diff options
| -rw-r--r-- | custom_mutators/examples/example.c | 9 | ||||
| -rw-r--r-- | custom_mutators/honggfuzz/honggfuzz.c | 8 | ||||
| -rw-r--r-- | custom_mutators/libfuzzer/libfuzzer.cpp | 8 | ||||
| -rw-r--r-- | custom_mutators/rust/custom_mutator/src/lib.rs | 6 | ||||
| -rw-r--r-- | custom_mutators/symcc/symcc.c | 8 | ||||
| -rw-r--r-- | docs/custom_mutators.md | 5 |
6 files changed, 28 insertions, 16 deletions
diff --git a/custom_mutators/examples/example.c b/custom_mutators/examples/example.c index 23add128..5c174e10 100644 --- a/custom_mutators/examples/example.c +++ b/custom_mutators/examples/example.c @@ -349,12 +349,15 @@ uint8_t afl_custom_queue_get(my_mutator_t *data, const uint8_t *filename) { * @param data pointer returned in afl_custom_init for this fuzz case * @param filename_new_queue File name of the new queue entry * @param filename_orig_queue File name of the original queue entry + * @return if the file contents was modified return 1 (True), 0 (False) + * otherwise */ -void afl_custom_queue_new_entry(my_mutator_t * data, - const uint8_t *filename_new_queue, - const uint8_t *filename_orig_queue) { +uint8_t afl_custom_queue_new_entry(my_mutator_t * data, + const uint8_t *filename_new_queue, + const uint8_t *filename_orig_queue) { /* Additional analysis on the original or new test case */ + return 0; } diff --git a/custom_mutators/honggfuzz/honggfuzz.c b/custom_mutators/honggfuzz/honggfuzz.c index b4f07258..d7b3c9c5 100644 --- a/custom_mutators/honggfuzz/honggfuzz.c +++ b/custom_mutators/honggfuzz/honggfuzz.c @@ -65,9 +65,9 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { /* When a new queue entry is added we check if there are new dictionary entries to add to honggfuzz structure */ -void afl_custom_queue_new_entry(my_mutator_t * data, - const uint8_t *filename_new_queue, - const uint8_t *filename_orig_queue) { +uint8_t afl_custom_queue_new_entry(my_mutator_t * data, + const uint8_t *filename_new_queue, + const uint8_t *filename_orig_queue) { if (run.global->mutate.dictionaryCnt >= 1024) return; @@ -97,6 +97,8 @@ void afl_custom_queue_new_entry(my_mutator_t * data, } + return 0; + } /* we could set only_printable if is_ascii is set ... let's see diff --git a/custom_mutators/libfuzzer/libfuzzer.cpp b/custom_mutators/libfuzzer/libfuzzer.cpp index dc1fbeb2..3c65ee1d 100644 --- a/custom_mutators/libfuzzer/libfuzzer.cpp +++ b/custom_mutators/libfuzzer/libfuzzer.cpp @@ -78,9 +78,9 @@ extern "C" my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { /* When a new queue entry is added we check if there are new dictionary entries to add to honggfuzz structure */ #if 0 -extern "C" void afl_custom_queue_new_entry(my_mutator_t * data, - const uint8_t *filename_new_queue, - const uint8_t *filename_orig_queue) { +extern "C" uint8_t afl_custom_queue_new_entry(my_mutator_t * data, + const uint8_t *filename_new_queue, + const uint8_t *filename_orig_queue) { while (data->extras_cnt < afl_struct->extras_cnt) { @@ -110,6 +110,8 @@ extern "C" void afl_custom_queue_new_entry(my_mutator_t * data, } + return 0; + } #endif diff --git a/custom_mutators/rust/custom_mutator/src/lib.rs b/custom_mutators/rust/custom_mutator/src/lib.rs index 9444e4d1..66559886 100644 --- a/custom_mutators/rust/custom_mutator/src/lib.rs +++ b/custom_mutators/rust/custom_mutator/src/lib.rs @@ -53,7 +53,9 @@ pub trait RawCustomMutator { 1 } - fn queue_new_entry(&mut self, filename_new_queue: &Path, _filename_orig_queue: Option<&Path>) {} + fn queue_new_entry(&mut self, filename_new_queue: &Path, _filename_orig_queue: Option<&Path>) -> bool { + false + } fn queue_get(&mut self, filename: &Path) -> bool { true @@ -246,7 +248,7 @@ pub mod wrappers { data: *mut c_void, filename_new_queue: *const c_char, filename_orig_queue: *const c_char, - ) { + ) -> bool { match catch_unwind(|| { let mut context = FFIContext::<M>::from(data); if filename_new_queue.is_null() { diff --git a/custom_mutators/symcc/symcc.c b/custom_mutators/symcc/symcc.c index a609dafb..19218449 100644 --- a/custom_mutators/symcc/symcc.c +++ b/custom_mutators/symcc/symcc.c @@ -101,9 +101,9 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { /* When a new queue entry is added we run this input with the symcc instrumented binary */ -void afl_custom_queue_new_entry(my_mutator_t * data, - const uint8_t *filename_new_queue, - const uint8_t *filename_orig_queue) { +uint8_t afl_custom_queue_new_entry(my_mutator_t * data, + const uint8_t *filename_new_queue, + const uint8_t *filename_orig_queue) { int pipefd[2]; struct stat st; @@ -232,6 +232,8 @@ void afl_custom_queue_new_entry(my_mutator_t * data, } + return 0; + } uint32_t afl_custom_fuzz_count(my_mutator_t *data, const u8 *buf, diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 129d6676..110c4758 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -47,7 +47,7 @@ int afl_custom_post_trim(void *data, unsigned char success); size_t afl_custom_havoc_mutation(void *data, unsigned char *buf, size_t buf_size, unsigned char **out_buf, size_t max_size); unsigned char afl_custom_havoc_mutation_probability(void *data); unsigned char afl_custom_queue_get(void *data, const unsigned char *filename); -void afl_custom_queue_new_entry(void *data, const unsigned char *filename_new_queue, const unsigned int *filename_orig_queue); +u8 afl_custom_queue_new_entry(void *data, const unsigned char *filename_new_queue, const unsigned int *filename_orig_queue); const char* afl_custom_introspection(my_mutator_t *data); void afl_custom_deinit(void *data); ``` @@ -88,7 +88,7 @@ def queue_get(filename): return True def queue_new_entry(filename_new_queue, filename_orig_queue): - pass + return False def introspection(): return string @@ -156,6 +156,7 @@ def deinit(): # optional for Python - `queue_new_entry` (optional): This methods is called after adding a new test case to the queue. + If the contents of the file was changed return True, False otherwise. - `introspection` (optional): |