diff options
| author | vanhauser-thc <vh@thc.org> | 2024-05-21 16:31:42 +0200 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2024-05-21 16:31:42 +0200 |
| commit | 92a8c2804f10bb1d6ad2cf29272e15ffc6de1563 (patch) | |
| tree | 716e468bd25c796b4cad73bbe8a51b3f8a25c604 /custom_mutators | |
| parent | e1521fa8ebdd2c95ed4f8db6f0835eb3738b3d4c (diff) | |
| download | afl++-92a8c2804f10bb1d6ad2cf29272e15ffc6de1563.tar.gz | |
fix the fix for symcc
Diffstat (limited to 'custom_mutators')
| -rw-r--r-- | custom_mutators/symcc/symcc.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/custom_mutators/symcc/symcc.c b/custom_mutators/symcc/symcc.c index 154a82bb..33e11772 100644 --- a/custom_mutators/symcc/symcc.c +++ b/custom_mutators/symcc/symcc.c @@ -22,10 +22,10 @@ afl_state_t *afl_struct; typedef struct my_mutator { afl_state_t *afl; - u8 * mutator_buf; - u8 * out_dir; - u8 * tmp_dir; - u8 * target; + u8 *mutator_buf; + u8 *out_dir; + u8 *tmp_dir; + u8 *target; uint32_t seed; } my_mutator_t; @@ -101,7 +101,7 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { /* When a new queue entry is added we run this input with the symcc instrumented binary */ -uint8_t afl_custom_queue_new_entry(my_mutator_t * data, +uint8_t afl_custom_queue_new_entry(my_mutator_t *data, const uint8_t *filename_new_queue, const uint8_t *filename_orig_queue) { @@ -176,7 +176,7 @@ uint8_t afl_custom_queue_new_entry(my_mutator_t * data, struct dirent **nl; int32_t items = scandir(data->tmp_dir, &nl, NULL, NULL); - u8 * origin_name = basename(filename_new_queue); + u8 *origin_name = basename(filename_new_queue); int32_t i; if (items > 0) { @@ -187,8 +187,8 @@ uint8_t afl_custom_queue_new_entry(my_mutator_t * data, DBG("test=%s\n", fn); if (stat(source_name, &st) == 0 && S_ISREG(st.st_mode) && st.st_size) { - u8 *destination_name = - alloc_printf("%s/%s.%s", data->out_dir, origin_name, nl[i]->d_name); + u8 *destination_name = alloc_printf("%s/%s.%s", data->out_dir, + origin_name, nl[i]->d_name); rename(source_name, destination_name); ck_free(destination_name); DBG("found=%s\n", source_name); @@ -248,7 +248,7 @@ uint32_t afl_custom_fuzz_count(my_mutator_t *data, const u8 *buf, for (i = 0; i < (u32)items; ++i) { struct stat st; - u8 * fn = alloc_printf("%s/%s", data->out_dir, nl[i]->d_name); + u8 *fn = alloc_printf("%s/%s", data->out_dir, nl[i]->d_name); DBG("test=%s\n", fn); if (stat(fn, &st) == 0 && S_ISREG(st.st_mode) && st.st_size) { @@ -282,13 +282,13 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, if (items <= 0) return 0; - for (i = 0; i < (u32)items; ++i) { - - struct stat st; - u8 * fn = alloc_printf("%s/%s", data->out_dir, nl[i]->d_name); + for (i = 0; i < (s32)items; ++i) { if (!done) { + struct stat st; + u8 *fn = alloc_printf("%s/%s", data->out_dir, nl[i]->d_name); + if (stat(fn, &st) == 0 && S_ISREG(st.st_mode) && st.st_size) { int fd = open(fn, O_RDONLY); @@ -299,16 +299,17 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, *out_buf = data->mutator_buf; close(fd); - unlink(fn); done = 1; } } + unlink(fn); + ck_free(fn); + } - ck_free(fn); free(nl[i]); } |