improve redqueen not looking in orig buf

3 files changed, 13 insertions, 11 deletions

diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 078843f0..0ddeeb8a 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -531,7 +531,7 @@ u8 fuzz_one_original(char** argv) {
 
   }
 
-  if (cmplog_mode && !queue_cur->fully_colorized) {
+  if (cmplog_mode) {
 
     if (input_to_state_stage(argv, in_buf, out_buf, len, queue_cur->exec_cksum))
       goto abandon_entry;
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index a335656b..6cb229e3 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -233,9 +233,9 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx,
   u32* buf_32 = (u32*)&buf[idx];
   u16* buf_16 = (u16*)&buf[idx];
   // u8*  buf_8  = &buf[idx];
-  u64* o_buf_64 = (u64*)&orig_buf[idx];
-  u32* o_buf_32 = (u32*)&orig_buf[idx];
-  u16* o_buf_16 = (u16*)&orig_buf[idx];
+  // u64* o_buf_64 = (u64*)&orig_buf[idx];
+  // u32* o_buf_32 = (u32*)&orig_buf[idx];
+  // u16* o_buf_16 = (u16*)&orig_buf[idx];
   // u8*  o_buf_8  = &orig_buf[idx];
 
   u32 its_len = len - idx;
@@ -243,7 +243,7 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx,
 
   if (SHAPE_BYTES(h->shape) == 8) {
 
-    if (its_len >= 8 && *buf_64 == pattern && *o_buf_64 == pattern) {
+    if (its_len >= 8 && *buf_64 == pattern) {// && *o_buf_64 == pattern) {
 
       *buf_64 = repl;
       if (unlikely(its_fuzz(buf, len, status))) return 1;
@@ -261,7 +261,7 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx,
 
   if (SHAPE_BYTES(h->shape) == 4 || *status == 2) {
 
-    if (its_len >= 4 && *buf_32 == (u32)pattern && *o_buf_32 == (u32)pattern) {
+    if (its_len >= 4 && *buf_32 == (u32)pattern) {// && *o_buf_32 == (u32)pattern) {
 
       *buf_32 = (u32)repl;
       if (unlikely(its_fuzz(buf, len, status))) return 1;
@@ -279,7 +279,7 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx,
 
   if (SHAPE_BYTES(h->shape) == 2 || *status == 2) {
 
-    if (its_len >= 2 && *buf_16 == (u16)pattern && *o_buf_16 == (u16)pattern) {
+    if (its_len >= 2 && *buf_16 == (u16)pattern) {// && *o_buf_16 == (u16)pattern) {
 
       *buf_16 = (u16)repl;
       if (unlikely(its_fuzz(buf, len, status))) return 1;
@@ -297,7 +297,7 @@ u8 cmp_extend_encoding(struct cmp_header* h, u64 pattern, u64 repl, u32 idx,
 
   /*if (SHAPE_BYTES(h->shape) == 1 || *status == 2) {
 
-    if (its_len >= 2 && *buf_8 == (u8)pattern && *o_buf_8 == (u8)pattern) {
+    if (its_len >= 2 && *buf_8 == (u8)pattern) {// && *o_buf_8 == (u8)pattern) {
 
       *buf_8 = (u8)repl;
       if (unlikely(its_fuzz(buf, len, status)))
@@ -425,7 +425,7 @@ u8 rtn_extend_encoding(struct cmp_header* h, u8* pattern, u8* repl, u32 idx,
 
   for (i = 0; i < its_len; ++i) {
 
-    if (pattern[idx + i] != orig_buf[idx + i] || *status == 1) break;
+    if (pattern[idx + i] != buf[idx + i] || *status == 1) break;
 
     buf[idx + i] = repl[idx + i];
     if (unlikely(its_fuzz(buf, len, status))) return 1;
@@ -531,7 +531,7 @@ u8 input_to_state_stage(char** argv, u8* orig_buf, u8* buf, u32 len,
       stage_max += MIN(cmp_map->headers[k].hits, CMP_MAP_RTN_H);
 
   }
-
+  
   for (k = 0; k < CMP_MAP_W; ++k) {
 
     if (!cmp_map->headers[k].hits) continue;
diff --git a/test/test-compcov.c b/test/test-compcov.c
index 978d5551..b1711586 100644
--- a/test/test-compcov.c
+++ b/test/test-compcov.c
@@ -22,7 +22,9 @@ int main(int argc, char** argv) {
     strcat(buf, input);
     printf("This will only crash with libdislocator: %s\n", buf);
     return 0;
-  } else
+  } else if (*(unsigned int*)input == 0xabadcafe)
+    printf("GG you eat cmp tokens for breakfast!\n");
+  else
     printf("I do not know your string\n");
 
   return 0;