ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

no longer using alloc for autodict

Browse Source
This commit is contained in:
Dominik Maier
2020-08-14 01:33:03 +02:00
parent 69f8c62955
commit d1bc0207cc
3 changed files with 30 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
include/afl-fuzz.h
View File

@ -172,6 +172,14 @@ struct extra_data {
};
struct auto_extra_data {
u8 data[MAX_AUTO_EXTRA]; /* Dictionary token data */
u32 len; /* Dictionary token length */
u32 hit_cnt; /* Use count in the corpus */
};
/* Fuzzing stages */
enum {
@ -571,8 +579,8 @@ typedef struct afl_state {
struct extra_data *extras; /* Extra tokens to fuzz with */
u32 extras_cnt; /* Total number of tokens read */
struct extra_data *a_extras; /* Automatically selected extras */
u32 a_extras_cnt; /* Total number of tokens available */
struct auto_extra_data a_extras[MAX_AUTO_EXTRAS]; /* Automatically selected extras */
u32 a_extras_cnt; /* Total number of tokens available */
/* afl_postprocess API - Now supported via custom mutators */

115
include/alloc-inl.h
View File

@ -176,44 +176,6 @@ static inline u8 *DFL_ck_strdup(u8 *str) {
return (u8 *)memcpy(ret, str, size);
}
/* Create a buffer with a copy of a memory block. Returns NULL for zero-sized
or NULL inputs. */
static inline void *DFL_ck_memdup(void *mem, u32 size) {
void *ret;
if (!mem || !size) { return NULL; }
ALLOC_CHECK_SIZE(size);
ret = malloc(size);
ALLOC_CHECK_RESULT(ret, size);
return memcpy(ret, mem, size);
}
/* Create a buffer with a block of text, appending a NUL terminator at the end.
Returns NULL for zero-sized or NULL inputs. */
static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
u8 *ret;
if (!mem || !size) { return NULL; }
ALLOC_CHECK_SIZE(size);
ret = (u8 *)malloc(size + 1);
ALLOC_CHECK_RESULT(ret, size);
memcpy(ret, mem, size);
ret[size] = 0;
return ret;
}
/* In non-debug mode, we just do straightforward aliasing of the above
functions to user-visible names such as ck_alloc(). */
@ -222,8 +184,6 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
#define ck_realloc DFL_ck_realloc
#define ck_realloc_block DFL_ck_realloc_block
#define ck_strdup DFL_ck_strdup
#define ck_memdup DFL_ck_memdup
#define ck_memdup_str DFL_ck_memdup_str
#define ck_free DFL_ck_free
#define alloc_report()
@ -487,55 +447,6 @@ static inline u8 *DFL_ck_strdup(u8 *str) {
return memcpy(ret, str, size);
}
/* Create a buffer with a copy of a memory block. Returns NULL for zero-sized
or NULL inputs. */
static inline void *DFL_ck_memdup(void *mem, u32 size) {
void *ret;
if (!mem || !size) return NULL;
ALLOC_CHECK_SIZE(size);
ret = malloc(size + ALLOC_OFF_TOTAL);
ALLOC_CHECK_RESULT(ret, size);
ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2;
return memcpy(ret, mem, size);
}
/* Create a buffer with a block of text, appending a NUL terminator at the end.
Returns NULL for zero-sized or NULL inputs. */
static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
u8 *ret;
if (!mem || !size) return NULL;
ALLOC_CHECK_SIZE(size);
ret = malloc(size + ALLOC_OFF_TOTAL + 1);
ALLOC_CHECK_RESULT(ret, size);
ret += ALLOC_OFF_HEAD;
ALLOC_C1(ret) = ALLOC_MAGIC_C1;
ALLOC_S(ret) = size;
ALLOC_C2(ret) = ALLOC_MAGIC_C2;
memcpy(ret, mem, size);
ret[size] = 0;
return ret;
}
#ifndef DEBUG_BUILD
@ -548,8 +459,6 @@ static inline u8 *DFL_ck_memdup_str(u8 *mem, u32 size) {
#define ck_realloc DFL_ck_realloc
#define ck_realloc_block DFL_ck_realloc_block
#define ck_strdup DFL_ck_strdup
#define ck_memdup DFL_ck_memdup
#define ck_memdup_str DFL_ck_memdup_str
#define ck_free DFL_ck_free
#define alloc_report()
@ -713,24 +622,6 @@ static inline void *TRK_ck_strdup(u8 *str, const char *file, const char *func,
}
static inline void *TRK_ck_memdup(void *mem, u32 size, const char *file,
const char *func, u32 line) {
void *ret = DFL_ck_memdup(mem, size);
TRK_alloc_buf(ret, file, func, line);
return ret;
}
static inline void *TRK_ck_memdup_str(void *mem, u32 size, const char *file,
const char *func, u32 line) {
void *ret = DFL_ck_memdup_str(mem, size);
TRK_alloc_buf(ret, file, func, line);
return ret;
}
static inline void TRK_ck_free(void *ptr, const char *file, const char *func,
u32 line) {
@ -754,12 +645,6 @@ static inline void TRK_ck_free(void *ptr, const char *file, const char *func,
#define ck_strdup(_p1) TRK_ck_strdup(_p1, __FILE__, __FUNCTION__, __LINE__)
#define ck_memdup(_p1, _p2) \
TRK_ck_memdup(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_memdup_str(_p1, _p2) \
TRK_ck_memdup_str(_p1, _p2, __FILE__, __FUNCTION__, __LINE__)
#define ck_free(_p1) TRK_ck_free(_p1, __FILE__, __FUNCTION__, __LINE__)
#endif /* ^!DEBUG_BUILD */

