using unbiased rand_below

author: Dominik Maier <domenukk@gmail.com> 2020-08-26 05:28:33 +0200
committer: Dominik Maier <domenukk@gmail.com> 2020-08-26 05:28:33 +0200
commit: 96ef7083c84cbd1892233cc36bcc139f77515a19 (patch)
tree: e62dba157e334bd9585d6ff83187ed59967a8ac8
parent: 78eaa6b2038bee5d36f4da5c95f019437b627dd0 (diff)
download: afl++-96ef7083c84cbd1892233cc36bcc139f77515a19.tar.gz
1 files changed, 6 insertions, 1 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 24e8ca9b..5c391049 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -1027,7 +1027,12 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) {
 
   }
 
-  return rand_next(afl) % limit;
+  /* Modulo is biased - we don't want our fuzzing to be biased so let's do it right. */
+  u64 unbiased_rnd; 
+  do {
+    unbiased_rnd = rand_next(afl);
+  } while (unbiased_rnd >= (UINT64_MAX - (UINT64_MAX % limit)));
+  return unbiased_rnd % limit;
 
 }
author	Dominik Maier <domenukk@gmail.com>	2020-08-26 05:28:33 +0200
committer	Dominik Maier <domenukk@gmail.com>	2020-08-26 05:28:33 +0200
commit	96ef7083c84cbd1892233cc36bcc139f77515a19 (patch)
tree	e62dba157e334bd9585d6ff83187ed59967a8ac8
parent	78eaa6b2038bee5d36f4da5c95f019437b627dd0 (diff)
download	afl++-96ef7083c84cbd1892233cc36bcc139f77515a19.tar.gz