aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvanhauser-thc <vh@thc.org>2023-06-06 16:55:32 +0200
committervanhauser-thc <vh@thc.org>2023-06-06 16:55:32 +0200
commit14e25340fb7b9e13357a9059dd1c128a2d7d9d5b (patch)
tree978dcf42becc20c65a936c238e8b7abf2a71341e
parent4deb45f3b3e9f53880596d21432069b05553bcb3 (diff)
downloadafl++-14e25340fb7b9e13357a9059dd1c128a2d7d9d5b.tar.gz
comparison
Diffstat
-rw-r--r--include/afl-mutations.h155
-rw-r--r--src/afl-fuzz-one.c43
2 files changed, 107 insertions, 91 deletions
diff --git a/include/afl-mutations.h b/include/afl-mutations.h
index 08037b09..a3c9fd59 100644
--- a/include/afl-mutations.h
+++ b/include/afl-mutations.h
@@ -78,83 +78,84 @@ enum {
};
#define MUT_NORMAL_ARRAY_SIZE 77
-u32 normal_splice[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
- MUT_FLIPBIT,
- MUT_FLIPBIT,
- MUT_FLIPBIT,
- MUT_INTERESTING8,
- MUT_INTERESTING8,
- MUT_INTERESTING8,
- MUT_INTERESTING8,
- MUT_INTERESTING16,
- MUT_INTERESTING16,
- MUT_INTERESTING16BE,
- MUT_INTERESTING16BE,
- MUT_INTERESTING32,
- MUT_INTERESTING32,
- MUT_INTERESTING32BE,
- MUT_INTERESTING32BE,
- MUT_ARITH8_,
- MUT_ARITH8_,
- MUT_ARITH8_,
- MUT_ARITH8_,
- MUT_ARITH8,
- MUT_ARITH8,
- MUT_ARITH8,
- MUT_ARITH8,
- MUT_ARITH16_,
- MUT_ARITH16_,
- MUT_ARITH16BE_,
- MUT_ARITH16BE_,
- MUT_ARITH16,
- MUT_ARITH16,
- MUT_ARITH16BE,
- MUT_ARITH16BE,
- MUT_ARITH32_,
- MUT_ARITH32_,
- MUT_ARITH32BE_,
- MUT_ARITH32BE_,
- MUT_ARITH32,
- MUT_ARITH32,
- MUT_ARITH32BE,
- MUT_ARITH32BE,
- MUT_RAND8,
- MUT_RAND8,
- MUT_RAND8,
- MUT_RAND8,
- MUT_CLONE_COPY,
- MUT_CLONE_COPY,
- MUT_CLONE_COPY,
- MUT_CLONE_FIXED,
- MUT_OVERWRITE_COPY,
- MUT_OVERWRITE_COPY,
- MUT_OVERWRITE_COPY,
- MUT_OVERWRITE_FIXED,
- MUT_BYTEADD,
- MUT_BYTESUB,
- MUT_FLIP8,
- MUT_SWITCH,
- MUT_SWITCH,
- MUT_DEL,
- MUT_DEL,
- MUT_DEL,
- MUT_DEL,
- MUT_DEL,
- MUT_DEL,
- MUT_DEL,
- MUT_DEL,
- MUT_EXTRA_OVERWRITE,
- MUT_EXTRA_OVERWRITE,
- MUT_EXTRA_INSERT,
- MUT_EXTRA_INSERT,
- MUT_AUTO_EXTRA_OVERWRITE,
- MUT_AUTO_EXTRA_OVERWRITE,
- MUT_AUTO_EXTRA_INSERT,
- MUT_AUTO_EXTRA_INSERT,
- MUT_SPLICE_OVERWRITE,
- MUT_SPLICE_OVERWRITE,
- MUT_SPLICE_INSERT,
- MUT_SPLICE_INSERT};
+u32 normal_splice_array[MUT_NORMAL_ARRAY_SIZE] = {MUT_FLIPBIT,
+ MUT_FLIPBIT,
+ MUT_FLIPBIT,
+ MUT_FLIPBIT,
+ MUT_INTERESTING8,
+ MUT_INTERESTING8,
+ MUT_INTERESTING8,
+ MUT_INTERESTING8,
+ MUT_INTERESTING16,
+ MUT_INTERESTING16,
+ MUT_INTERESTING16BE,
+ MUT_INTERESTING16BE,
+ MUT_INTERESTING32,
+ MUT_INTERESTING32,
+ MUT_INTERESTING32BE,
+ MUT_INTERESTING32BE,
+ MUT_ARITH8_,
+ MUT_ARITH8_,
+ MUT_ARITH8_,
+ MUT_ARITH8_,
+ MUT_ARITH8,
+ MUT_ARITH8,
+ MUT_ARITH8,
+ MUT_ARITH8,
+ MUT_ARITH16_,
+ MUT_ARITH16_,
+ MUT_ARITH16BE_,
+ MUT_ARITH16BE_,
+ MUT_ARITH16,
+ MUT_ARITH16,
+ MUT_ARITH16BE,
+ MUT_ARITH16BE,
+ MUT_ARITH32_,
+ MUT_ARITH32_,
+ MUT_ARITH32BE_,
