diff options
| author | Rishi Ranjan <43873720+rish9101@users.noreply.github.com> | 2020-05-08 23:38:27 +0530 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-08 20:08:27 +0200 |
| commit | 190f3024dad3713a1b2d3a42b5b99c662dd2cf58 (patch) | |
| tree | 4c7bb683bbc62e81c52f68d656f583a94cdd014e /src/afl-fuzz-run.c | |
| parent | 768053b6f25d5abd1b25f104e0233421bd1f73f9 (diff) | |
| download | afl++-190f3024dad3713a1b2d3a42b5b99c662dd2cf58.tar.gz | |
Support multiple custom mutators (#282)
* Make a list of custom mutators using env variable * Set up multiple custom mutators * Add destroy custom mutator and changes to load_custom_mutator * Use array instead of list, make changes to afl-fuzz-one for multiple mutators * Make change to fuzz-one custom_queue_get to support multiple mutators * Modify custom python mutator support * Fix bug * Fix missing afl->mutator->data * Revert to list with max count * Change custom_pre_save hook and code format * Free custom_mutator struct in the list * Add testcase for multiple custom mutators * Resolve merge conflict
Diffstat (limited to 'src/afl-fuzz-run.c')
| -rw-r--r-- | src/afl-fuzz-run.c | 49 |
1 files changed, 41 insertions, 8 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index b7f7f29c..3876dec7 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -89,21 +89,41 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) { #endif - if (unlikely(afl->mutator && afl->mutator->afl_custom_pre_save)) { + if (unlikely(afl->custom_mutators_count)) { u8 *new_buf = NULL; + ssize_t new_size = len; + void * new_mem = mem; - size_t new_size = afl->mutator->afl_custom_pre_save(afl->mutator->data, mem, - len, &new_buf); + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { - if (unlikely(!new_buf)) { + if (el->afl_custom_pre_save) { + new_size = el->afl_custom_pre_save( + el->data, new_mem, new_size, &new_buf + ); + + } + + new_mem = new_buf; + + } ); + + if (unlikely(!new_buf && (new_size <= 0))) { FATAL("Custom_pre_save failed (ret: %lu)", (long unsigned)new_size); + } else if (likely(new_buf)) { + + /* everything as planned. use the new data. */ + afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); + + } else { + + /* custom mutators do not has a custom_pre_save function */ + afl_fsrv_write_to_testcase(&afl->fsrv, mem, len); + } - /* everything as planned. use the new data. */ - afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); } else { @@ -513,10 +533,23 @@ void sync_fuzzers(afl_state_t *afl) { u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { /* Custom mutator trimmer */ - if (afl->mutator && afl->mutator->afl_custom_trim) { + if (afl->custom_mutators_count) { + + u8 trimmed_case = 0; + bool custom_trimmed = false; + + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + + if (el->afl_custom_trim) { + + trimmed_case = trim_case_custom(afl, q, in_buf, el); + custom_trimmed = true; + } - return trim_case_custom(afl, q, in_buf); + } ); + if (custom_trimmed) return trimmed_case; + } u8 needs_write = 0, fault = 0; |