ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-14 19:08:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

update python module

Browse Source
This commit is contained in:
yangzao
2023-11-25 21:18:32 -07:00
parent 8af74bcaee
commit faedb3fb29
3 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
custom_mutators/examples/example.py
View File

@ -133,6 +133,11 @@ def fuzz(buf, add_buf, max_size):
# @return: The buffer containing the test case after # @return: The buffer containing the test case after
# ''' # '''
# return buf # return buf
# def post_run():
# '''
# Called after each time the execution of the target program by AFL++
# '''
# pass
# #
# def havoc_mutation(buf, max_size): # def havoc_mutation(buf, max_size):
# ''' # '''

2
include/afl-fuzz.h
View File

@ -345,6 +345,7 @@ enum {
/* 13 */ PY_FUNC_DESCRIBE, /* 13 */ PY_FUNC_DESCRIBE,
/* 14 */ PY_FUNC_FUZZ_SEND, /* 14 */ PY_FUNC_FUZZ_SEND,
/* 15 */ PY_FUNC_SPLICE_OPTOUT, /* 15 */ PY_FUNC_SPLICE_OPTOUT,
/* 16 */ PY_FUNC_POST_RUN,
PY_FUNC_COUNT PY_FUNC_COUNT
}; };
@ -1085,6 +1086,7 @@ void finalize_py_module(void *);
u32 fuzz_count_py(void *, const u8 *, size_t); u32 fuzz_count_py(void *, const u8 *, size_t);
void fuzz_send_py(void *, const u8 *, size_t); void fuzz_send_py(void *, const u8 *, size_t);
void post_run_py(void *);
size_t post_process_py(void *, u8 *, size_t, u8 **); size_t post_process_py(void *, u8 *, size_t, u8 **);
s32 init_trim_py(void *, u8 *, size_t); s32 init_trim_py(void *, u8 *, size_t);
s32 post_trim_py(void *, u8); s32 post_trim_py(void *, u8);

32
src/afl-fuzz-python.c
View File

@ -249,6 +249,8 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {
PyObject_GetAttrString(py_module, "queue_get"); PyObject_GetAttrString(py_module, "queue_get");
py_functions[PY_FUNC_FUZZ_SEND] = py_functions[PY_FUNC_FUZZ_SEND] =
PyObject_GetAttrString(py_module, "fuzz_send"); PyObject_GetAttrString(py_module, "fuzz_send");
py_functions[PY_FUNC_POST_RUN] =
PyObject_GetAttrString(py_module, "post_run");
py_functions[PY_FUNC_SPLICE_OPTOUT] = py_functions[PY_FUNC_SPLICE_OPTOUT] =
PyObject_GetAttrString(py_module, "splice_optout"); PyObject_GetAttrString(py_module, "splice_optout");
if (py_functions[PY_FUNC_SPLICE_OPTOUT]) { afl->custom_splice_optout = 1; } if (py_functions[PY_FUNC_SPLICE_OPTOUT]) { afl->custom_splice_optout = 1; }
@ -468,6 +470,12 @@ struct custom_mutator *load_custom_mutator_py(afl_state_t *afl,
} }
if (py_functions[PY_FUNC_POST_RUN]) {
mutator->afl_custom_post_run = post_run_py;
}
if (py_functions[PY_FUNC_SPLICE_OPTOUT]) { if (py_functions[PY_FUNC_SPLICE_OPTOUT]) {
mutator->afl_custom_splice_optout = splice_optout_py; mutator->afl_custom_splice_optout = splice_optout_py;
@ -925,6 +933,30 @@ void fuzz_send_py(void *py_mutator, const u8 *buf, size_t buf_size) {
} }
void post_run_py(void *py_mutator) {
PyObject *py_args, *py_value;
py_args = PyTuple_New(0);
py_value = PyObject_CallObject(
((py_mutator_t *)py_mutator)
->py_functions[PY_FUNC_POST_RUN],
py_args);
Py_DECREF(py_args);
if (py_value != NULL) {
Py_DECREF(py_value);
} else {
PyErr_Print();
FATAL("Call failed");
}
}
u8 queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, u8 queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue,
const u8 *filename_orig_queue) { const u8 *filename_orig_queue) {