ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-20 05:23:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve len encoding in redqueen

Browse Source
This commit is contained in:
Andrea Fioraldi
2020-07-15 10:35:38 +02:00
parent a8726b8254
commit ee77fe4094
1 changed files with 10 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/afl-fuzz-redqueen.c
View File

@ -277,9 +277,9 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
u8 * o_buf_8 = &orig_buf[idx];
u32 its_len = len - idx;
*status = 0;
// *status = 0;
if (SHAPE_BYTES(h->shape) == 8) {
if (SHAPE_BYTES(h->shape) >= 8) {
if (its_len >= 8 && *buf_64 == pattern && *o_buf_64 == o_pattern) {
@ -290,7 +290,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
}
// reverse encoding
if (do_reverse) {
if (do_reverse && *status != 1) {
if (unlikely(cmp_extend_encoding(afl, h, SWAP64(pattern), SWAP64(repl),
SWAP64(o_pattern), idx, orig_buf, buf,
@ -304,7 +304,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
}
if (SHAPE_BYTES(h->shape) == 4 || *status == 2) {
if (SHAPE_BYTES(h->shape) >= 4 && *status != 1) {
if (its_len >= 4 && *buf_32 == (u32)pattern &&
*o_buf_32 == (u32)o_pattern) {
@ -316,7 +316,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
}
// reverse encoding
if (do_reverse) {
if (do_reverse && *status != 1) {
if (unlikely(cmp_extend_encoding(afl, h, SWAP32(pattern), SWAP32(repl),
SWAP32(o_pattern), idx, orig_buf, buf,
@ -330,7 +330,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
}
if (SHAPE_BYTES(h->shape) == 2 || *status == 2) {
if (SHAPE_BYTES(h->shape) >= 2 && *status != 1) {
if (its_len >= 2 && *buf_16 == (u16)pattern &&
*o_buf_16 == (u16)o_pattern) {
@ -342,7 +342,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
}
// reverse encoding
if (do_reverse) {
if (do_reverse && *status != 1) {
if (unlikely(cmp_extend_encoding(afl, h, SWAP16(pattern), SWAP16(repl),
SWAP16(o_pattern), idx, orig_buf, buf,
@ -356,7 +356,7 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h,
}
if (SHAPE_BYTES(h->shape) == 1 || *status == 2) {
if (SHAPE_BYTES(h->shape) >= 1 && *status != 1) {
if (its_len >= 1 && *buf_8 == (u8)pattern && *o_buf_8 == (u8)o_pattern) {
@ -482,6 +482,7 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u32 len) {
for (idx = 0; idx < len && fails < 8; ++idx) {
status = 0;
if (unlikely(cmp_extend_encoding(afl, h, o->v0, o->v1, orig_o->v0, idx,
orig_buf, buf, len, 1, &status))) {
@ -499,6 +500,7 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u32 len) {
}
status = 0;
if (unlikely(cmp_extend_encoding(afl, h, o->v1, o->v0, orig_o->v1, idx,
orig_buf, buf, len, 1, &status))) {