update mutation strategy

author: vanhauser-thc <vh@thc.org> 2023-06-29 16:57:20 +0200
committer: vanhauser-thc <vh@thc.org> 2023-06-29 16:57:20 +0200
commit: 3e1d7941077b1457f702988063d6b9fdd9b80740 (patch)
tree: 6bf544caf53f4ef7f7ca8ad02c2a412150758aa9 /src
parent: 15fc47a62cd4fa47d6e2436a3830c656ffe64fc9 (diff)
download: afl++-3e1d7941077b1457f702988063d6b9fdd9b80740.tar.gz
2 files changed, 54 insertions, 28 deletions
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index c6e49653..0d3c29f2 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -2085,47 +2085,57 @@ havoc_stage:
   u32 *mutation_array;
   u32  stack_max, rand_max;  // stack_max_pow = afl->havoc_stack_pow2;
 
-  /*
+  switch (afl->input_mode) {
 
-  if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) {
+    case 1: {  // TEXT
 
-    mutation_array = full_splice_array;
-    rand_max = MUT_SPLICE_ARRAY_SIZE;
+      if (likely(afl->fuzz_mode == 0)) {  // is exploration?
+        mutation_array = (unsigned int *)&binary_array;
+        rand_max = MUT_BIN_ARRAY_SIZE;
 
-  } else {
+      } else {  // exploitation mode
 
-    mutation_array = normal_splice_array;
-    rand_max = MUT_NORMAL_ARRAY_SIZE;
+        mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
+        rand_max = MUT_STRATEGY_ARRAY_SIZE;
 
-  }
+      }
 
-  */
+      break;
 
-  if (unlikely(afl->text_input)) {  // is text?
+    }
 
-    if (likely(afl->fuzz_mode == 0)) {  // is exploration?
+    case 2: {  // BINARY
 
-      mutation_array = (unsigned int *)&text_array;
-      rand_max = MUT_TXT_ARRAY_SIZE;
+      if (likely(afl->fuzz_mode == 0)) {  // is exploration?
+        mutation_array = (unsigned int *)&mutation_strategy_exploration_binary;
+        rand_max = MUT_STRATEGY_ARRAY_SIZE;
 
-    } else {  // is exploitation!
+      } else {  // exploitation mode
 
-      mutation_array = (unsigned int *)&mutation_strategy_exploitation_text;
-      rand_max = MUT_STRATEGY_ARRAY_SIZE;
+        mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
+        rand_max = MUT_STRATEGY_ARRAY_SIZE;
+
+      }
+
+      break;
 
     }
 
-  } else {  // is binary!
+    default: {  // DEFAULT/GENERIC
 
-    if (likely(afl->fuzz_mode == 0)) {  // is exploration?
+      if (likely(afl->fuzz_mode == 0)) {  // is exploration?
+        mutation_array = (unsigned int *)&binary_array;
+        rand_max = MUT_BIN_ARRAY_SIZE;
 
-      mutation_array = (unsigned int *)&binary_array;
-      rand_max = MUT_BIN_ARRAY_SIZE;
+      } else {  // exploitation mode
 
-    } else {  // is exploitation!
+        // this will need to be changed I guess
+        mutation_array = (unsigned int *)&mutation_strategy_exploration_text;
+        rand_max = MUT_STRATEGY_ARRAY_SIZE;
+
+      }
 
-      mutation_array = (unsigned int *)&mutation_strategy_exploitation_binary;
-      rand_max = MUT_STRATEGY_ARRAY_SIZE;
+      break;
 
     }
 
diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c
index 79b05da7..ab7d6534 100644
--- a/src/afl-fuzz.c
+++ b/src/afl-fuzz.c
@@ -125,7 +125,8 @@ static void usage(u8 *argv0, int more_help) {
 
       "Required parameters:\n"
       "  -i dir        - input directory with test cases (or '-' to resume, "
-      "also see AFL_AUTORESUME)\n"
+      "also see \n"
+      "                  AFL_AUTORESUME)\n"
       "  -o dir        - output directory for fuzzer findings\n\n"
 
       "Execution control settings:\n"
@@ -164,8 +165,8 @@ static void usage(u8 *argv0, int more_help) {
       "\n"
 
       "Mutator settings:\n"
-      "  -a            - target expects ascii text input (prefer text "
-      "mutators)\n"
+      "  -a            - target input format, \"text\" or \"binary\" (default: "
+      "generic)\n"
       "  -g minlength  - set min length of generated fuzz input (default: 1)\n"
       "  -G maxlength  - set max length of generated fuzz input (default: "
       "%lu)\n"
@@ -506,13 +507,28 @@ int main(int argc, char **argv_orig, char **envp) {
 
   // still available: HjJkKqruvwz
   while ((opt = getopt(argc, argv,
-                       "+aAb:B:c:CdDe:E:f:F:g:G:hi:I:l:L:m:M:nNo:Op:P:QRs:S:t:"
+                       "+a:Ab:B:c:CdDe:E:f:F:g:G:hi:I:l:L:m:M:nNo:Op:P:QRs:S:t:"
                        "T:UV:WXx:YZ")) > 0) {
 
     switch (opt) {
 
       case 'a':
-        afl->text_input = 1;
+
+        if (!stricmp(optarg, "text") || !stricmp(optarg, "ascii") ||
+            !stricmp(optarg, "txt") || !stricmp(optarg, "asc")) {
+
+          afl->input_mode = 1;
+
+        } else if (!stricmp(optarg, "bin") || !stricmp(optarg, "binary")) {
+
+          afl->input_mode = 2;
+
+        } else {
+
+          FATAL("-a input mode needs to be \"text\" or \"binary\".");
+
+        }
+
         break;
 
       case 'P':
author	vanhauser-thc <vh@thc.org>	2023-06-29 16:57:20 +0200
committer	vanhauser-thc <vh@thc.org>	2023-06-29 16:57:20 +0200
commit	3e1d7941077b1457f702988063d6b9fdd9b80740 (patch)
tree	6bf544caf53f4ef7f7ca8ad02c2a412150758aa9 /src
parent	15fc47a62cd4fa47d6e2436a3830c656ffe64fc9 (diff)
download	afl++-3e1d7941077b1457f702988063d6b9fdd9b80740.tar.gz