diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-04-22 13:51:40 +0200 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-04-22 13:51:40 +0200 |
| commit | df8a0e84184a408a463c29443cfa3ee9fa556896 (patch) | |
| tree | 0257c84abe8b4f9859caf2f35244adc7146ee994 /src/afl-fuzz-python.c | |
| parent | b8a25063f678c8afe3c1390d6a6ba130b0500e26 (diff) | |
| parent | 6df21f3489ea482362983eda7e51c040d06e56f1 (diff) | |
| download | afl++-df8a0e84184a408a463c29443cfa3ee9fa556896.tar.gz | |
Merge branch 'dev' of github.com:vanhauser-thc/AFLplusplus into dev
Diffstat (limited to 'src/afl-fuzz-python.c')
| -rw-r--r-- | src/afl-fuzz-python.c | 68 |
1 files changed, 50 insertions, 18 deletions
diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 33f01797..64cabcad 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -42,7 +42,7 @@ it just fills in `&py_mutator->something_buf, &py_mutator->something_size`. */ &((py_mutator_t *)py_mutator)->name##_size static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, - u8 *add_buf, size_t add_buf_size, size_t max_size) { + u8 *add_buf, size_t add_buf_size, size_t max_size) { size_t mutated_size; PyObject *py_args, *py_value; @@ -111,10 +111,10 @@ static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf, static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { - if (!module_name) return NULL; + if (!module_name) { return NULL; } py_mutator_t *py = calloc(1, sizeof(py_mutator_t)); - if (!py) PFATAL("Could not allocate memory for python mutator!"); + if (!py) { PFATAL("Could not allocate memory for python mutator!"); } Py_Initialize(); @@ -160,12 +160,12 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { if (py_idx == PY_FUNC_PRE_SAVE) { // Implenting the pre_save API is optional for now - if (PyErr_Occurred()) PyErr_Print(); + if (PyErr_Occurred()) { PyErr_Print(); } } else if (py_idx >= PY_FUNC_INIT_TRIM && py_idx <= PY_FUNC_TRIM) { // Implementing the trim API is optional for now - if (PyErr_Occurred()) PyErr_Print(); + if (PyErr_Occurred()) { PyErr_Print(); } py_notrim = 1; } else if ((py_idx >= PY_FUNC_HAVOC_MUTATION) && @@ -173,11 +173,11 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { (py_idx <= PY_FUNC_QUEUE_NEW_ENTRY)) { // Implenting the havoc and queue API is optional for now - if (PyErr_Occurred()) PyErr_Print(); + if (PyErr_Occurred()) { PyErr_Print(); } } else { - if (PyErr_Occurred()) PyErr_Print(); + if (PyErr_Occurred()) { PyErr_Print(); } fprintf(stderr, "Cannot find/call function with index %d in external " "Python module.\n", @@ -222,9 +222,12 @@ void finalize_py_module(void *py_mutator) { deinit_py(py_mutator); u32 i; - for (i = 0; i < PY_FUNC_COUNT; ++i) + for (i = 0; i < PY_FUNC_COUNT; ++i) { + Py_XDECREF(py->py_functions[i]); + } + Py_DECREF(py->py_module); } @@ -308,38 +311,67 @@ void load_custom_mutator_py(afl_state_t *afl, char *module_name) { PyObject **py_functions = py_mutator->py_functions; - if (py_functions[PY_FUNC_INIT]) afl->mutator->afl_custom_init = unsupported; + if (py_functions[PY_FUNC_INIT]) { + + afl->mutator->afl_custom_init = unsupported; - if (py_functions[PY_FUNC_DEINIT]) afl->mutator->afl_custom_deinit = deinit_py; + } + + if (py_functions[PY_FUNC_DEINIT]) { + + afl->mutator->afl_custom_deinit = deinit_py; + + } /* "afl_custom_fuzz" should not be NULL, but the interface of Python mutator is quite different from the custom mutator. */ afl->mutator->afl_custom_fuzz = fuzz_py; - if (py_functions[PY_FUNC_PRE_SAVE]) + if (py_functions[PY_FUNC_PRE_SAVE]) { + afl->mutator->afl_custom_pre_save = pre_save_py; - if (py_functions[PY_FUNC_INIT_TRIM]) + } + + if (py_functions[PY_FUNC_INIT_TRIM]) { + afl->mutator->afl_custom_init_trim = init_trim_py; - if (py_functions[PY_FUNC_POST_TRIM]) + } + + if (py_functions[PY_FUNC_POST_TRIM]) { + afl->mutator->afl_custom_post_trim = post_trim_py; - if (py_functions[PY_FUNC_TRIM]) afl->mutator->afl_custom_trim = trim_py; + } + + if (py_functions[PY_FUNC_TRIM]) { afl->mutator->afl_custom_trim = trim_py; } + + if (py_functions[PY_FUNC_HAVOC_MUTATION]) { - if (py_functions[PY_FUNC_HAVOC_MUTATION]) afl->mutator->afl_custom_havoc_mutation = havoc_mutation_py; - if (py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY]) + } + + if (py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY]) { + afl->mutator->afl_custom_havoc_mutation_probability = havoc_mutation_probability_py; - if (py_functions[PY_FUNC_QUEUE_GET]) + } + + if (py_functions[PY_FUNC_QUEUE_GET]) { + afl->mutator->afl_custom_queue_get = queue_get_py; - if (py_functions[PY_FUNC_QUEUE_NEW_ENTRY]) + } + + if (py_functions[PY_FUNC_QUEUE_NEW_ENTRY]) { + afl->mutator->afl_custom_queue_new_entry = queue_new_entry_py; + } + OKF("Python mutator '%s' installed successfully.", module_name); /* Initialize the custom mutator */ |