diff options
| author | arnow117 <arnow117@163.com> | 2020-05-27 16:01:44 +0800 |
|---|---|---|
| committer | arnow117 <arnow117@163.com> | 2020-05-27 16:01:44 +0800 |
| commit | dab498c3b726cf4503abfbd61b62f65f92c9a4e9 (patch) | |
| tree | a265272b7bd991eda8c50975cbcabd2f26718e23 /src/afl-fuzz-one.c | |
| parent | d5bb9731fe1e4d80c050180f9fe05dd21d75e2b2 (diff) | |
| download | afl++-dab498c3b726cf4503abfbd61b62f65f92c9a4e9.tar.gz | |
fix MOPT implementation flaws in core fuzzing
Diffstat (limited to 'src/afl-fuzz-one.c')
| -rw-r--r-- | src/afl-fuzz-one.c | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index ddd15c84..5b1a2cba 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -4250,14 +4250,29 @@ pacemaker_fuzzing: u64 temp_temp_puppet = afl->queued_paths + afl->unique_crashes - temp_total_found; afl->total_puppet_find = afl->total_puppet_find + temp_temp_puppet; - for (i = 0; i < operator_num; ++i) { - if (MOpt_globals.cycles_v2[i] > MOpt_globals.cycles_v3[i]) { + if (MOpt_globals.is_pilot_mode){ - MOpt_globals.finds_v2[i] += temp_temp_puppet; + for (i = 0; i < operator_num; ++i) { + + if (MOpt_globals.cycles_v2[i] > MOpt_globals.cycles_v3[i]) { + + MOpt_globals.finds_v2[i] += temp_temp_puppet; + + } } + } else { + + for (i = 0; i < operator_num; i++) { + + if (afl->core_operator_cycles_puppet_v2[i] > afl->core_operator_cycles_puppet_v3[i]) + + afl->core_operator_finds_puppet_v2[i] += temp_temp_puppet; + + } + } } /* if */ @@ -4437,7 +4452,6 @@ pacemaker_fuzzing: afl->total_pacemaker_time += *MOpt_globals.pTime; *MOpt_globals.pTime = 0; - afl->temp_puppet_find = afl->total_puppet_find; new_hit_cnt = afl->queued_paths + afl->unique_crashes; if (MOpt_globals.is_pilot_mode) { @@ -4448,6 +4462,7 @@ pacemaker_fuzzing: } + afl->temp_puppet_find = afl->total_puppet_find; u64 temp_stage_finds_puppet = 0; for (i = 0; i < operator_num; ++i) { @@ -4530,6 +4545,15 @@ pacemaker_fuzzing: } else { + for (i = 0; i < operator_num; i++) + { + + afl->core_operator_finds_puppet[i] = afl->core_operator_finds_puppet_v2[i]; + afl->core_operator_cycles_puppet[i] = afl->core_operator_cycles_puppet_v2[i]; + temp_stage_finds_puppet += afl->core_operator_finds_puppet[i]; + + } + afl->key_module = 2; afl->old_hit_count = new_hit_cnt; |