diff options
| author | van Hauser <vh@thc.org> | 2020-05-12 11:04:18 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-05-12 11:04:18 +0200 |
| commit | 1317433a51a7f7336c82c80a592835ddda9ef60f (patch) | |
| tree | e623506f1d0a8771c3fc266eed0a75b626a88724 /src/afl-fuzz-run.c | |
| parent | bdd2a412c476cbd5aea0fff67ef096305815953b (diff) | |
| parent | a578d719e1f556db07ca3c7e2fe38b7668c204d8 (diff) | |
| download | afl++-1317433a51a7f7336c82c80a592835ddda9ef60f.tar.gz | |
Merge pull request #359 from AFLplusplus/dev
push to master
Diffstat (limited to 'src/afl-fuzz-run.c')
| -rw-r--r-- | src/afl-fuzz-run.c | 77 |
1 files changed, 67 insertions, 10 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 692026d4..4a22dad6 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -30,13 +30,37 @@ #include "cmplog.h" +#ifdef PROFILING +u64 time_spent_working = 0; +#endif + /* Execute target application, monitoring for timeouts. Return status information. The called program will update afl->fsrv->trace_bits. */ fsrv_run_result_t fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { +#ifdef PROFILING + static u64 time_spent_start = 0; + struct timespec spec; + if (time_spent_start) { + + u64 current; + clock_gettime(CLOCK_REALTIME, &spec); + current = (spec.tv_sec * 1000000000) + spec.tv_nsec; + time_spent_working += (current - time_spent_start); + + } + +#endif + fsrv_run_result_t res = afl_fsrv_run_target(fsrv, timeout, &afl->stop_soon); + +#ifdef PROFILING + clock_gettime(CLOCK_REALTIME, &spec); + time_spent_start = (spec.tv_sec * 1000000000) + spec.tv_nsec; +#endif + // TODO: Don't classify for faults? classify_counts(fsrv); return res; @@ -65,21 +89,40 @@ void write_to_testcase(afl_state_t *afl, void *mem, u32 len) { #endif - if (unlikely(afl->mutator && afl->mutator->afl_custom_pre_save)) { + if (unlikely(afl->custom_mutators_count)) { + + u8 * new_buf = NULL; + ssize_t new_size = len; + void * new_mem = mem; + + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + + if (el->afl_custom_pre_save) { + + new_size = + el->afl_custom_pre_save(el->data, new_mem, new_size, &new_buf); - u8 *new_buf = NULL; + } + + new_mem = new_buf; - size_t new_size = afl->mutator->afl_custom_pre_save(afl->mutator->data, mem, - len, &new_buf); + }); - if (unlikely(!new_buf)) { + if (unlikely(!new_buf && (new_size <= 0))) { FATAL("Custom_pre_save failed (ret: %lu)", (long unsigned)new_size); - } + } else if (likely(new_buf)) { + + /* everything as planned. use the new data. */ + afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); - /* everything as planned. use the new data. */ - afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); + } else { + + /* custom mutators do not has a custom_pre_save function */ + afl_fsrv_write_to_testcase(&afl->fsrv, mem, len); + + } } else { @@ -489,9 +532,23 @@ void sync_fuzzers(afl_state_t *afl) { u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { /* Custom mutator trimmer */ - if (afl->mutator && afl->mutator->afl_custom_trim) { + if (afl->custom_mutators_count) { + + u8 trimmed_case = 0; + bool custom_trimmed = false; + + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { + + if (el->afl_custom_trim) { + + trimmed_case = trim_case_custom(afl, q, in_buf, el); + custom_trimmed = true; + + } + + }); - return trim_case_custom(afl, q, in_buf); + if (custom_trimmed) return trimmed_case; } |