9 files changed, 192 insertions, 20 deletions

diff --git a/.gitmodules b/.gitmodules
index 7c7613ac..c787ec0e 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,9 +1,8 @@
 [submodule "unicorn_mode/unicornafl"]
 	path = unicorn_mode/unicornafl
 	url = https://github.com/AFLplusplus/unicornafl
-
-[submodule "custom_mutators/Grammar-Mutator"]
-	path = custom_mutators/Grammar-Mutator
+[submodule "custom_mutators/grammar_mutator"]
+	path = custom_mutators/grammar_mutator/grammar_mutator
 	url = https://github.com/AFLplusplus/Grammar-Mutator
 [submodule "qemu_mode/qemuafl"]
 	path = qemu_mode/qemuafl
diff --git a/custom_mutators/README.md b/custom_mutators/README.md
index 0cf52746..b0444c85 100644
--- a/custom_mutators/README.md
+++ b/custom_mutators/README.md
@@ -7,15 +7,13 @@ For further information and documentation on how to write your own, read [the do
 
 If you use git to clone afl++, then the following will incorporate our
 excellent grammar custom mutator:
-```
-git submodule init
-git submodule update
+```sh
+git submodule update --init
 ```
 
-otherwise just use the script: `grammar_mutator/build_grammar_mutator.sh`
+Read the README in the [Grammar-Mutator] repository on how to use it.
 
-Read the [Grammar-Mutator/README.md](Grammar-Mutator/README.md) on how to use
-it.
+[Grammar-Mutator]: https://github.com/AFLplusplus/Grammar-Mutator
 
 ## Production-Ready Custom Mutators
 
diff --git a/custom_mutators/grammar_mutator/GRAMMAR_VERSION b/custom_mutators/grammar_mutator/GRAMMAR_VERSION
new file mode 100644
index 00000000..a3fe6bb1
--- /dev/null
+++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION
@@ -0,0 +1 @@
+b3c4fcf
diff --git a/custom_mutators/grammar_mutator/build_grammar_mutator.sh b/custom_mutators/grammar_mutator/build_grammar_mutator.sh
index f3f5e164..b097ebd3 100755..100644
--- a/custom_mutators/grammar_mutator/build_grammar_mutator.sh
+++ b/custom_mutators/grammar_mutator/build_grammar_mutator.sh
@@ -1,17 +1,141 @@
 #!/bin/sh
+#
+# american fuzzy lop++ - unicorn mode build script
+# ------------------------------------------------
+#
+# Originally written by Nathan Voss <njvoss99@gmail.com>
+#
+# Adapted from code by Andrew Griffiths <agriffiths@google.com> and
+#                      Michal Zalewski
+#
+# Adapted for AFLplusplus by Dominik Maier <mail@dmnk.co>
+#
+# CompareCoverage and NeverZero counters by Andrea Fioraldi
+#                                <andreafioraldi@gmail.com>
+#
+# Copyright 2017 Battelle Memorial Institute. All rights reserved.
+# Copyright 2019-2020 AFLplusplus Project. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at:
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# This script downloads, patches, and builds a version of Unicorn with
+# minor tweaks to allow Unicorn-emulated binaries to be run under
+# afl-fuzz.
+#
+# The modifications reside in patches/*. The standalone Unicorn library
+# will be written to /usr/lib/libunicornafl.so, and the Python bindings
+# will be installed system-wide.
+#
+# You must make sure that Unicorn Engine is not already installed before
+# running this script. If it is, please uninstall it first.
 
-test -d Grammar-Mutator || git clone --depth=1 https://github.com/AFLplusplus/Grammar-Mutator
+GRAMMAR_VERSION="$(cat ./GRAMMAR_VERSION)"
+GRAMMAR_REPO="https://github.com/AFLplusplus/grammar-mutator"
 
-cd Grammar-Mutator || exit 1
-git stash ; git pull
+echo "================================================="
+echo "Grammar Mutator build script"
+echo "================================================="
+echo
+
+echo "[*] Performing basic sanity checks..."
