diff options
| author | van Hauser <vh@thc.org> | 2020-06-25 16:51:29 +0200 |
|---|---|---|
| committer | van Hauser <vh@thc.org> | 2020-06-25 16:51:29 +0200 |
| commit | 8178f4dfddfb51f7a3e2f94e67bb9cf7332c7ef1 (patch) | |
| tree | 1c72f66dfa99ed06e79d095f7d1fca37e859e88b /src/afl-fuzz-one.c | |
| parent | 4a3305c0074cc6172faac12934bb2ad367d23759 (diff) | |
| download | afl++-8178f4dfddfb51f7a3e2f94e67bb9cf7332c7ef1.tar.gz | |
remove radamsa, add radamsa custom mutator
Diffstat (limited to 'src/afl-fuzz-one.c')
| -rw-r--r-- | src/afl-fuzz-one.c | 62 |
1 files changed, 2 insertions, 60 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 60db9777..dfb103d7 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -554,8 +554,6 @@ u8 fuzz_one_original(afl_state_t *afl) { if (unlikely(perf_score == 0)) { goto abandon_entry; } - if (unlikely(afl->use_radamsa > 1)) { goto radamsa_stage; } - if (afl->shm.cmplog_mode && !afl->queue_cur->fully_colorized) { if (input_to_state_stage(afl, in_buf, out_buf, len, @@ -1685,6 +1683,7 @@ custom_mutator_stage: retry_external_pick: /* Pick a random other queue entry for passing to external API */ + do { tid = rand_below(afl, afl->queued_paths); @@ -1709,7 +1708,7 @@ custom_mutator_stage: /* Make sure that the target has a reasonable length. */ while (target && (target->len < 2 || target == afl->queue_cur) && - afl->queued_paths > 1) { + afl->queued_paths > 3) { target = target->next; ++afl->splicing_with; @@ -2426,63 +2425,6 @@ retry_splicing: #endif /* !IGNORE_FINDS */ ret_val = 0; - goto radamsa_stage; - -radamsa_stage: - - if (likely(!afl->use_radamsa || !afl->radamsa_mutate_ptr)) { - - goto abandon_entry; - - } - - afl->stage_name = "radamsa"; - afl->stage_short = "radamsa"; - afl->stage_max = (HAVOC_CYCLES * perf_score / afl->havoc_div / 100) - << afl->use_radamsa; - - if (afl->stage_max < HAVOC_MIN) { afl->stage_max = HAVOC_MIN; } - - orig_hit_cnt = afl->queued_paths + afl->unique_crashes; - - /* Read the additional testcase. - We'll reuse in_scratch, as it is free at this point. - */ - u8 *save_buf = ck_maybe_grow(BUF_PARAMS(in_scratch), len); - memcpy(save_buf, out_buf, len); - - u32 max_len = len + choose_block_len(afl, HAVOC_BLK_XL); - u8 *new_buf = ck_maybe_grow(BUF_PARAMS(out_scratch), max_len); - u8 *tmp_buf; - - for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { - - u32 new_len = afl->radamsa_mutate_ptr(save_buf, len, new_buf, max_len, - rand_get_seed(afl)); - - if (new_len) { - - temp_len = new_len; - tmp_buf = new_buf; - - } else { - - tmp_buf = save_buf; // nope but I dont care - temp_len = len; - - } - - if (common_fuzz_stuff(afl, tmp_buf, temp_len)) { goto abandon_entry; } - - } - - new_hit_cnt = afl->queued_paths + afl->unique_crashes; - - afl->stage_finds[STAGE_RADAMSA] += new_hit_cnt - orig_hit_cnt; - afl->stage_cycles[STAGE_RADAMSA] += afl->stage_max; - - ret_val = 0; - goto abandon_entry; /* we are through with this queue entry - for this iteration */ abandon_entry: |