ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

new rtn cmplog: instrumentation side + supporting functions

Browse Source
This commit is contained in:
vanhauser-thc
2021-10-17 13:05:33 +02:00
parent 34f1074ba3
commit ed10f3783b
9 changed files with 551 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/afl-fuzz-one.c
View File

@ -448,11 +448,11 @@ u8 fuzz_one_original(afl_state_t *afl) {
ACTF(
"Fuzzing test case #%u (%u total, %llu uniq crashes found, "
"perf_score=%0.0f, exec_us=%llu, hits=%u, map=%u)...",
"perf_score=%0.0f, exec_us=%llu, hits=%u, map=%u, ascii=%u)...",
afl->current_entry, afl->queued_paths, afl->unique_crashes,
afl->queue_cur->perf_score, afl->queue_cur->exec_us,
likely(afl->n_fuzz) ? afl->n_fuzz[afl->queue_cur->n_fuzz_entry] : 0,
afl->queue_cur->bitmap_size);
afl->queue_cur->bitmap_size, afl->queue_cur->is_ascii);
fflush(stdout);
}
@ -2003,11 +2003,16 @@ havoc_stage:
where we take the input file and make random stacked tweaks. */
#define MAX_HAVOC_ENTRY 59 /* 55 to 60 */
#define MUTATE_ASCII_DICT 64
u32 r_max, r;
r_max = (MAX_HAVOC_ENTRY + 1) + (afl->extras_cnt ? 4 : 0) +
(afl->a_extras_cnt ? 4 : 0);
(afl->a_extras_cnt
? (unlikely(afl->cmplog_binary && afl->queue_cur->is_ascii)
? MUTATE_ASCII_DICT
: 4)
: 0);
if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) {
@ -2592,7 +2597,15 @@ havoc_stage:
if (afl->a_extras_cnt) {
if (r < 2) {
u32 r_cmp = 2;
if (unlikely(afl->cmplog_binary && afl->queue_cur->is_ascii)) {
r_cmp = MUTATE_ASCII_DICT >> 1;
}
if (r < r_cmp) {
/* Use the dictionary. */
@ -2612,7 +2625,7 @@ havoc_stage:
break;
} else if (r < 4) {
} else if (r < (r_cmp << 1)) {
u32 use_extra = rand_below(afl, afl->a_extras_cnt);
u32 extra_len = afl->a_extras[use_extra].len;
@ -2641,7 +2654,7 @@ havoc_stage:
} else {
r -= 4;
r -= (r_cmp << 1);
}