
for(u32 i=0; i < len; i++){
buf[i] = rand_below(afl, 256);
}
}
/* replace everything with different values but stay in the same type */ /* replace everything with different values but stay in the same type */
static void type_replace(afl_state_t *afl, u8 *buf, u32 len) { static void type_replace(afl_state_t *afl, u8 *buf, u32 len) {
@ -293,7 +300,11 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len,
memcpy(backup, buf, len); memcpy(backup, buf, len);
memcpy(changed, buf, len); memcpy(changed, buf, len);
if (afl->cmplog_random_colorization) {
random_replace(afl, changed, len);
} else {
type_replace(afl, changed, len); type_replace(afl, changed, len);
}
while ((rng = pop_biggest_range(&ranges)) != NULL && while ((rng = pop_biggest_range(&ranges)) != NULL &&
afl->stage_cur < afl->stage_max) { afl->stage_cur < afl->stage_max) {

9
src/afl-fuzz.c
View File

@ -171,10 +171,11 @@ static void usage(u8 *argv0, int more_help) {
" if using QEMU/FRIDA or the fuzzing target is " " if using QEMU/FRIDA or the fuzzing target is "
"compiled\n" "compiled\n"
" for CmpLog then just use -c 0.\n" " for CmpLog then just use -c 0.\n"
" -l cmplog_opts - CmpLog configuration values (e.g. \"2AT\"):\n" " -l cmplog_opts - CmpLog configuration values (e.g. \"2ATR\"):\n"
" 1=small files, 2=larger files (default), 3=all " " 1=small files, 2=larger files (default), 3=all "
"files,\n" "files,\n"
" A=arithmetic solving, T=transformational solving.\n\n" " A=arithmetic solving, T=transformational solving,\n"
" R=random colorization bytes.\n\n"
"Fuzzing behavior settings:\n" "Fuzzing behavior settings:\n"
" -Z - sequential queue selection instead of weighted " " -Z - sequential queue selection instead of weighted "
"random\n" "random\n"
@ -1113,6 +1114,10 @@ int main(int argc, char **argv_orig, char **envp) {
case 'T': case 'T':
afl->cmplog_enable_transform = 1; afl->cmplog_enable_transform = 1;
break; break;
case 'r':
case 'R':
afl->cmplog_random_colorization = 1;
break;
default: default:
FATAL("Unknown option value '%c' in -l %s", *c, optarg); FATAL("Unknown option value '%c' in -l %s", *c, optarg);