diff options
| author | h1994st <h1994st@gmail.com> | 2020-03-07 10:29:14 -0500 |
|---|---|---|
| committer | h1994st <h1994st@gmail.com> | 2020-03-07 10:29:14 -0500 |
| commit | dc0b2dda5e4ec41ea491e63f0ec31c5da6fe7f1d (patch) | |
| tree | c94bdcd834b4d011df9e2f0fa4e7cd0fd8689019 /src/afl-fuzz-python.c | |
| parent | a10a3f2fa75f16bf7781a3c02cd23eab7164cff1 (diff) | |
| parent | ed5d65b54f07570c82f6704fdca403b776ff7be2 (diff) | |
| download | afl++-dc0b2dda5e4ec41ea491e63f0ec31c5da6fe7f1d.tar.gz | |
Merge branch 'master' of https://github.com/vanhauser-thc/AFLplusplus
Diffstat (limited to 'src/afl-fuzz-python.c')
| -rw-r--r-- | src/afl-fuzz-python.c | 93 |
1 files changed, 88 insertions, 5 deletions
diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index c22e4402..32f9f6ab 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -55,6 +55,8 @@ int init_py_module(u8* module_name) { py_functions[PY_FUNC_POST_TRIM] = PyObject_GetAttrString(py_module, "post_trim"); py_functions[PY_FUNC_TRIM] = PyObject_GetAttrString(py_module, "trim"); + py_functions[PY_FUNC_HAVOC_MUTATION] = PyObject_GetAttrString(py_module, "havoc_mutation"); + py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY] = PyObject_GetAttrString(py_module, "havoc_mutation_probability"); for (py_idx = 0; py_idx < PY_FUNC_COUNT; ++py_idx) { @@ -159,16 +161,15 @@ void init_py(unsigned int seed) { } } -size_t fuzz_py(u8* buf, size_t buf_size, - u8* add_buf, size_t add_buf_size, - u8* mutated_out, size_t max_size) { +size_t fuzz_py(u8** buf, size_t buf_size, u8* add_buf, size_t add_buf_size, + size_t max_size) { size_t mutated_size; PyObject *py_args, *py_value; py_args = PyTuple_New(3); /* buf */ - py_value = PyByteArray_FromStringAndSize(buf, buf_size); + py_value = PyByteArray_FromStringAndSize(*buf, buf_size); if (!py_value) { Py_DECREF(py_args); @@ -211,7 +212,10 @@ size_t fuzz_py(u8* buf, size_t buf_size, if (py_value != NULL) { mutated_size = PyByteArray_Size(py_value); - memcpy(mutated_out, PyByteArray_AsString(py_value), mutated_size); + if (buf_size < mutated_size) + *buf = ck_realloc(*buf, mutated_size); + + memcpy(*buf, PyByteArray_AsString(py_value), mutated_size); Py_DECREF(py_value); return mutated_size; @@ -359,5 +363,84 @@ void trim_py(u8** out_buf, size_t* out_buf_size) { } +size_t havoc_mutation_py(u8** buf, size_t buf_size, size_t max_size) { + + size_t mutated_size; + PyObject *py_args, *py_value; + py_args = PyTuple_New(2); + + /* buf */ + py_value = PyByteArray_FromStringAndSize(*buf, buf_size); + if (!py_value) { + + Py_DECREF(py_args); + FATAL("Failed to convert arguments"); + + } + + PyTuple_SetItem(py_args, 0, py_value); + + /* max_size */ +#if PY_MAJOR_VERSION >= 3 + py_value = PyLong_FromLong(max_size); +#else + py_value = PyInt_FromLong(max_size); +#endif + if (!py_value) { + + Py_DECREF(py_args); + FATAL("Failed to convert arguments"); + + } + + PyTuple_SetItem(py_args, 1, py_value); + + py_value = PyObject_CallObject(py_functions[PY_FUNC_HAVOC_MUTATION], py_args); + + Py_DECREF(py_args); + + if (py_value != NULL) { + + mutated_size = PyByteArray_Size(py_value); + if (buf_size < mutated_size) + *buf = ck_realloc(*buf, mutated_size); + + memcpy(*buf, PyByteArray_AsString(py_value), mutated_size); + + Py_DECREF(py_value); + return mutated_size; + + } else { + + PyErr_Print(); + FATAL("Call failed"); + + } + +} + +u8 havoc_mutation_probability_py(void) { + + PyObject *py_args, *py_value; + + py_args = PyTuple_New(0); + py_value = PyObject_CallObject(py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY], py_args); + Py_DECREF(py_args); + + if (py_value != NULL) { + + long prob = PyLong_AsLong(py_value); + Py_DECREF(py_value); + return (u8)prob; + + } else { + + PyErr_Print(); + FATAL("Call failed"); + + } + +} + #endif /* USE_PYTHON */ |