diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-10-10 19:46:46 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2019-10-10 19:46:46 +0200 |
| commit | 9de74cce92ed9a6552d518b195fc1dfb02fa584d (patch) | |
| tree | 26d2c378b99ad7e912bbc79632871105e8fa1743 /src/afl-fuzz-one.c | |
| parent | 125a59df91bb09f3288371185c15a48a08376bfe (diff) | |
| download | afl++-9de74cce92ed9a6552d518b195fc1dfb02fa584d.tar.gz | |
radamsa mutator as havoc cycle replacement with probability 1/24
Diffstat (limited to 'src/afl-fuzz-one.c')
| -rw-r--r-- | src/afl-fuzz-one.c | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 31d58a10..5a53de4d 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -24,6 +24,9 @@ */ #include "afl-fuzz.h" +#include "radamsa.h" + +#define RADAMSA_CHANCE 24 /* MOpt */ @@ -1728,11 +1731,61 @@ havoc_stage: for (stage_cur = 0; stage_cur < stage_max; ++stage_cur) { + if (use_radamsa && UR(RADAMSA_CHANCE) == 0) { + + u32 max_len = temp_len + choose_block_len(HAVOC_BLK_XL); + u8* new_buf = ck_alloc_nozero(max_len); + + u32 new_len = radamsa_mutate(out_buf, temp_len, new_buf, max_len, get_rand_seed()); + + if (new_len) { + + temp_len = new_len; + ck_free(out_buf); + out_buf = new_buf; + + } else { + + ck_free(new_buf); + + } + + goto havoc_run_point; + + } + u32 use_stacking = 1 << (1 + UR(HAVOC_STACK_POW2)); stage_cur_val = use_stacking; for (i = 0; i < use_stacking; ++i) { + + /*if (use_radamsa && UR(RADAMSA_CHANCE) == 0) { + + // Ramdsa stage stacked with the AFL havoc mutations. + // This is very slow, I maintain the commendted code for future or + // particular uses. + + u32 max_len = temp_len + choose_block_len(HAVOC_BLK_XL); + u8* new_buf = ck_alloc_nozero(max_len); + + u32 new_len = radamsa_mutate(out_buf, temp_len, new_buf, max_len, get_rand_seed()); + + if (new_len) { + + temp_len = new_len; + ck_free(out_buf); + out_buf = new_buf; + + } else { + + ck_free(new_buf); + + } + + continue; + + }*/ switch (UR(15 + ((extras_cnt + a_extras_cnt) ? 2 : 0))) { @@ -2108,6 +2161,8 @@ havoc_stage: } +havoc_run_point: + if (common_fuzz_stuff(argv, out_buf, temp_len)) goto abandon_entry; /* out_buf might have been mangled a bit, so let's restore it to its |