ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 11:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

change -y to -g/-G and add env var alternatives

Browse Source
This commit is contained in:
vanhauser-thc
2022-02-05 10:36:37 +01:00
parent d5b9cd4b73
commit fa3c0d8a37
4 changed files with 34 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/env_variables.md
View File

@ -400,6 +400,10 @@ checks or alter some of the more exotic semantics of the tool:
This makes the "own finds" counter in the UI more accurate. Beyond counter
aesthetics, not much else should change.
- Setting `AFL_INPUT_LEN_MIN` and `AFL_INPUT_LEN_MAX` are an alternative to
the afl-fuzz -g/-G command line option to control the minimum/maximum
of fuzzing input generated.
- `AFL_KILL_SIGNAL`: Set the signal ID to be delivered to child processes on
timeout. Unless you implement your own targets or instrumentation, you
likely don't have to set it. By default, on timeout and on exit, `SIGKILL`

2
include/envs.h
View File

@ -98,6 +98,8 @@ static char *afl_environment_variables[] = {
"AFL_IGNORE_PROBLEMS",
"AFL_IGNORE_UNKNOWN_ENVS",
"AFL_IMPORT_FIRST",
"AFL_INPUT_LEN_MIN",
"AFL_INPUT_LEN_MAX",
"AFL_INST_LIBS",
"AFL_INST_RATIO",
"AFL_KILL_SIGNAL",

14
src/afl-fuzz-state.c
View File

@ -482,6 +482,20 @@ void read_afl_environment(afl_state_t *afl, char **envp) {
afl->afl_env.afl_target_env =
(u8 *)get_afl_env(afl_environment_variables[i]);
} else if (!strncmp(env, "AFL_INPUT_LEN_MIN",
afl_environment_variable_len)) {
afl->min_length = atoi(
(u8 *)get_afl_env(afl_environment_variables[i]));
} else if (!strncmp(env, "AFL_INPUT_LEN_MAX",
afl_environment_variable_len)) {
afl->max_length = atoi(
(u8 *)get_afl_env(afl_environment_variables[i]));
}
} else {

43
src/afl-fuzz.c
View File

@ -155,9 +155,9 @@ static void usage(u8 *argv0, int more_help) {
"\n"
"Mutator settings:\n"
" -y [min-]max - set minimum and maximum length of generated fuzzing "
"input.\n"
" default: 1-%lu\n"
" -g minlength - set min length of generated fuzz input (default: 1)\n"
" -G minlength - set max length of generated fuzz input (default: "
"%lu)\n"
" -D - enable deterministic fuzzing (once per queue entry)\n"
" -L minutes - use MOpt(imize) mode and set the time limit for "
"entering the\n"
@ -256,6 +256,7 @@ static void usage(u8 *argv0, int more_help) {
"AFL_IGNORE_UNKNOWN_ENVS: don't warn on unknown env vars\n"
"AFL_IGNORE_PROBLEMS: do not abort fuzzing if an incorrect setup is detected during a run\n"
"AFL_IMPORT_FIRST: sync and import test cases from other fuzzer instances first\n"
"AFL_INPUT_LEN_MIN/AFL_INPUT_LEN_MAX: like -g/-G set min/max fuzz length produced\n"
"AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n"
"AFL_MAP_SIZE: the shared memory size for that target. must be >= the size\n"
" the target was compiled for\n"
@ -530,37 +531,21 @@ int main(int argc, char **argv_orig, char **envp) {
afl->shmem_testcase_mode = 1; // we always try to perform shmem fuzzing
while ((opt = getopt(
argc, argv,
"+Ab:B:c:CdDe:E:hi:I:f:F:l:L:m:M:nNOo:p:RQs:S:t:T:UV:WXx:Yy:Z")) >
0) {
while (
(opt = getopt(
argc, argv,
"+Ab:B:c:CdDe:E:hi:I:f:F:g:G:l:L:m:M:nNOo:p:RQs:S:t:T:UV:WXx:YZ")) >
0) {
switch (opt) {
case 'y': {
u8 *sep;
if (!(sep = strchr(optarg, '-')) && !(sep = strchr(optarg, ':'))) {
afl->max_length = atoi(optarg);
} else {
afl->min_length = atoi(optarg);
afl->max_length = atoi(sep + 1);
}
if (afl->min_length < 1 || afl->max_length > MAX_FILE ||
afl->min_length > afl->max_length) {
FATAL("Illegal min/max length values: %s", optarg);
}
case 'g':
afl->min_length = atoi(optarg);
break;
}
case 'G':
afl->max_length = atoi(optarg);
break;
case 'Z':
afl->old_seed_selection = 1;