+
+PLT=`uname -s`
+
+if [ ! -f "../../config.h" ]; then
+
+  echo "[-] Error: key files not found - wrong working directory?"
+  exit 1
+
+fi
+
+PYTHONBIN=`command -v python3 || command -v python || command -v python2 || echo python3`
+MAKECMD=make
+TARCMD=tar
+
+if [ "$PLT" = "Darwin" ]; then
+  CORES=`sysctl -n hw.ncpu`
+  TARCMD=tar
+fi
+
+if [ "$PLT" = "FreeBSD" ]; then
+  MAKECMD=gmake
+  CORES=`sysctl -n hw.ncpu`
+  TARCMD=gtar
+fi
+
+if [ "$PLT" = "NetBSD" ] || [ "$PLT" = "OpenBSD" ]; then
+  MAKECMD=gmake
+  CORES=`sysctl -n hw.ncpu`
+  TARCMD=gtar
+fi
+
+PREREQ_NOTFOUND=
+for i in git $MAKECMD $TARCMD; do
+
+  T=`command -v "$i" 2>/dev/null`
+
+  if [ "$T" = "" ]; then
+
+    echo "[-] Error: '$i' not found. Run 'sudo apt-get install $i' or similar."
+    PREREQ_NOTFOUND=1
+
+  fi
+
+done
+
+if echo "$CC" | grep -qF /afl-; then
+
+  echo "[-] Error: do not use afl-gcc or afl-clang to compile this tool."
+  PREREQ_NOTFOUND=1
+
+fi
+
+if [ "$PREREQ_NOTFOUND" = "1" ]; then
+  exit 1
+fi
+
+echo "[+] All checks passed!"
+
+echo "[*] Making sure grammar mutator is checked out"
+
+git status 1>/dev/null 2>/dev/null
+if [ $? -eq 0 ]; then
+  echo "[*] initializing grammar mutator submodule"
+  git submodule init || exit 1
+  git submodule update ./grammar_mutator 2>/dev/null # ignore errors
+else
+  echo "[*] cloning grammar mutator"
+  test -d grammar_mutator || {
+    CNT=1
+    while [ '!' -d grammar_mutator -a "$CNT" -lt 4 ]; do
+      echo "Trying to clone grammar_mutator (attempt $CNT/3)"
+      git clone --depth=1 "$GRAMMAR_REPO" 
+      CNT=`expr "$CNT" + 1`
+    done
+  }
+fi
+
+test -d grammar_mutator || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; }
+echo "[+] Got grammar mutator."
+
+cd "grammar_mutator" || exit 1
+echo "[*] Checking out $GRAMMAR_VERSION"
+sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null
+git checkout "$GRAMMAR_VERSION" || exit 1
+cd ..
 
+echo "[*] Downloading antlr..."
 wget -c https://www.antlr.org/download/antlr-4.8-complete.jar
 
 echo
 echo
-echo "All successfully prepared!"
-echo "To build for your grammar just do:"
-echo "  cd Grammar_Mutator"
-echo "  make GRAMMAR_FILE=/path/to/your/grammar"
-echo "You will find a JSON and RUBY grammar in Grammar_Mutator/grammars to play with."
+echo "[+] All successfully prepared!"
+echo "[!] To build for your grammar just do:"
+echo "    `cd grammar_mutator`"
+echo "    `make GRAMMAR_FILE=/path/to/your/grammar`"
+echo "[+] You will find a JSON and RUBY grammar in grammar_mutator/grammars to play with."
 echo
diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator
new file mode 160000
+Subproject b3c4fcfa6ae28918bc410f7747135eafd4fb726
diff --git a/custom_mutators/grammar_mutator/update_grammar_ref.sh b/custom_mutators/grammar_mutator/update_grammar_ref.sh
new file mode 100644
index 00000000..478a73a8
--- /dev/null
+++ b/custom_mutators/grammar_mutator/update_grammar_ref.sh
@@ -0,0 +1,50 @@
+#/bin/sh
+
+##################################################
+# AFL++ tool to update a git ref.
