diff options
| author | vanhauser-thc <vh@thc.org> | 2022-02-05 08:27:17 +0100 |
|---|---|---|
| committer | vanhauser-thc <vh@thc.org> | 2022-02-05 08:27:17 +0100 |
| commit | d5b9cd4b73253c2fbbc7da88015ae0eac303eb32 (patch) | |
| tree | 987c3ab057607e26bba6fbd7309f894d6107b07d /src/afl-fuzz.c | |
| parent | ce5032cc2949366260db12a7d52699b23ff9cda4 (diff) | |
| download | afl++-d5b9cd4b73253c2fbbc7da88015ae0eac303eb32.tar.gz | |
add afl-fuzz -y fuzz length support
Diffstat (limited to 'src/afl-fuzz.c')
| -rw-r--r-- | src/afl-fuzz.c | 42 |
1 files changed, 40 insertions, 2 deletions
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 7a74fc7e..6ca9be33 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -155,6 +155,9 @@ static void usage(u8 *argv0, int more_help) { "\n" "Mutator settings:\n" + " -y [min-]max - set minimum and maximum length of generated fuzzing " + "input.\n" + " default: 1-%lu\n" " -D - enable deterministic fuzzing (once per queue entry)\n" " -L minutes - use MOpt(imize) mode and set the time limit for " "entering the\n" @@ -204,7 +207,7 @@ static void usage(u8 *argv0, int more_help) { "(0-...)\n" " -e ext - file extension for the fuzz test input file (if " "needed)\n\n", - argv0, EXEC_TIMEOUT, MEM_LIMIT, FOREIGN_SYNCS_MAX); + argv0, EXEC_TIMEOUT, MEM_LIMIT, MAX_FILE, FOREIGN_SYNCS_MAX); if (more_help > 1) { @@ -529,11 +532,36 @@ int main(int argc, char **argv_orig, char **envp) { while ((opt = getopt( argc, argv, - "+Ab:B:c:CdDe:E:hi:I:f:F:l:L:m:M:nNOXYo:p:RQs:S:t:T:UV:Wx:Z")) > + "+Ab:B:c:CdDe:E:hi:I:f:F:l:L:m:M:nNOo:p:RQs:S:t:T:UV:WXx:Yy:Z")) > 0) { switch (opt) { + case 'y': { + + u8 *sep; + if (!(sep = strchr(optarg, '-')) && !(sep = strchr(optarg, ':'))) { + + afl->max_length = atoi(optarg); + + } else { + + afl->min_length = atoi(optarg); + afl->max_length = atoi(sep + 1); + + } + + if (afl->min_length < 1 || afl->max_length > MAX_FILE || + afl->min_length > afl->max_length) { + + FATAL("Illegal min/max length values: %s", optarg); + + } + + break; + + } + case 'Z': afl->old_seed_selection = 1; break; @@ -1622,6 +1650,16 @@ int main(int argc, char **argv_orig, char **envp) { } + OKF("Generating fuzz data with a a length of min=%u max=%u", afl->min_length, + afl->max_length); + u32 min_alloc = MAX(64U, afl->min_length); + afl_realloc(AFL_BUF_PARAM(in_scratch), min_alloc); + afl_realloc(AFL_BUF_PARAM(in), min_alloc); + afl_realloc(AFL_BUF_PARAM(out_scratch), min_alloc); + afl_realloc(AFL_BUF_PARAM(out), min_alloc); + afl_realloc(AFL_BUF_PARAM(eff), min_alloc); + afl_realloc(AFL_BUF_PARAM(ex), min_alloc); + afl->fsrv.use_fauxsrv = afl->non_instrumented_mode == 1 || afl->no_forkserver; #ifdef __linux__ |