Merge branch 'master' of https://github.com/vanhauser-thc/AFLplusplus

3 files changed, 33 insertions, 0 deletions

diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c
index 1358a1fb..01b242b8 100644
--- a/src/afl-fuzz-globals.c
+++ b/src/afl-fuzz-globals.c
@@ -259,3 +259,7 @@ PyObject *py_functions[PY_FUNC_COUNT];
 
 #endif
 
+#ifdef _AFL_DOCUMENT_MUTATIONS
+  u8 do_document;
+  u32 document_counter;
+#endif
diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c
index 59483b8f..1824f0b2 100644
--- a/src/afl-fuzz-one.c
+++ b/src/afl-fuzz-one.c
@@ -4231,6 +4231,7 @@ pacemaker_fuzzing:
 
 #define core_fuzzing(a) common_fuzzing((a), MOpt_globals_core)
 
+
 void pso_updating(void) {
 
   g_now += 1;
@@ -4310,6 +4311,22 @@ void pso_updating(void) {
 u8 fuzz_one(char** argv) {
 
   int key_val_lv = 0;
+
+#ifdef _AFL_DOCUMENT_MUTATIONS
+  if (do_document == 0) {
+    char *fn = alloc_printf("%s/mutations", out_dir);
+    if (fn) {
+      do_document = mkdir(fn, 0700); // if it exists we do not care
+      do_document = 1;
+      ck_free(fn);
+    } else
+      PFATAL("malloc()");
+  } else {
+    do_document = 2;
+    stop_soon = 2;
+  }
+#endif
+
   if (limit_time_sig == 0) {
 
     key_val_lv = fuzz_one_original(argv);
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index f2f663dc..220433fc 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -251,6 +251,18 @@ void write_to_testcase(void* mem, u32 len) {
 
   s32 fd = out_fd;
 
+#ifdef _AFL_DOCUMENT_MUTATIONS
+  s32 doc_fd;
+  char *fn = alloc_printf("%s/mutations/%09u:%s", out_dir, document_counter++, describe_op(0));
+  if (fn != NULL) {
+    if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600)) >= 0) {
+      if (write(doc_fd, mem, len) != len) PFATAL("write to mutation file failed: %s", fn);
+      close(doc_fd);
+    }
+    ck_free(fn);
+  }
+#endif
+
   if (out_file) {
 
     // unlink(out_file);                                     /* Ignore errors.