+# Usage: ./<script>.sh <new commit hash>
+# If no commit hash was provided, it'll take HEAD.
+##################################################
+
+TOOL="grammar mutator"
+VERSION_FILE='./GRAMMAR_VERSION'
+REPO_FOLDER='./grammar_mutator'
+THIS_SCRIPT=`basename $0`
+BRANCH="stable"
+
+NEW_VERSION="$1"
+
+if [ "$NEW_VERSION" = "-h" ]; then
+  echo "Internal script to update bound $TOOL version."
+  echo
+  echo "Usage: $THIS_SCRIPT <new commit hash>"
+  echo "If no commit hash is provided, will use HEAD."
+  echo "-h to show this help screen."
+  exit 1
+fi
+
+git submodule init && git submodule update ./grammar_mutator || exit 1
+cd "$REPO_FOLDER" || exit 1
+git fetch origin $BRANCH 1>/dev/null || exit 1
+git stash 1>/dev/null 2>/dev/null
+git stash drop 1>/dev/null 2>/dev/null
+git checkout $BRANCH
+
+if [ -z "$NEW_VERSION" ]; then
+  # No version provided, take HEAD.
+  NEW_VERSION=$(git rev-parse --short HEAD)
+fi
+
+if [ -z "$NEW_VERSION" ]; then
+  echo "Error getting version."
+  exit 1
+fi
+
+git checkout "$NEW_VERSION" || exit 1
+
+cd ..
+
+rm "$VERSION_FILE"
+echo "$NEW_VERSION" > "$VERSION_FILE"
+
+echo "Done. New $TOOL version is $NEW_VERSION."
diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh
index 683026bb..c24cc995 100755
--- a/qemu_mode/build_qemu_support.sh
+++ b/qemu_mode/build_qemu_support.sh
@@ -114,7 +114,7 @@ git status 1>/dev/null 2>/dev/null
 if [ $? -eq 0 ]; then
   echo "[*] initializing qemuafl submodule"
   git submodule init || exit 1
-  git submodule update 2>/dev/null # ignore errors
+  git submodule update ./qemuafl 2>/dev/null # ignore errors
 else
   echo "[*] cloning qemuafl"
   test -d qemuafl || {
diff --git a/unicorn_mode/build_unicorn_support.sh b/unicorn_mode/build_unicorn_support.sh
index f1306a06..b59786b6 100755
--- a/unicorn_mode/build_unicorn_support.sh
+++ b/unicorn_mode/build_unicorn_support.sh
@@ -156,7 +156,7 @@ else
     CNT=1
     while [ '!' -d unicornafl -a "$CNT" -lt 4 ]; do
       echo "Trying to clone unicornafl (attempt $CNT/3)"
-      git clone https://github.com/AFLplusplus/unicornafl
+      git clone --depth=1 https://github.com/AFLplusplus/unicornafl
       CNT=`expr "$CNT" + 1`
     done
   }
diff --git a/utils/aflpp_driver/aflpp_qemu_driver.c b/utils/aflpp_driver/aflpp_qemu_driver.c
index 4f3e5f71..cb3b86d0 100644
--- a/utils/aflpp_driver/aflpp_qemu_driver.c
+++ b/utils/aflpp_driver/aflpp_qemu_driver.c
@@ -6,7 +6,7 @@
 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
 __attribute__((weak)) int LLVMFuzzerInitialize(int *argc, char ***argv);
 
-static const size_t kMaxAflInputSize = 1 * 1024 * 1024;
+#define kMaxAflInputSize (1 * 1024 * 1024);
 static uint8_t      AflInputBuf[kMaxAflInputSize];
 
 void __attribute__((noinline)) afl_qemu_driver_stdin_input(void) {