diff options
| author | van Hauser <vh@thc.org> | 2022-05-16 12:34:38 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-05-16 12:34:38 +0200 |
| commit | a2eb1f14126cffd046c44d5e87e945ed2699cec5 (patch) | |
| tree | 2eecf55a92eec04e67aa3a9d9bec8e5f50659de6 /src/afl-fuzz-run.c | |
| parent | c7bb0a9638a8929a5b664f16032c23a55a84be70 (diff) | |
| parent | c08eeb95ca78625cf3f8a96bd04320c57c50d0f1 (diff) | |
| download | afl++-a2eb1f14126cffd046c44d5e87e945ed2699cec5.tar.gz | |
Merge pull request #1404 from AFLplusplus/dev
push to stable
Diffstat (limited to 'src/afl-fuzz-run.c')
| -rw-r--r-- | src/afl-fuzz-run.c | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index ffba3475..09e773f0 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -74,7 +74,7 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { rewound and truncated. */ u32 __attribute__((hot)) -write_to_testcase(afl_state_t *afl, void *mem, u32 len, u32 fix) { +write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { #ifdef _AFL_DOCUMENT_MUTATIONS s32 doc_fd; @@ -86,7 +86,7 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len, u32 fix) { if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_PERMISSION)) >= 0) { - if (write(doc_fd, mem, len) != len) + if (write(doc_fd, *mem, len) != len) PFATAL("write to mutation file failed: %s", fn); close(doc_fd); @@ -97,7 +97,7 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len, u32 fix) { if (unlikely(afl->custom_mutators_count)) { ssize_t new_size = len; - u8 * new_mem = mem; + u8 * new_mem = *mem; u8 * new_buf = NULL; LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { @@ -130,8 +130,14 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len, u32 fix) { } + if (new_mem != *mem) { + + *mem = new_mem; + + } + /* everything as planned. use the potentially new data. */ - afl_fsrv_write_to_testcase(&afl->fsrv, new_mem, new_size); + afl_fsrv_write_to_testcase(&afl->fsrv, *mem, new_size); len = new_size; } else { @@ -147,7 +153,7 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len, u32 fix) { } /* boring uncustom. */ - afl_fsrv_write_to_testcase(&afl->fsrv, mem, len); + afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len); } @@ -370,7 +376,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, /* we need a dummy run if this is LTO + cmplog */ if (unlikely(afl->shm.cmplog_mode)) { - (void)write_to_testcase(afl, use_mem, q->len, 1); + (void)write_to_testcase(afl, (void **)&use_mem, q->len, 1); fault = fuzz_run_target(afl, &afl->fsrv, use_tmout); @@ -413,7 +419,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, u64 cksum; - (void)write_to_testcase(afl, use_mem, q->len, 1); + (void)write_to_testcase(afl, (void **)&use_mem, q->len, 1); fault = fuzz_run_target(afl, &afl->fsrv, use_tmout); @@ -724,7 +730,7 @@ void sync_fuzzers(afl_state_t *afl) { /* See what happens. We rely on save_if_interesting() to catch major errors and save the test case. */ - (void)write_to_testcase(afl, mem, st.st_size, 1); + (void)write_to_testcase(afl, (void **)&mem, st.st_size, 1); fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout); @@ -967,7 +973,7 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { u8 fault; - len = write_to_testcase(afl, out_buf, len, 0); + len = write_to_testcase(afl, (void **)&out_buf, len, 0); fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout); |