+ MUT_ARITH32BE_,
+ MUT_ARITH32,
+ MUT_ARITH32,
+ MUT_ARITH32BE,
+ MUT_ARITH32BE,
+ MUT_RAND8,
+ MUT_RAND8,
+ MUT_RAND8,
+ MUT_RAND8,
+ MUT_CLONE_COPY,
+ MUT_CLONE_COPY,
+ MUT_CLONE_COPY,
+ MUT_CLONE_FIXED,
+ MUT_OVERWRITE_COPY,
+ MUT_OVERWRITE_COPY,
+ MUT_OVERWRITE_COPY,
+ MUT_OVERWRITE_FIXED,
+ MUT_BYTEADD,
+ MUT_BYTESUB,
+ MUT_FLIP8,
+ MUT_SWITCH,
+ MUT_SWITCH,
+ MUT_DEL,
+ MUT_DEL,
+ MUT_DEL,
+ MUT_DEL,
+ MUT_DEL,
+ MUT_DEL,
+ MUT_DEL,
+ MUT_DEL,
+ MUT_EXTRA_OVERWRITE,
+ MUT_EXTRA_OVERWRITE,
+ MUT_EXTRA_INSERT,
+ MUT_EXTRA_INSERT,
+ MUT_AUTO_EXTRA_OVERWRITE,
+ MUT_AUTO_EXTRA_OVERWRITE,
+ MUT_AUTO_EXTRA_INSERT,
+ MUT_AUTO_EXTRA_INSERT,
+ MUT_SPLICE_OVERWRITE,
+ MUT_SPLICE_OVERWRITE,
+ MUT_SPLICE_INSERT,
+ MUT_SPLICE_INSERT};
+
#define MUT_SPLICE_ARRAY_SIZE 81
u32 full_splice_array[MUT_SPLICE_ARRAY_SIZE] = {MUT_FLIPBIT,
MUT_FLIPBIT,
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index ec348a95..9d4b366e 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -2081,33 +2081,48 @@ havoc_stage:
where we take the input file and make random stacked tweaks. */
u32 *mutation_array;
- u32 stack_max; // stack_max_pow = afl->havoc_stack_pow2;
+ u32 stack_max, rand_max; // stack_max_pow = afl->havoc_stack_pow2;
- if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text?
+ if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) {
- if (likely(afl->fuzz_mode == 0)) { // is exploration?
+ mutation_array = full_splice_array;
+ rand_max = MUT_SPLICE_ARRAY_SIZE;
- mutation_array = (unsigned int *)&mutation_strategy_exploration_text;
+ } else {
- } else { // is exploitation!
+ mutation_array = normal_splice_array;
+ rand_max = MUT_NORMAL_ARRAY_SIZE;
- mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
+ }
- }
+ /*
+ if (unlikely(afl->text_input || afl->queue_cur->is_ascii)) { // is text?
+
+ if (likely(afl->fuzz_mode == 0)) { // is exploration?
+
+ mutation_array = (unsigned int *)&mutation_strategy_exploration_text;
+
+ } else { // is exploitation!
- } else { // is binary!
+ mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
- if (likely(afl->fuzz_mode == 0)) { // is exploration?
+ }
+
+ } else { // is binary!
- mutation_array = (unsigned int *)&mutation_strategy_exploration_binary;
+ if (likely(afl->fuzz_mode == 0)) { // is exploration?
- } else { // is exploitation!
+ mutation_array = (unsigned int *)&mutation_strategy_exploration_binary;
- mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
+ } else { // is exploitation!
+
+ mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
+
+ }
}
- }
+ */
/*
if (temp_len < 64) {
@@ -2180,7 +2195,7 @@ havoc_stage:
retry_havoc_step : {
- u32 r = rand_below(afl, MUT_STRATEGY_ARRAY_SIZE), item;
+ u32 r = rand_below(afl, rand_max), item;
switch (mutation_array[r]) {
generated by cgit v1.2.3 (git 2.25.1) at 2026-01-23 16:42:00 +0000