diff options
| author | Dominik Maier <domenukk@gmail.com> | 2020-03-25 21:54:52 +0100 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-03-27 11:06:06 +0100 |
| commit | e9c7610cb7d309f4c7fd1fd6435c29e736869772 (patch) | |
| tree | e267887caa0f5473e3d795a84c54c5ee8116f449 /examples | |
| parent | 3c3a5aa503a137c7f9a487ab82e93c638e699c03 (diff) | |
| download | afl++-e9c7610cb7d309f4c7fd1fd6435c29e736869772.tar.gz | |
edited custom mutator pre_save api
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/custom_mutators/example.c | 25 |
1 files changed, 17 insertions, 8 deletions
diff --git a/examples/custom_mutators/example.c b/examples/custom_mutators/example.c index 2df17dec..3e708db8 100644 --- a/examples/custom_mutators/example.c +++ b/examples/custom_mutators/example.c @@ -12,6 +12,7 @@ #include <stdint.h> #include <stdlib.h> #include <string.h> +#include <stdio.h> #define DATA_SIZE (100) @@ -112,21 +113,29 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t **buf, size_t buf_size, * @param[in] data pointer returned in afl_custom_init for this fuzz case * @param[in] buf Buffer containing the test case to be executed * @param[in] buf_size Size of the test case - * @param[out] out_buf Pointer to the buffer containing the test case after + * @param[in] out_buf Pointer to the buffer containing the test case after * processing. External library should allocate memory for out_buf. AFL++ * will release the memory after saving the test case. - * @return Size of the output buffer after processing + * out_buf will always be at least as large as buf. + * @param[in] out_buf_size The maximum size we may use. + * In case we need to have this bigger, simply return that. + * @return Size of the output buffer after processing or the needed amount. + * return 0 to indicate the original buf should be used. */ size_t afl_custom_pre_save(my_mutator_t *data, uint8_t *buf, size_t buf_size, - uint8_t **out_buf) { + uint8_t *out_buf, size_t out_buf_size) { - size_t out_buf_size; + // In case we need more than out_buf_size, we return that amount and get + // called again. + if (out_buf_size < 32000) return 32000; + memcpy(out_buf, buf, buf_size); out_buf_size = buf_size; - - // External mutator should allocate memory for `out_buf` - *out_buf = malloc(out_buf_size); - memcpy(*out_buf, buf, out_buf_size); + out_buf[0] = 'A'; + out_buf[1] = 'F'; + out_buf[2] = 'L'; + out_buf[3] = '+'; + out_buf[4] = '+'; return out_buf_size; |