ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-13 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

increase havoc_stack_pow2 on no finds

Browse Source
This commit is contained in:
van Hauser
2020-09-28 10:13:00 +02:00
parent e85fde201e
commit e69b25e34b
4 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/afl-fuzz.h
View File

@ -443,6 +443,7 @@ typedef struct afl_state {
u8 cal_cycles, /* Calibration cycles defaults */
cal_cycles_long, /* Calibration cycles defaults */
havoc_stack_pow2, /* HAVOC_STACK_POW2 */
no_unlink, /* do not unlink cur_input */
debug, /* Debug mode */
custom_only, /* Custom mutator only mode */

4
src/afl-fuzz-one.c
View File

@ -1884,7 +1884,7 @@ havoc_stage:
for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) {
u32 use_stacking = 1 << (1 + rand_below(afl, HAVOC_STACK_POW2));
u32 use_stacking = 1 << (1 + rand_below(afl, afl->havoc_stack_pow2));
afl->stage_cur_val = use_stacking;
@ -3970,7 +3970,7 @@ pacemaker_fuzzing:
for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max;
++afl->stage_cur) {
u32 use_stacking = 1 << (1 + rand_below(afl, HAVOC_STACK_POW2));
u32 use_stacking = 1 << (1 + rand_below(afl, afl->havoc_stack_pow2));
afl->stage_cur_val = use_stacking;

1
src/afl-fuzz-state.c
View File

@ -95,6 +95,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
afl->stage_name = "init"; /* Name of the current fuzz stage */
afl->splicing_with = -1; /* Splicing with which test case? */
afl->cpu_to_bind = -1;
afl->havoc_stack_pow2 = HAVOC_STACK_POW2;
afl->cal_cycles = CAL_CYCLES;
afl->cal_cycles_long = CAL_CYCLES_LONG;
afl->hang_tmout = EXEC_TIMEOUT;

5
src/afl-fuzz.c
View File

@ -1368,9 +1368,14 @@ int main(int argc, char **argv_orig, char **envp) {
break;
case 2:
// if (!have_p) afl->schedule = EXPLOIT;
afl->havoc_stack_pow2++;
afl->expand_havoc = 3;
break;
case 3:
afl->havoc_stack_pow2++;
afl->expand_havoc = 4;
break;
case 4:
// nothing else currently
break;