post_process 0/NULL return support

author: vanhauser-thc <vh@thc.org> 2022-07-19 12:24:03 +0200
committer: vanhauser-thc <vh@thc.org> 2022-07-19 12:24:03 +0200
commit: ca4a8c0f920f83c86aeb599b94b50fce2af68389 (patch)
tree: 0c59bc591d0c8991775c0db8655e4b9c5321b666 /src
parent: b847e0f414e7b310e1a68bc501d4e2453bfce70e (diff)
download: afl++-ca4a8c0f920f83c86aeb599b94b50fce2af68389.tar.gz
5 files changed, 75 insertions, 15 deletions
diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c
index 089f7bb5..b3a10bb7 100644
--- a/src/afl-fuzz-bitmap.c
+++ b/src/afl-fuzz-bitmap.c
@@ -647,8 +647,19 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) {
 
       if (afl->fsrv.exec_tmout < afl->hang_tmout) {
 
-        u8 new_fault;
-        len = write_to_testcase(afl, &mem, len, 0);
+        u8  new_fault;
+        u32 tmp_len = write_to_testcase(afl, &mem, len, 0);
+
+        if (likely(tmp_len)) {
+
+          len = tmp_len;
+
+        } else {
+
+          len = write_to_testcase(afl, &mem, len, 1);
+
+        }
+
         new_fault = fuzz_run_target(afl, &afl->fsrv, afl->hang_tmout);
         classify_counts(&afl->fsrv);
 
diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c
index 258d9ea7..d0c829e2 100644
--- a/src/afl-fuzz-cmplog.c
+++ b/src/afl-fuzz-cmplog.c
@@ -47,9 +47,18 @@ void cmplog_exec_child(afl_forkserver_t *fsrv, char **argv) {
 
 u8 common_fuzz_cmplog_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
 
-  u8 fault;
+  u8  fault;
+  u32 tmp_len = write_to_testcase(afl, (void **)&out_buf, len, 0);
 
-  write_to_testcase(afl, (void **)&out_buf, len, 0);
+  if (likely(tmp_len)) {
+
+    len = tmp_len;
+
+  } else {
+
+    len = write_to_testcase(afl, (void **)&out_buf, len, 1);
+
+  }
 
   fault = fuzz_run_target(afl, &afl->cmplog_fsrv, afl->fsrv.exec_tmout);
 
diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c
index dd97a7d3..b9daebfa 100644
--- a/src/afl-fuzz-mutators.c
+++ b/src/afl-fuzz-mutators.c
@@ -430,13 +430,21 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf,
 
       retlen = write_to_testcase(afl, (void **)&retbuf, retlen, 0);
 
-      fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout);
-      ++afl->trim_execs;
+      if (unlikely(!retlen)) {
+
+        ++afl->trim_execs;
+
+      } else {
 
-      if (afl->stop_soon || fault == FSRV_RUN_ERROR) { goto abort_trimming; }
+        fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout);
+        ++afl->trim_execs;
 
-      classify_counts(&afl->fsrv);
-      cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
+        if (afl->stop_soon || fault == FSRV_RUN_ERROR) { goto abort_trimming; }
+
+        classify_counts(&afl->fsrv);
+        cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST);
+
+      }
 
     }
 
diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c
index a3d864c3..a43d80bb 100644
--- a/src/afl-fuzz-python.c
+++ b/src/afl-fuzz-python.c
@@ -535,7 +535,16 @@ size_t post_process_py(void *py_mutator, u8 *buf, size_t buf_size,
 
     Py_DECREF(py_value);
 
-    *out_buf = (u8 *)py->post_process_buf.buf;
+    if (unlikely(py->post_process_buf.len == 0)) {
+
+      *out_buf = NULL;
+
+    } else {
+
+      *out_buf = (u8 *)py->post_process_buf.buf;
+
+    }
+
     return py->post_process_buf.len;
 
   } else {
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index 0f3be1a7..b97a8e6a 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -109,17 +109,36 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
 
         if (unlikely(!new_buf && new_size <= 0)) {
 
-          FATAL("Custom_post_process failed (ret: %lu)",
-                (long unsigned)new_size);
+          new_size = 0;
+          new_buf = new_mem;
+          // FATAL("Custom_post_process failed (ret: %lu)", (long
+          // unsigned)new_size);
 
-        }
+        } else {
 
-        new_mem = new_buf;
+          new_mem = new_buf;
+
+        }
 
       }
 
     });
 
+    if (unlikely(!new_size)) {
+
+      // perform dummy runs (fix = 1), but skip all others
+      if (fix) {
+
+        new_size = len;
+
+      } else {
+
+        return 0;
+
+      }
+
+    }
+
     if (unlikely(new_size < afl->min_length && !fix)) {
 
       new_size = afl->min_length;
@@ -969,7 +988,11 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) {
 
   u8 fault;
 
-  len = write_to_testcase(afl, (void **)&out_buf, len, 0);
+  if (unlikely(len = write_to_testcase(afl, (void **)&out_buf, len, 0) == 0)) {
+
+    return 0;
+
+  }
 
   fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout);
author	vanhauser-thc <vh@thc.org>	2022-07-19 12:24:03 +0200
committer	vanhauser-thc <vh@thc.org>	2022-07-19 12:24:03 +0200
commit	ca4a8c0f920f83c86aeb599b94b50fce2af68389 (patch)
tree	0c59bc591d0c8991775c0db8655e4b9c5321b666 /src
parent	b847e0f414e7b310e1a68bc501d4e2453bfce70e (diff)
download	afl++-ca4a8c0f920f83c86aeb599b94b50fce2af68389.tar.gz