diff options
| author | vanhauser-thc <vh@thc.org> | 2021-07-09 12:31:29 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2021-07-09 12:31:29 +0200 |
| commit | 1b2637545b6b9f171ea46ed6cf5164e8d05d1776 (patch) | |
| tree | a5b86e84fb17d7330391c6b831c0184f26d00030 | |
| parent | d354ec2586a3a31c87a8b95433c2886f04c44a03 (diff) | |
| download | afl++-1b2637545b6b9f171ea46ed6cf5164e8d05d1776.tar.gz | |
reenable splicing
| -rw-r--r-- | custom_mutators/gramatron/gramfuzz-util.c | 26 | ||||
| -rw-r--r-- | custom_mutators/gramatron/gramfuzz.c | 24 | ||||
| -rw-r--r-- | custom_mutators/gramatron/gramfuzz.h | 1 |
3 files changed, 19 insertions, 32 deletions
diff --git a/custom_mutators/gramatron/gramfuzz-util.c b/custom_mutators/gramatron/gramfuzz-util.c index 41ffd86d..2e0af936 100644 --- a/custom_mutators/gramatron/gramfuzz-util.c +++ b/custom_mutators/gramatron/gramfuzz-util.c @@ -248,32 +248,6 @@ Array *parse_input(state *pda, FILE *fp) { } -Array *open_input(state *pda, u8 *data, size_t len) { - - int fd = memfd_create("foo", O_RDWR); - if (fd < 0) { - - fprintf(stderr, "Error: memfd_create failed\n"); - return NULL; - - } - - ck_write(fd, data, len, "memfd_create"); - lseek(fd, 0, SEEK_SET); - FILE *f = fdopen(fd, "rb"); - if (!f) { - - fprintf(stderr, "Error: fdopen failed\n"); - return NULL; - - } - - Array *res = parse_input(pda, f); - fclose(f); - return res; - -} - // Read the input representation into memory Array *read_input(state *pda, u8 *fn) { diff --git a/custom_mutators/gramatron/gramfuzz.c b/custom_mutators/gramatron/gramfuzz.c index 55b631e6..fd126ec0 100644 --- a/custom_mutators/gramatron/gramfuzz.c +++ b/custom_mutators/gramatron/gramfuzz.c @@ -208,18 +208,32 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, doMult(data->orig_walk, data->recurIdx, data->recurlen); data->mut_alloced = 1; - /*} else if (data->mut_idx == 2) { // Perform splice mutation + } else if (data->mut_idx == 2) { // Perform splice mutation - // Read the input representation for the splice candidate - //u8 * automaton_fn = alloc_printf("%s.aut", add_buf); - Array *spliceCandidate = open_input(pda, add_buf, add_buf_size); + // we cannot use the supplied splice data so choose a new random file + u32 tid = rand() % data->afl->queued_paths; + struct queue_entry *q = data->afl->queue_buf[tid]; + + // Read the input representation for the splice candidate + u8 * automaton_fn = alloc_printf("%s.aut", q->fname); + Array *spliceCandidate = read_input(pda, automaton_fn); + + if (spliceCandidate) { data->mutated_walk = performSpliceOne(data->orig_walk, data->statemap, spliceCandidate); data->mut_alloced = 1; free(spliceCandidate->start); free(spliceCandidate); - //ck_free(automaton_fn);*/ + + } else { + + data->mutated_walk = gen_input(pda, NULL); + data->mut_alloced = 1; + + } + + ck_free(automaton_fn); } else { // Generate an input from scratch diff --git a/custom_mutators/gramatron/gramfuzz.h b/custom_mutators/gramatron/gramfuzz.h index 46cde8ec..e6912074 100644 --- a/custom_mutators/gramatron/gramfuzz.h +++ b/custom_mutators/gramatron/gramfuzz.h @@ -199,7 +199,6 @@ Array *performSpliceGF(state *, Array *, afl_state_t *); void dump_input(u8 *, char *, int *); void write_input(Array *, u8 *); Array *read_input(state *, u8 *); -Array *open_input(state *, u8 *, size_t); state *pda; // // AFL-specific struct |