about summary refs log tree commit diff
diff options
context:
space:
mode:
authorvan Hauser <vh@thc.org>2020-09-28 10:13:00 +0200
committervan Hauser <vh@thc.org>2020-09-28 10:13:00 +0200
commite69b25e34be8028921389bbb114135c3028d0a3d (patch)
tree1f0dba3ddc99d4b416a0bdaad94ea3caf77dfc04
parente85fde201e988cf9e7cf608be394977f7c045a75 (diff)
downloadafl++-e69b25e34be8028921389bbb114135c3028d0a3d.tar.gz
increase havoc_stack_pow2 on no finds
Diffstat
-rw-r--r--include/afl-fuzz.h1


-rw-r--r--src/afl-fuzz-one.c4


-rw-r--r--src/afl-fuzz-state.c1


-rw-r--r--src/afl-fuzz.c5


4 files changed, 9 insertions, 2 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h
index 441ecc61..aa278820 100644
--- a/include/afl-fuzz.h
+++ b/include/afl-fuzz.h
@@ -443,6 +443,7 @@ typedef struct afl_state {
 
   u8 cal_cycles,                        /* Calibration cycles defaults      */
       cal_cycles_long,                  /* Calibration cycles defaults      */
+      havoc_stack_pow2,                 /* HAVOC_STACK_POW2                 */
       no_unlink,                        /* do not unlink cur_input          */
       debug,                            /* Debug mode                       */
       custom_only,                      /* Custom mutator only mode         */
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index e96c4311..c04b492b 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -1884,7 +1884,7 @@ havoc_stage:
 
   for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) {
 
-    u32 use_stacking = 1 << (1 + rand_below(afl, HAVOC_STACK_POW2));
+    u32 use_stacking = 1 << (1 + rand_below(afl, afl->havoc_stack_pow2));
 
     afl->stage_cur_val = use_stacking;
 
@@ -3970,7 +3970,7 @@ pacemaker_fuzzing:
       for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max;
            ++afl->stage_cur) {
 
-        u32 use_stacking = 1 << (1 + rand_below(afl, HAVOC_STACK_POW2));
+        u32 use_stacking = 1 << (1 + rand_below(afl, afl->havoc_stack_pow2));
 
         afl->stage_cur_val = use_stacking;
 
diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c
index 5e0995fe..a8e56e60 100644
--- a/src/afl-fuzz-state.c
+++ b/src/afl-fuzz-state.c
@@ -95,6 +95,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) {
   afl->stage_name = "init";             /* Name of the current fuzz stage   */
   afl->splicing_with = -1;              /* Splicing with which test case?   */
   afl->cpu_to_bind = -1;
+  afl->havoc_stack_pow2 = HAVOC_STACK_POW2;
   afl->cal_cycles = CAL_CYCLES;
   afl->cal_cycles_long = CAL_CYCLES_LONG;
   afl->hang_tmout = EXEC_TIMEOUT;
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 002be0be..28507857 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -1368,9 +1368,14 @@ int main(int argc, char **argv_orig, char **envp) {
               break;
             case 2:
               // if (!have_p) afl->schedule = EXPLOIT;
+              afl->havoc_stack_pow2++;
               afl->expand_havoc = 3;
               break;
             case 3:
+              afl->havoc_stack_pow2++;
+              afl->expand_havoc = 4;
+              break;
+            case 4:
               // nothing else currently
               break;
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-18 02:00:34 +0000