ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 11:08:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

increase havoc_stack_pow2 on no finds

Browse Source
This commit is contained in:
van Hauser
2020-09-28 10:13:00 +02:00
parent e85fde201e
commit e69b25e34b
4 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/afl-fuzz.h
View File

@ -443,6 +443,7 @@ typedef struct afl_state {
u8 cal_cycles, /* Calibration cycles defaults */ u8 cal_cycles, /* Calibration cycles defaults */
cal_cycles_long, /* Calibration cycles defaults */ cal_cycles_long, /* Calibration cycles defaults */
havoc_stack_pow2, /* HAVOC_STACK_POW2 */
no_unlink, /* do not unlink cur_input */ no_unlink, /* do not unlink cur_input */
debug, /* Debug mode */ debug, /* Debug mode */
custom_only, /* Custom mutator only mode */ custom_only, /* Custom mutator only mode */

4
src/afl-fuzz-one.c
View File

@ -1884,7 +1884,7 @@ havoc_stage:
for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) {
u32 use_stacking = 1 << (1 + rand_below(afl, HAVOC_STACK_POW2)); u32 use_stacking = 1 << (1 + rand_below(afl, afl->havoc_stack_pow2));
afl->stage_cur_val = use_stacking; afl->stage_cur_val = use_stacking;
@ -3970,7 +3970,7 @@ pacemaker_fuzzing:
for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max;
++afl->stage_cur) { ++afl->stage_cur) {
u32 use_stacking = 1 << (1 + rand_below(afl, HAVOC_STACK_POW2)); u32 use_stacking = 1 << (1 + rand_below(afl, afl->havoc_stack_pow2));
afl->stage_cur_val = use_stacking; afl->stage_cur_val = use_stacking;

1
src/afl-fuzz-state.c
View File

@ -95,6 +95,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
afl->stage_name = "init"; /* Name of the current fuzz stage */ afl->stage_name = "init"; /* Name of the current fuzz stage */
afl->splicing_with = -1; /* Splicing with which test case? */ afl->splicing_with = -1; /* Splicing with which test case? */
afl->cpu_to_bind = -1; afl->cpu_to_bind = -1;
afl->havoc_stack_pow2 = HAVOC_STACK_POW2;
afl->cal_cycles = CAL_CYCLES; afl->cal_cycles = CAL_CYCLES;
afl->cal_cycles_long = CAL_CYCLES_LONG; afl->cal_cycles_long = CAL_CYCLES_LONG;
afl->hang_tmout = EXEC_TIMEOUT; afl->hang_tmout = EXEC_TIMEOUT;

5
src/afl-fuzz.c
View File

@ -1368,9 +1368,14 @@ int main(int argc, char **argv_orig, char **envp) {
break; break;
case 2: case 2:
// if (!have_p) afl->schedule = EXPLOIT; // if (!have_p) afl->schedule = EXPLOIT;
afl->havoc_stack_pow2++;
afl->expand_havoc = 3; afl->expand_havoc = 3;
break; break;
case 3: case 3:
afl->havoc_stack_pow2++;
afl->expand_havoc = 4;
break;
case 4:
// nothing else currently // nothing else currently
break; break;