ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-17 12:18:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed #317

Browse Source
This commit is contained in:
Dominik Maier
2020-04-14 17:21:15 +02:00
parent 8440aaea5a
commit f4436f118c
4 changed files with 37 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
llvm_mode/afl-llvm-rt.o.c
View File

@ -671,6 +671,7 @@ void __cmplog_ins_hook1(uint8_t arg1, uint8_t arg2) {
hits &= CMP_MAP_H - 1; hits &= CMP_MAP_H - 1;
__afl_cmp_map->log[k][hits].v0 = arg1; __afl_cmp_map->log[k][hits].v0 = arg1;
__afl_cmp_map->log[k][hits].v1 = arg2; __afl_cmp_map->log[k][hits].v1 = arg2;
} }
void __cmplog_ins_hook2(uint16_t arg1, uint16_t arg2) { void __cmplog_ins_hook2(uint16_t arg1, uint16_t arg2) {

14
src/afl-fuzz-redqueen.c
View File

@ -121,7 +121,10 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u32 exec_cksum) {
afl->stage_cur < afl->stage_max) { afl->stage_cur < afl->stage_max) {
u32 s = rng->end - rng->start; u32 s = rng->end - rng->start;
if (s == 0) goto empty_range;
if (s != 0) {
/* Range not empty */
memcpy(backup, buf + rng->start, s); memcpy(backup, buf + rng->start, s);
rand_replace(afl, buf + rng->start, s); rand_replace(afl, buf + rng->start, s);
@ -129,6 +132,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u32 exec_cksum) {
u32 cksum; u32 cksum;
u64 start_us = get_cur_time_us(); u64 start_us = get_cur_time_us();
if (unlikely(get_exec_checksum(afl, buf, len, &cksum))) goto checksum_fail; if (unlikely(get_exec_checksum(afl, buf, len, &cksum))) goto checksum_fail;
u64 stop_us = get_cur_time_us(); u64 stop_us = get_cur_time_us();
/* Discard if the mutations change the paths or if it is too decremental /* Discard if the mutations change the paths or if it is too decremental
@ -140,11 +144,14 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u32 exec_cksum) {
ranges = add_range(ranges, rng->start + s / 2 + 1, rng->end); ranges = add_range(ranges, rng->start + s / 2 + 1, rng->end);
memcpy(buf + rng->start, backup, s); memcpy(buf + rng->start, backup, s);
} else } else {
needs_write = 1; needs_write = 1;
empty_range: }
}
ck_free(rng); ck_free(rng);
rng = NULL; rng = NULL;
++afl->stage_cur; ++afl->stage_cur;
@ -196,6 +203,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u32 exec_cksum) {
return 0; return 0;
checksum_fail: checksum_fail:
if (rng) ck_free(rng);
ck_free(backup); ck_free(backup);
while (ranges) { while (ranges) {