diff options
| author | h1994st <h1994st@gmail.com> | 2020-03-03 19:48:13 -0500 |
|---|---|---|
| committer | h1994st <h1994st@gmail.com> | 2020-03-03 19:48:13 -0500 |
| commit | df465216583afcc0e65e4468e6383afd7a688ddc (patch) | |
| tree | 84ee509f58fc76aee6f4ba9d0aa9e44f256f50e8 /src/afl-fuzz-python.c | |
| parent | 90506479e7de57c97d97958c61b2513009687d90 (diff) | |
| download | afl++-df465216583afcc0e65e4468e6383afd7a688ddc.tar.gz | |
Finish refactoring APIs for the custom mutator and Python module
- Remove AFL_PYTHON_ONLY (env) and python_only (variable)
- Unify fuzz API of the custom mutator and Python module
- Merge the custom mutator into the old python_stage, which is now renamed to custom_mutator_stage
Diffstat (limited to 'src/afl-fuzz-python.c')
| -rw-r--r-- | src/afl-fuzz-python.c | 108 |
1 files changed, 27 insertions, 81 deletions
diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index c8caa4c1..c22e4402 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -159,67 +159,16 @@ void init_py(unsigned int seed) { } } -void fuzz_py_original(char* buf, size_t buflen, - char* add_buf, size_t add_buflen, - char** ret, size_t* retlen) { +size_t fuzz_py(u8* buf, size_t buf_size, + u8* add_buf, size_t add_buf_size, + u8* mutated_out, size_t max_size) { - if (py_module != NULL) { - - PyObject *py_args, *py_value; - py_args = PyTuple_New(2); - py_value = PyByteArray_FromStringAndSize(buf, buflen); - if (!py_value) { - - Py_DECREF(py_args); - fprintf(stderr, "Cannot convert argument\n"); - return; - - } - - PyTuple_SetItem(py_args, 0, py_value); - - py_value = PyByteArray_FromStringAndSize(add_buf, add_buflen); - if (!py_value) { - - Py_DECREF(py_args); - fprintf(stderr, "Cannot convert argument\n"); - return; - - } - - PyTuple_SetItem(py_args, 1, py_value); - - py_value = PyObject_CallObject(py_functions[PY_FUNC_FUZZ], py_args); - - Py_DECREF(py_args); - - if (py_value != NULL) { - - *retlen = PyByteArray_Size(py_value); - *ret = malloc(*retlen); - memcpy(*ret, PyByteArray_AsString(py_value), *retlen); - Py_DECREF(py_value); - - } else { - - PyErr_Print(); - fprintf(stderr, "Call failed\n"); - return; - - } - - } - -} - -size_t fuzz_py(u8* data, size_t size, u8* mutated_out, size_t max_size, - unsigned int seed) { - - size_t out_size; + size_t mutated_size; PyObject *py_args, *py_value; py_args = PyTuple_New(3); - py_value = PyByteArray_FromStringAndSize(data, size); + /* buf */ + py_value = PyByteArray_FromStringAndSize(buf, buf_size); if (!py_value) { Py_DECREF(py_args); @@ -229,11 +178,8 @@ size_t fuzz_py(u8* data, size_t size, u8* mutated_out, size_t max_size, PyTuple_SetItem(py_args, 0, py_value); -#if PY_MAJOR_VERSION >= 3 - py_value = PyLong_FromLong(max_size); -#else - py_value = PyInt_FromLong(max_size); -#endif + /* add_buf */ + py_value = PyByteArray_FromStringAndSize(add_buf, add_buf_size); if (!py_value) { Py_DECREF(py_args); @@ -243,10 +189,11 @@ size_t fuzz_py(u8* data, size_t size, u8* mutated_out, size_t max_size, PyTuple_SetItem(py_args, 1, py_value); + /* max_size */ #if PY_MAJOR_VERSION >= 3 - py_value = PyLong_FromLong(seed); + py_value = PyLong_FromLong(max_size); #else - py_value = PyInt_FromLong(seed); + py_value = PyInt_FromLong(max_size); #endif if (!py_value) { @@ -263,11 +210,10 @@ size_t fuzz_py(u8* data, size_t size, u8* mutated_out, size_t max_size, if (py_value != NULL) { - out_size = PyByteArray_Size(py_value); - memcpy(mutated_out, PyByteArray_AsString(py_value), out_size); + mutated_size = PyByteArray_Size(py_value); + memcpy(mutated_out, PyByteArray_AsString(py_value), mutated_size); Py_DECREF(py_value); - - return out_size; + return mutated_size; } else { @@ -278,12 +224,12 @@ size_t fuzz_py(u8* data, size_t size, u8* mutated_out, size_t max_size, } -size_t pre_save_py(u8* data, size_t size, u8** new_data) { +size_t pre_save_py(u8* buf, size_t buf_size, u8** out_buf) { - size_t new_size; + size_t out_buf_size; PyObject *py_args, *py_value; py_args = PyTuple_New(2); - py_value = PyByteArray_FromStringAndSize(data, size); + py_value = PyByteArray_FromStringAndSize(buf, buf_size); if (!py_value) { Py_DECREF(py_args); @@ -299,11 +245,11 @@ size_t pre_save_py(u8* data, size_t size, u8** new_data) { if (py_value != NULL) { - new_size = PyByteArray_Size(py_value); - *new_data = malloc(new_size); - memcpy(*new_data, PyByteArray_AsString(py_value), new_size); + out_buf_size = PyByteArray_Size(py_value); + *out_buf = malloc(out_buf_size); + memcpy(*out_buf, PyByteArray_AsString(py_value), out_buf_size); Py_DECREF(py_value); - return new_size; + return out_buf_size; } else { @@ -314,12 +260,12 @@ size_t pre_save_py(u8* data, size_t size, u8** new_data) { } -u32 init_trim_py(u8* buf, size_t buflen) { +u32 init_trim_py(u8* buf, size_t buf_size) { PyObject *py_args, *py_value; py_args = PyTuple_New(1); - py_value = PyByteArray_FromStringAndSize(buf, buflen); + py_value = PyByteArray_FromStringAndSize(buf, buf_size); if (!py_value) { Py_DECREF(py_args); @@ -389,7 +335,7 @@ u32 post_trim_py(u8 success) { } -void trim_py(u8** ret, size_t* retlen) { +void trim_py(u8** out_buf, size_t* out_buf_size) { PyObject *py_args, *py_value; @@ -399,9 +345,9 @@ void trim_py(u8** ret, size_t* retlen) { if (py_value != NULL) { - *retlen = PyByteArray_Size(py_value); - *ret = malloc(*retlen); - memcpy(*ret, PyByteArray_AsString(py_value), *retlen); + *out_buf_size = PyByteArray_Size(py_value); + *out_buf = malloc(*out_buf_size); + memcpy(*out_buf, PyByteArray_AsString(py_value), *out_buf_size); Py_DECREF(py_value); } else { |