Merge pull request #1610 from AFLplusplus/dev 4.05c

push to stable
author: van Hauser <vh@thc.org> 2023-01-05 13:51:20 +0100
committer: GitHub <noreply@github.com> 2023-01-05 13:51:20 +0100
commit: 3b6fcd911a860a8c823c912c4b08b423734e4cfe (patch)
tree: cc2599499e847c4ac661988d1c5fe7b35a5ef82e /utils/argv_fuzzing/argv-fuzz-inl.h
parent: 60dc37a8cf09f8e9048e4b6a2204d6c90b27655a (diff)
parent: a3b56e7280cb5b5cea21c66c40d4390db6f13b8f (diff)
download: afl++-3b6fcd911a860a8c823c912c4b08b423734e4cfe.tar.gz
1 files changed, 47 insertions, 0 deletions
diff --git a/utils/argv_fuzzing/argv-fuzz-inl.h b/utils/argv_fuzzing/argv-fuzz-inl.h
index ec22c53b..cb0af2bc 100644
--- a/utils/argv_fuzzing/argv-fuzz-inl.h
+++ b/utils/argv_fuzzing/argv-fuzz-inl.h
@@ -29,6 +29,11 @@
    If you would like to always preserve argv[0], use this instead:
    AFL_INIT_SET0("prog_name");
 
+   To enable persistent fuzzing, use the AFL_INIT_ARGV_PERSISTENT macro with
+   buf as argument, or use AFL_INIT_SET0_PERSISTENT("prog_name", buf)
+   to preserver argv[0]. buf is a pointer to a buffer containing
+   the input data for the current test case being processed defined as:
+   unsigned char *buf = __AFL_FUZZ_TESTCASE_BUF;
 */
 
 #ifndef _HAVE_ARGV_FUZZ_INL
@@ -53,6 +58,22 @@
                                  \
   } while (0)
 
+#define AFL_INIT_ARGV_PERSISTENT(persistent_buff)            \
+  do {                                                       \
+                                                             \
+    argv = afl_init_argv_persistent(&argc, persistent_buff); \
+                                                             \
+  } while (0)
+
+#define AFL_INIT_SET0_PERSISTENT(_p, persistent_buff)        \
+  do {                                                       \
+                                                             \
+    argv = afl_init_argv_persistent(&argc, persistent_buff); \
+    argv[0] = (_p);                                          \
+    if (!argc) argc = 1;                                     \
+                                                             \
+  } while (0)
+
 #define MAX_CMDLINE_LEN 100000
 #define MAX_CMDLINE_PAR 50000
 
@@ -87,6 +108,32 @@ static char **afl_init_argv(int *argc) {
 
 }
 
+static char **afl_init_argv_persistent(int           *argc,
+                                       unsigned char *persistent_buff) {
+
+  static char *ret[MAX_CMDLINE_PAR];
+
+  unsigned char *ptr = persistent_buff;
+  int            rc = 0;
+
+  while (*ptr && rc < MAX_CMDLINE_PAR) {
+
+    ret[rc] = (char *)ptr;
+    if (ret[rc][0] == 0x02 && !ret[rc][1]) ret[rc]++;
+    rc++;
+
+    while (*ptr)
+      ptr++;
+    ptr++;
+
+  }
+
+  *argc = rc;
+
+  return ret;
+
+}
+
 #undef MAX_CMDLINE_LEN
 #undef MAX_CMDLINE_PAR
author	van Hauser <vh@thc.org>	2023-01-05 13:51:20 +0100
committer	GitHub <noreply@github.com>	2023-01-05 13:51:20 +0100
commit	3b6fcd911a860a8c823c912c4b08b423734e4cfe (patch)
tree	cc2599499e847c4ac661988d1c5fe7b35a5ef82e /utils/argv_fuzzing/argv-fuzz-inl.h
parent	60dc37a8cf09f8e9048e4b6a2204d6c90b27655a (diff)
parent	a3b56e7280cb5b5cea21c66c40d4390db6f13b8f (diff)
download	afl++-3b6fcd911a860a8c823c912c4b08b423734e4cfe.tar.gz