ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 20:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

redqueen auto extras

Browse Source
This commit is contained in:
Andrea Fioraldi
2020-02-07 16:04:43 +01:00
parent 0d8f70423a
commit ea37d8cef9
1 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
src/afl-fuzz-redqueen.c
View File

@ -298,6 +298,44 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx,
}
void try_to_add_to_dict(u64 v, u8 shape) {
u8* b = (u8*)&v;
u32 k;
u8 cons_ff = 0, cons_0 = 0;
for (k = 0; k < shape; ++k) {
if (b[k] == 0) ++cons_0;
else if (b[k] == 0xff) ++cons_0;
else cons_0 = cons_ff = 0;
if (cons_0 > 1 || cons_ff > 1)
return;
}
maybe_add_auto((u8*)&v, shape);
u64 rev;
switch (shape) {
case 1: break;
case 2:
rev = SWAP16((u16)v);
maybe_add_auto((u8*)&rev, shape);
break;
case 4:
rev = SWAP32((u32)v);
maybe_add_auto((u8*)&rev, shape);
break;
case 8:
rev = SWAP64(v);
maybe_add_auto((u8*)&rev, shape);
break;
}
}
u8 cmp_fuzz(u32 key, u8* orig_buf, u8* buf, u32 len) {
struct cmp_header* h = &cmp_map->headers[key];
@ -338,6 +376,14 @@ u8 cmp_fuzz(u32 key, u8* orig_buf, u8* buf, u32 len) {
break;
}
// If failed, add to dictionary
if (fails == 8) {
try_to_add_to_dict(o->v0, SHAPE_BYTES(h->shape));
try_to_add_to_dict(o->v1, SHAPE_BYTES(h->shape));
}
cmp_fuzz_next_iter:
stage_cur++;