50
src/afl-fuzz-extras.c
View File

@ -25,23 +25,26 @@
#include "afl-fuzz.h"
/* Helper function for load_extras. */
/* helper function for auto_extras qsort */
static int compare_auto_extras_len(const void *ae1, const void *ae2) {
static int compare_extras_len(const void *p1, const void *p2) {
struct extra_data *e1 = (struct extra_data *)p1,
*e2 = (struct extra_data *)p2;
return e1->len - e2->len;
return ((struct auto_extra_data *)ae1)->len - ((struct auto_extra_data *)ae2)->len;
}
static int compare_extras_use_d(const void *p1, const void *p2) {
/* descending order */
struct extra_data *e1 = (struct extra_data *)p1,
*e2 = (struct extra_data *)p2;
static int compare_auto_extras_use_d(const void *ae1, const void *ae2) {
return e2->hit_cnt - e1->hit_cnt;
return ((struct auto_extra_data *)ae2)->hit_cnt - ((struct auto_extra_data *)ae1)->hit_cnt;
}
/* Helper function for load_extras. */
static int compare_extras_len(const void *e1, const void *e2) {
return ((struct extra_data *)e1)->len - ((struct extra_data *)e2)->len;
}
@ -371,7 +374,7 @@ void maybe_add_auto(afl_state_t *afl, u8 *mem, u32 len) {
}
if (i == len) { return; }
if (i == len || unlikely(len > MAX_AUTO_EXTRA)) { return; }
/* Reject builtin interesting values. */
@ -448,10 +451,7 @@ void maybe_add_auto(afl_state_t *afl, u8 *mem, u32 len) {
if (afl->a_extras_cnt < MAX_AUTO_EXTRAS) {
afl->a_extras = ck_realloc_block(
afl->a_extras, (afl->a_extras_cnt + 1) * sizeof(struct extra_data));
afl->a_extras[afl->a_extras_cnt].data = ck_memdup(mem, len);
memcpy(afl->a_extras[afl->a_extras_cnt].data, mem, len);
afl->a_extras[afl->a_extras_cnt].len = len;
++afl->a_extras_cnt;
@ -459,9 +459,7 @@ void maybe_add_auto(afl_state_t *afl, u8 *mem, u32 len) {
i = MAX_AUTO_EXTRAS / 2 + rand_below(afl, (MAX_AUTO_EXTRAS + 1) / 2);
ck_free(afl->a_extras[i].data);
afl->a_extras[i].data = ck_memdup(mem, len);
memcpy(afl->a_extras[i].data, mem, len);
afl->a_extras[i].len = len;
afl->a_extras[i].hit_cnt = 0;
@ -471,13 +469,13 @@ sort_a_extras:
/* First, sort all auto extras by use count, descending order. */
qsort(afl->a_extras, afl->a_extras_cnt, sizeof(struct extra_data),
compare_extras_use_d);
qsort(afl->a_extras, afl->a_extras_cnt, sizeof(struct auto_extra_data),
compare_auto_extras_use_d);
/* Then, sort the top USE_AUTO_EXTRAS entries by size. */
qsort(afl->a_extras, MIN((u32)USE_AUTO_EXTRAS, afl->a_extras_cnt),
sizeof(struct extra_data), compare_extras_len);
sizeof(struct auto_extra_data), compare_auto_extras_len);
}
@ -575,13 +573,5 @@ void destroy_extras(afl_state_t *afl) {
ck_free(afl->extras);
for (i = 0; i < afl->a_extras_cnt; ++i) {
ck_free(afl->a_extras[i].data);
}
ck_free(afl->a_extras);
}