remove test input mutation in havoc

2025-06-14 19:08:08 +00:00 · 2020-07-26 15:00:44 +02:00
parent ecb0601bc1
commit ff107714f1
1 changed files with 98 additions and 91 deletions
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@ -27,9 +27,9 @@
 #include <string.h>
 #include <limits.h>

-static u8 *strnstr(const u8 *s, const u8 *find, size_t slen);
+/* static u8 *strnstr(const u8 *s, const u8 *find, size_t slen);
 static u32 string_replace(u8 **out_buf, s32 *temp_len, u32 pos, u8 *from,
-                          u8 *to);
+                          u8 *to); */

 /* MOpt */

@ -370,6 +370,7 @@ static void locate_diffs(u8 *ptr1, u8 *ptr2, u32 len, s32 *first, s32 *last) {

 #define BUF_PARAMS(name) (void **)&afl->name##_buf, &afl->name##_size

+#if 0
 /* search a string */

 static u8 *strnstr(const u8 *s, const u8 *find, size_t slen) {
@ -885,6 +886,8 @@ static int text_mutation(afl_state_t *afl, u8 **out_buf, s32 *orig_temp_len) {

 }

+#endif                                                              /* if 0 */
+
 /* Take the current entry from the queue, fuzz it for a while. This
   function is a tad too long... returns 0 if fuzzed successfully, 1 if
   skipped or bailed out. */
@ -2384,8 +2387,8 @@ havoc_stage:
    /* add expensive havoc cases here, they are activated after a full
       cycle without finds happened */

-    r_max = 16 + ((afl->extras_cnt + afl->a_extras_cnt) ? 2 : 0) +
-            (afl->queue_cur->is_ascii ? AFL_TXT_BIAS : 0);
+    r_max = 16 + ((afl->extras_cnt + afl->a_extras_cnt) ? 2 : 0);
+    /* + (afl->queue_cur->is_ascii ? AFL_TXT_BIAS : 0); */

  } else {

@ -2435,7 +2438,7 @@ havoc_stage:

      }

-    retry_havoc:
+      // retry_havoc:

      switch ((r = rand_below(afl, r_max))) {

@ -2818,17 +2821,19 @@ havoc_stage:

            }

-          } else
+          } else {

+            /*
                        switch (r) {

                          case 15:  // fall through
-              case 17: {
+                          case 16:
+                          case 17: {*/

            /* Overwrite bytes with a randomly selected chunk from another
               testcase or insert that chunk. */

-                if (afl->queued_paths < 2) break;
+            if (afl->queued_paths < 4) break;

            /* Pick a random queue entry and seek to it. */

@ -2896,8 +2901,8 @@ havoc_stage:

              clone_to = rand_below(afl, temp_len);

-                  u8 *temp_buf = ck_maybe_grow(BUF_PARAMS(out_scratch),
-                                               temp_len + clone_len);
+              u8 *temp_buf =
+                  ck_maybe_grow(BUF_PARAMS(out_scratch), temp_len + clone_len);

              /* Head */

@ -2921,7 +2926,7 @@ havoc_stage:

          }

-              default:
+          /*              default:

                          // perform ascii mutations
                          if (text_mutation(afl, &out_buf, &temp_len) == 0)
@ -2929,6 +2934,8 @@ havoc_stage:

                      }  // end default: switch(r)

+          */
+
      }

    }