diff options
| author | hexcoder- <heiko@hexco.de> | 2023-12-28 22:08:05 +0100 |
|---|---|---|
| committer | hexcoder- <heiko@hexco.de> | 2023-12-28 22:08:05 +0100 |
| commit | 25f9c1f4fb5c099ffc9cc93f7988f4fc4af9ab03 (patch) | |
| tree | caf02baa0ee84f63215000bd564d86cd79ec73bd /include | |
| parent | 934a02f7f638d5a0505afc1bd46b4d1a827b4689 (diff) | |
| parent | b01ef97569060bb9f7451d1c2c301b5e774b8358 (diff) | |
| download | afl++-25f9c1f4fb5c099ffc9cc93f7988f4fc4af9ab03.tar.gz | |
Merge branch 'dev' of https://github.com/AFLplusplus/AFLplusplus into dev
Diffstat (limited to 'include')
| -rw-r--r-- | include/afl-mutations.h | 35 | ||||
| -rw-r--r-- | include/config.h | 2 | ||||
| -rw-r--r-- | include/envs.h | 1 |
3 files changed, 27 insertions, 11 deletions
diff --git a/include/afl-mutations.h b/include/afl-mutations.h index d709b90d..75e66484 100644 --- a/include/afl-mutations.h +++ b/include/afl-mutations.h @@ -1082,6 +1082,7 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = { MUT_CLONE_COPY, MUT_CLONE_COPY, MUT_CLONE_COPY, + MUT_CLONE_COPY, MUT_CLONE_FIXED, MUT_CLONE_FIXED, MUT_CLONE_FIXED, @@ -2456,14 +2457,14 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } - char buf[20]; - snprintf(buf, sizeof(buf), "%" PRId64, val); + char numbuf[32]; + snprintf(numbuf, sizeof(buf), "%" PRId64, val); u32 old_len = off2 - off; - u32 new_len = strlen(buf); + u32 new_len = strlen(numbuf); if (old_len == new_len) { - memcpy(buf + off, buf, new_len); + memcpy(buf + off, numbuf, new_len); } else { @@ -2473,7 +2474,7 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, /* Inserted part */ - memcpy(tmp_buf + off, buf, new_len); + memcpy(tmp_buf + off, numbuf, new_len); /* Tail */ memcpy(tmp_buf + off + new_len, buf + off2, len - off2); @@ -2490,12 +2491,13 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, case MUT_INSERTASCIINUM: { - u32 len = 1 + rand_below(afl, 8); + u32 ins_len = 1 + rand_below(afl, 8); u32 pos = rand_below(afl, len); /* Insert ascii number. */ - if (unlikely(len < pos + len)) { + if (unlikely(len < pos + ins_len)) { + // no retry if we have a small input if (unlikely(len < 8)) { break; @@ -2509,9 +2511,22 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps, } u64 val = rand_next(afl); - char buf[20]; - snprintf(buf, sizeof(buf), "%llu", val); - memcpy(buf + pos, buf, len); + char numbuf[32]; + snprintf(numbuf, sizeof(numbuf), "%llu", val); + size_t val_len = strlen(numbuf), off; + + if (ins_len > val_len) { + + ins_len = val_len; + off = 0; + + } else { + + off = val_len - ins_len; + + } + + memcpy(buf + pos, numbuf + off, ins_len); break; diff --git a/include/config.h b/include/config.h index 988e536e..63340650 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++4.09a" +#define VERSION "++4.10a" /****************************************************** * * diff --git a/include/envs.h b/include/envs.h index 93e49e34..560092d9 100644 --- a/include/envs.h +++ b/include/envs.h @@ -172,6 +172,7 @@ static char *afl_environment_variables[] = { "AFL_LLVM_LTO_DONTWRITEID", "AFL_LLVM_LTO_SKIPINIT" "AFL_LLVM_LTO_STARTID", + "AFL_FUZZER_LOOPCOUNT", "AFL_NO_ARITH", "AFL_NO_AUTODICT", "AFL_NO_BUILTIN", |