diff options
| author | van Hauser <vh@thc.org> | 2020-08-04 23:22:42 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-08-04 23:22:42 +0200 |
| commit | c8354d751606e0f7a0364685958036bb7031e35a (patch) | |
| tree | bcf0c5cde94a34893f019af12b4ebaccc9932dfe /include/afl-fuzz.h | |
| parent | 79f873a5979a118938c46a74aded85eeaba7db1b (diff) | |
| download | afl++-c8354d751606e0f7a0364685958036bb7031e35a.tar.gz | |
new rand mode for data offsets that prefer low offset values
Diffstat (limited to 'include/afl-fuzz.h')
| -rw-r--r-- | include/afl-fuzz.h | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index b82ddb4a..dac99a76 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1001,6 +1001,30 @@ static inline u32 rand_below(afl_state_t *afl, u32 limit) { } +/* we prefer lower range values here */ +/* this is only called with normal havoc, not MOpt, to have an equalizer for + expand havoc mode */ +static inline u32 rand_below_datalen(afl_state_t *afl, u32 limit) { + + switch (rand_below(afl, 3)) { + + case 2: + return (rand_below(afl, limit) % rand_below(afl, limit)) % + rand_below(afl, limit); + break; + case 1: + return rand_below(afl, limit) % rand_below(afl, limit); + break; + case 0: + return rand_below(afl, limit); + break; + + } + + return 1; // cannot be reached + +} + static inline s64 rand_get_seed(afl_state_t *afl) { if (unlikely(afl->fixed_seed)) { return afl->init_seed; } |