Merge pull request #1607 from ahpaleus/argv-persistent-fuzzing

Argv_fuzz feature persistent fuzzing + cleanup
author: van Hauser <vh@thc.org> 2022-12-28 17:54:32 +0100
committer: GitHub <noreply@github.com> 2022-12-28 17:54:32 +0100
commit: 31d4dc8a3879c53521563bd839b138978f5487af (patch)
tree: 0cef149d27efdaf48a320a7f0ab452912c27fa80 /utils/argv_fuzzing/argv-fuzz-inl.h
parent: e847b9948daba83257a665d936d83cfd9004e2ae (diff)
parent: 8817da8ae4038b0a155fde9e1f3ea8d4f7d8c107 (diff)
download: afl++-31d4dc8a3879c53521563bd839b138978f5487af.tar.gz
1 files changed, 47 insertions, 0 deletions
diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h
index ec22c53b..cb0af2bc 100644
--- a/utils/argv_fuzzing/argv-fuzz-inl.h
+++ b/utils/argv_fuzzing/argv-fuzz-inl.h
@@ -29,6 +29,11 @@
    If you would like to always preserve argv[0], use this instead:
    AFL_INIT_SET0("prog_name");
 
+   To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with
+   buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf)
+   to preserver argv[0]. buf is a pointer to a buffer containing
+   the input data for the current test case being processed defined as:
+   unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
 */
 
 #ifndef _HAVE_ARGV_FUZZ_INL
@@ -53,6 +58,22 @@
                                  \
   } while (0)
 
+#define AFL_INIT_ARGV_PERSISTENT(persistent_buff)            \
+  do {                                                       \
+                                                             \
+    argv = afl_init_argv_persistent(&argc, persistent_buff); \
+                                                             \
+  } while (0)
+
+#define AFL_INIT_SET0_PERSISTENT(_p, persistent_buff)        \
+  do {                                                       \
+                                                             \
+    argv = afl_init_argv_persistent(&argc, persistent_buff); \
+    argv[0] = (_p);                                          \
+    if (!argc) argc = 1;                                     \
+                                                             \
+  } while (0)
+
 #define MAX_CMDLINE_LEN 100000
 #define MAX_CMDLINE_PAR 50000
 
@@ -87,6 +108,32 @@ static char **afl_init_argv(int *argc) {
 
 }
 
+static char **afl_init_argv_persistent(int           *argc,
+                                       unsigned char *persistent_buff) {
+
+  static char *ret[MAX_CMDLINE_PAR];
+
+  unsigned char *ptr = persistent_buff;
+  int            rc = 0;
+
+  while (*ptr && rc < MAX_CMDLINE_PAR) {
+
+    ret[rc] = (char *)ptr;
+    if (ret[rc][0] == 0x02 && !ret[rc][1]) ret[rc]++;
+    rc++;
+
+    while (*ptr)
+      ptr++;
+    ptr++;
+
+  }
+
+  *argc = rc;
+
+  return ret;
+
+}
+
 #undef MAX_CMDLINE_LEN
 #undef MAX_CMDLINE_PAR
author	van Hauser <vh@thc.org>	2022-12-28 17:54:32 +0100
committer	GitHub <noreply@github.com>	2022-12-28 17:54:32 +0100
commit	31d4dc8a3879c53521563bd839b138978f5487af (patch)
tree	0cef149d27efdaf48a320a7f0ab452912c27fa80 /utils/argv_fuzzing/argv-fuzz-inl.h
parent	e847b9948daba83257a665d936d83cfd9004e2ae (diff)
parent	8817da8ae4038b0a155fde9e1f3ea8d4f7d8c107 (diff)
download	afl++-31d4dc8a3879c53521563bd839b138978f5487af.tar.gz