diff options
| author | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-21 16:50:06 +0100 |
|---|---|---|
| committer | Andrea Fioraldi <andreafioraldi@gmail.com> | 2020-02-21 16:50:06 +0100 |
| commit | 7323833888142d0e6357f22d7e1b6450cd062579 (patch) | |
| tree | 064f16e477f305bf73ebb00586f9d552ee0f2072 /src | |
| parent | 8904200d4825021324569f816ce728d122dc77d3 (diff) | |
| download | afl++-7323833888142d0e6357f22d7e1b6450cd062579.tar.gz | |
block the usage of mopt with optionals mutators (redqueen/radamsa/etc...)
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-forkserver.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-python.c | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-redqueen.c | 39 | ||||
| -rw-r--r-- | src/afl-fuzz.c | 12 | ||||
| -rw-r--r-- | src/afl-showmap.c | 2 |
6 files changed, 47 insertions, 24 deletions
diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 57d46391..ce809532 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -154,8 +154,7 @@ void init_forkserver(char **argv) { int status; s32 rlen; - if (!getenv("AFL_QUIET")) - ACTF("Spinning up the fork server..."); + if (!getenv("AFL_QUIET")) ACTF("Spinning up the fork server..."); if (pipe(st_pipe) || pipe(ctl_pipe)) PFATAL("pipe() failed"); @@ -312,8 +311,7 @@ void init_forkserver(char **argv) { if (rlen == 4) { - if (!getenv("AFL_QUIET")) - OKF("All right - fork server is up."); + if (!getenv("AFL_QUIET")) OKF("All right - fork server is up."); return; } diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 2176c5cf..93ecfe99 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -303,6 +303,12 @@ void setup_custom_mutator(void) { if (!fn) return; + if (limit_time_sig) + FATAL( + "MOpt and custom mutator are mutually exclusive. We accept pull " + "requests that integrates MOpt with the optional mutators " + "(custom/radamsa/redquenn/...)."); + ACTF("Loading custom mutator library from '%s'...", fn); dh = dlopen(fn, RTLD_NOW); diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index f06c8e25..42286527 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -35,6 +35,12 @@ int init_py() { if (module_name) { + if (limit_time_sig) + FATAL( + "MOpt and Python mutator are mutually exclusive. We accept pull " + "requests that integrates MOpt with the optional mutators " + "(custom/radamsa/redquenn/...)."); + #if PY_MAJOR_VERSION >= 3 PyObject* py_name = PyUnicode_FromString(module_name); #else diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index b09a977f..a335656b 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -145,9 +145,8 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) { --stage_cur; } - - if (stage_cur) - queue_cur->fully_colorized = 1; + + if (stage_cur) queue_cur->fully_colorized = 1; new_hit_cnt = queued_paths + unique_crashes; stage_finds[STAGE_COLORIZATION] += new_hit_cnt - orig_hit_cnt; @@ -418,22 +417,21 @@ u8 rtn_extend_encoding(struct cmp_header* h, u8* pattern, u8* repl, u32 idx, u32 i; u32 its_len = MIN(32, len - idx); - + u8 save[32]; memcpy(save, &buf[idx], its_len); *status = 0; for (i = 0; i < its_len; ++i) { - - if (pattern[idx + i] != orig_buf[idx + i] || *status == 1) - break; - - buf[idx +i] = repl[idx + i]; + + if (pattern[idx + i] != orig_buf[idx + i] || *status == 1) break; + + buf[idx + i] = repl[idx + i]; if (unlikely(its_fuzz(buf, len, status))) return 1; - + } - + memcpy(&buf[idx], save, i); return 0; @@ -457,7 +455,8 @@ u8 rtn_fuzz(u32 key, u8* orig_buf, u8* buf, u32 len) { // opt not in the paper for (j = 0; j < i; ++j) - if (!memcmp(&((struct cmpfn_operands*)cmp_map->log[key])[j], o, sizeof(struct cmpfn_operands))) + if (!memcmp(&((struct cmpfn_operands*)cmp_map->log[key])[j], o, + sizeof(struct cmpfn_operands))) goto rtn_fuzz_next_iter; for (idx = 0; idx < len && fails < 8; ++idx) { @@ -532,17 +531,19 @@ u8 input_to_state_stage(char** argv, u8* orig_buf, u8* buf, u32 len, stage_max += MIN(cmp_map->headers[k].hits, CMP_MAP_RTN_H); } - + for (k = 0; k < CMP_MAP_W; ++k) { if (!cmp_map->headers[k].hits) continue; - + if (cmp_map->headers[k].type == CMP_TYPE_INS) { - if (unlikely(cmp_fuzz(k, orig_buf, buf, len))) - goto exit_its; + + if (unlikely(cmp_fuzz(k, orig_buf, buf, len))) goto exit_its; + } else { - if (unlikely(rtn_fuzz(k, orig_buf, buf, len))) - goto exit_its; + + if (unlikely(rtn_fuzz(k, orig_buf, buf, len))) goto exit_its; + } } @@ -551,7 +552,7 @@ u8 input_to_state_stage(char** argv, u8* orig_buf, u8* buf, u32 len, exit_its: memcpy(orig_buf, buf, len); - + new_hit_cnt = queued_paths + unique_crashes; stage_finds[STAGE_ITS] += new_hit_cnt - orig_hit_cnt; stage_cycles[STAGE_ITS] += total_execs - orig_execs; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a9a6db97..5fa737d7 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -624,6 +624,12 @@ int main(int argc, char** argv, char** envp) { if (use_radamsa) { + if (limit_time_sig) + FATAL( + "MOpt and Radamsa are mutually exclusive. We accept pull requests " + "that integrates MOpt with the optional mutators " + "(custom/radamsa/redquenn/...)."); + OKF("Using Radamsa add-on"); u8* libradamsa_path = get_libradamsa_path(argv[0]); @@ -892,6 +898,12 @@ int main(int argc, char** argv, char** envp) { if (cmplog_binary) { + if (limit_time_sig) + FATAL( + "MOpt and CmpLog are mutually exclusive. We accept pull requests " + "that integrates MOpt with the optional mutators " + "(custom/radamsa/redquenn/...)."); + if (unicorn_mode) FATAL("CmpLog and Unicorn mode are not compatible at the moment, sorry"); if (!qemu_mode) check_binary(cmplog_binary); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index cd4f2b7b..5ea164f8 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -80,7 +80,7 @@ u8 *out_file, /* Trace output file */ *stdin_file, /* stdin file */ *in_dir, /* input folder */ *doc_path, /* Path to docs */ - *at_file = NULL; /* Substitution string for @@ */ + *at_file = NULL; /* Substitution string for @@ */ static u8* in_data; /* Input data */ |