diff options
| author | Dominik Maier <domenukk@gmail.com> | 2020-03-27 21:59:08 +0100 |
|---|---|---|
| committer | Dominik Maier <domenukk@gmail.com> | 2020-04-01 13:10:05 +0200 |
| commit | 71f8cc9dd2b38405755c2727997730d525b73b7e (patch) | |
| tree | 20dbb990992deeb0c76837aac476493c521dabf4 /include | |
| parent | 5cc50bb979958bc40a331374fb0d3751e3ba5ca6 (diff) | |
| download | afl++-71f8cc9dd2b38405755c2727997730d525b73b7e.tar.gz | |
almost
Diffstat (limited to 'include')
| -rw-r--r-- | include/afl-fuzz.h | 21 | ||||
| -rw-r--r-- | include/alloc-inl.h | 40 |
2 files changed, 61 insertions, 0 deletions
diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 530a4b6a..2154d860 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -583,6 +583,27 @@ typedef struct afl_state { u8 clean_trace_custom[MAP_SIZE]; u8 first_trace[MAP_SIZE]; +/*needed for afl_fuzz_one */ +// TODO: see which we can reuse + u8 *out_buf; + size_t out_size; + + u8 *out_scratch_buf; + size_t out_scratch_size; + + u8 *eff_buf; + size_t eff_size; + + u8 *in_buf; + size_t in_size; + + u8 *in_scratch_buf; + size_t in_scratch_size; + + u8 *ex_buf; + size_t ex_size; + + } afl_state_t; /* A global pointer to all instances is needed (for now) for signals to arrive diff --git a/include/alloc-inl.h b/include/alloc-inl.h index c8783d96..75b038c1 100644 --- a/include/alloc-inl.h +++ b/include/alloc-inl.h @@ -35,6 +35,9 @@ #include "types.h" #include "debug.h" +/* Initial size used for ck_maybe_grow */ +#define INITIAL_GROWTH_SIZE (64) + // Be careful! _WANT_ORIGINAL_AFL_ALLOC is not compatible with custom mutators #ifndef _WANT_ORIGINAL_AFL_ALLOC @@ -764,5 +767,42 @@ static inline void TRK_ck_free(void *ptr, const char *file, const char *func, #endif /* _WANT_ORIGINAL_AFL_ALLOC */ +/* This function makes sure *size is > size_needed after call. + It will realloc *buf otherwise. + *size will grow exponentially as per: + https://blog.mozilla.org/nnethercote/2014/11/04/please-grow-your-buffers-exponentially/ + Will FATAL if size_needed is <1 or *size is negative. + @return For convenience, this function returns *buf. + */ +static inline void *ck_maybe_grow(void **buf, size_t *size, size_t size_needed) { + + /* Oops. found a bug? */ + if (unlikely(size_needed < 1)) FATAL("cannot grow to non-positive size"); + + /* No need to realloc */ + if (likely(*size >= size_needed)) return *buf; + if (unlikely(*size < 0)) FATAL("Negative size detected!"); + /* No inital size was set */ + if (*size == 0) *size = INITIAL_GROWTH_SIZE; + while (*size < size_needed) { + *size *= 2; + } + *buf = ck_realloc(*buf, *size); + return *buf; + +} + +/* Swaps buf1 ptr and buf2 ptr, as well as their sizes */ +static inline void swap_bufs(void **buf1, size_t *size1, void **buf2, size_t *size2) { + void *scratch_buf = *buf1; + size_t scratch_size = *size1; + *buf1 = *buf2; + *size1 = *size2; + *buf2 = scratch_buf; + *size2 = scratch_size; +} + +#undef INITIAL_GROWTH_SIZE + #endif /* ! _HAVE_ALLOC_INL_H */ |