diff options
| -rw-r--r-- | custom_mutators/gramatron/Makefile | 7 | ||||
| -rw-r--r-- | custom_mutators/gramatron/README.md (renamed from custom_mutators/grammatron/README.md) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/gramfuzz-helpers.c (renamed from custom_mutators/grammatron/gramfuzz-helpers.c) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/gramfuzz-mutators.c (renamed from custom_mutators/grammatron/gramfuzz-mutators.c) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/gramfuzz-util.c (renamed from custom_mutators/grammatron/gramfuzz-util.c) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/gramfuzz.c (renamed from custom_mutators/grammatron/gramfuzz.c) | 17 | ||||
| -rw-r--r-- | custom_mutators/gramatron/gramfuzz.h (renamed from custom_mutators/grammatron/gramfuzz.h) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/grammars/js/source.json (renamed from custom_mutators/grammatron/grammars/js/source.json) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/grammars/js/source_automata.json (renamed from custom_mutators/grammatron/grammars/js/source_automata.json) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/grammars/php/source.json (renamed from custom_mutators/grammatron/grammars/php/source.json) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/grammars/php/source_automata.json (renamed from custom_mutators/grammatron/grammars/php/source_automata.json) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/grammars/ruby/source.json (renamed from custom_mutators/grammatron/grammars/ruby/source.json) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/grammars/ruby/source_automata.json (renamed from custom_mutators/grammatron/grammars/ruby/source_automata.json) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/hashmap.c (renamed from custom_mutators/grammatron/hashmap.c) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/hashmap.h (renamed from custom_mutators/grammatron/hashmap.h) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/preprocess/construct_automata.py (renamed from custom_mutators/grammatron/preprocess/construct_automata.py) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/preprocess/gnf_converter.py (renamed from custom_mutators/grammatron/preprocess/gnf_converter.py) | 0 | ||||
| -rwxr-xr-x | custom_mutators/gramatron/preprocess/prep_automaton.sh (renamed from custom_mutators/grammatron/preprocess/prep_automaton.sh) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/test.c (renamed from custom_mutators/grammatron/test.c) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/test.h (renamed from custom_mutators/grammatron/test.h) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/utarray.h (renamed from custom_mutators/grammatron/utarray.h) | 0 | ||||
| -rw-r--r-- | custom_mutators/gramatron/uthash.h (renamed from custom_mutators/grammatron/uthash.h) | 0 | ||||
| -rw-r--r-- | custom_mutators/grammatron/Makefile | 7 | ||||
| -rw-r--r-- | include/afl-fuzz.h | 6 | ||||
| -rw-r--r-- | src/afl-fuzz-python.c | 20 | ||||
| -rw-r--r-- | src/afl-fuzz-queue.c | 22 | 
26 files changed, 58 insertions, 21 deletions
| diff --git a/custom_mutators/gramatron/Makefile b/custom_mutators/gramatron/Makefile new file mode 100644 index 00000000..d24f3dd4 --- /dev/null +++ b/custom_mutators/gramatron/Makefile @@ -0,0 +1,7 @@ +all: gramatron.so + +gramatron.so: gramfuzz.c gramfuzz.h gramfuzz-helpers.c gramfuzz-mutators.c gramfuzz-util.c hashmap.c hashmap.h test.c test.h utarray.h uthash.h + $(CC) -O3 -g -fPIC -Wno-unused-result -Wl,--allow-multiple-definition -I../../include -o gramatron.so -shared -I. -I/prg/dev/include gramfuzz.c gramfuzz-helpers.c gramfuzz-mutators.c gramfuzz-util.c hashmap.c test.c -ljson-c + +clean: + rm -f gramatron.so diff --git a/custom_mutators/grammatron/README.md b/custom_mutators/gramatron/README.md index 7f73cf2c..7f73cf2c 100644 --- a/custom_mutators/grammatron/README.md +++ b/custom_mutators/gramatron/README.md diff --git a/custom_mutators/grammatron/gramfuzz-helpers.c b/custom_mutators/gramatron/gramfuzz-helpers.c index f894c850..f894c850 100644 --- a/custom_mutators/grammatron/gramfuzz-helpers.c +++ b/custom_mutators/gramatron/gramfuzz-helpers.c diff --git a/custom_mutators/grammatron/gramfuzz-mutators.c b/custom_mutators/gramatron/gramfuzz-mutators.c index 0255e1d0..0255e1d0 100644 --- a/custom_mutators/grammatron/gramfuzz-mutators.c +++ b/custom_mutators/gramatron/gramfuzz-mutators.c diff --git a/custom_mutators/grammatron/gramfuzz-util.c b/custom_mutators/gramatron/gramfuzz-util.c index cb2e1b59..cb2e1b59 100644 --- a/custom_mutators/grammatron/gramfuzz-util.c +++ b/custom_mutators/gramatron/gramfuzz-util.c diff --git a/custom_mutators/grammatron/gramfuzz.c b/custom_mutators/gramatron/gramfuzz.c index 0d350c9f..5c96ddce 100644 --- a/custom_mutators/grammatron/gramfuzz.c +++ b/custom_mutators/gramatron/gramfuzz.c @@ -219,7 +219,7 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, data->mut_alloced = 1; free(spliceCandidate->start); free(spliceCandidate); - free(automaton_fn); + ck_free(automaton_fn); } else { // Generate an input from scratch @@ -251,9 +251,9 @@ size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, size_t buf_size, * @param filename_new_queue File name of the new queue entry * @param filename_orig_queue File name of the original queue entry */ -void afl_custom_queue_new_entry(my_mutator_t * data, - const uint8_t *filename_new_queue, - const uint8_t *filename_orig_queue) { +u8 afl_custom_queue_new_entry(my_mutator_t * data, + const uint8_t *filename_new_queue, + const uint8_t *filename_orig_queue) { // get the filename u8 * automaton_fn, *unparsed_input; @@ -270,6 +270,7 @@ void afl_custom_queue_new_entry(my_mutator_t * data, new_input = gen_input(pda, NULL); write_input(new_input, automaton_fn); + // Update the placeholder file if (unlink(filename_new_queue)) { @@ -282,15 +283,17 @@ void afl_custom_queue_new_entry(my_mutator_t * data, S_IRUSR | S_IWUSR); if (fd < 0) { PFATAL("Failed to update file '%s'", filename_new_queue); } int written = write(fd, unparsed_input, new_input->inputlen + 1); + close(fd); + free(new_input->start); free(new_input); free(unparsed_input); } - free(automaton_fn); + ck_free(automaton_fn); - return; + return 1; } @@ -388,7 +391,7 @@ uint8_t afl_custom_queue_get(my_mutator_t *data, const uint8_t *filename) { // data->getdupesret = get_dupes(data->orig_walk, &data->recurlen); - free(automaton_fn); + ck_free(automaton_fn); return 1; } diff --git a/custom_mutators/grammatron/gramfuzz.h b/custom_mutators/gramatron/gramfuzz.h index 811e0af7..811e0af7 100644 --- a/custom_mutators/grammatron/gramfuzz.h +++ b/custom_mutators/gramatron/gramfuzz.h diff --git a/custom_mutators/grammatron/grammars/js/source.json b/custom_mutators/gramatron/grammars/js/source.json index 4c1a90d3..4c1a90d3 100644 --- a/custom_mutators/grammatron/grammars/js/source.json +++ b/custom_mutators/gramatron/grammars/js/source.json diff --git a/custom_mutators/grammatron/grammars/js/source_automata.json b/custom_mutators/gramatron/grammars/js/source_automata.json index b5055919..b5055919 100644 --- a/custom_mutators/grammatron/grammars/js/source_automata.json +++ b/custom_mutators/gramatron/grammars/js/source_automata.json diff --git a/custom_mutators/grammatron/grammars/php/source.json b/custom_mutators/gramatron/grammars/php/source.json index 3b2e4895..3b2e4895 100644 --- a/custom_mutators/grammatron/grammars/php/source.json +++ b/custom_mutators/gramatron/grammars/php/source.json diff --git a/custom_mutators/grammatron/grammars/php/source_automata.json b/custom_mutators/gramatron/grammars/php/source_automata.json index 0cfd23ec..0cfd23ec 100644 --- a/custom_mutators/grammatron/grammars/php/source_automata.json +++ b/custom_mutators/gramatron/grammars/php/source_automata.json diff --git a/custom_mutators/grammatron/grammars/ruby/source.json b/custom_mutators/gramatron/grammars/ruby/source.json index df969f5f..df969f5f 100644 --- a/custom_mutators/grammatron/grammars/ruby/source.json +++ b/custom_mutators/gramatron/grammars/ruby/source.json diff --git a/custom_mutators/grammatron/grammars/ruby/source_automata.json b/custom_mutators/gramatron/grammars/ruby/source_automata.json index a1ac13e5..a1ac13e5 100644 --- a/custom_mutators/grammatron/grammars/ruby/source_automata.json +++ b/custom_mutators/gramatron/grammars/ruby/source_automata.json diff --git a/custom_mutators/grammatron/hashmap.c b/custom_mutators/gramatron/hashmap.c index 09715b87..09715b87 100644 --- a/custom_mutators/grammatron/hashmap.c +++ b/custom_mutators/gramatron/hashmap.c diff --git a/custom_mutators/grammatron/hashmap.h b/custom_mutators/gramatron/hashmap.h index bb66ad2e..bb66ad2e 100644 --- a/custom_mutators/grammatron/hashmap.h +++ b/custom_mutators/gramatron/hashmap.h diff --git a/custom_mutators/grammatron/preprocess/construct_automata.py b/custom_mutators/gramatron/preprocess/construct_automata.py index b9e84aa8..b9e84aa8 100644 --- a/custom_mutators/grammatron/preprocess/construct_automata.py +++ b/custom_mutators/gramatron/preprocess/construct_automata.py diff --git a/custom_mutators/grammatron/preprocess/gnf_converter.py b/custom_mutators/gramatron/preprocess/gnf_converter.py index 1e7c8b6c..1e7c8b6c 100644 --- a/custom_mutators/grammatron/preprocess/gnf_converter.py +++ b/custom_mutators/gramatron/preprocess/gnf_converter.py diff --git a/custom_mutators/grammatron/preprocess/prep_automaton.sh b/custom_mutators/gramatron/preprocess/prep_automaton.sh index 28d99fb0..28d99fb0 100755 --- a/custom_mutators/grammatron/preprocess/prep_automaton.sh +++ b/custom_mutators/gramatron/preprocess/prep_automaton.sh diff --git a/custom_mutators/grammatron/test.c b/custom_mutators/gramatron/test.c index 0dfbc197..0dfbc197 100644 --- a/custom_mutators/grammatron/test.c +++ b/custom_mutators/gramatron/test.c diff --git a/custom_mutators/grammatron/test.h b/custom_mutators/gramatron/test.h index 857cb5fc..857cb5fc 100644 --- a/custom_mutators/grammatron/test.h +++ b/custom_mutators/gramatron/test.h diff --git a/custom_mutators/grammatron/utarray.h b/custom_mutators/gramatron/utarray.h index 5c0d272b..5c0d272b 100644 --- a/custom_mutators/grammatron/utarray.h +++ b/custom_mutators/gramatron/utarray.h diff --git a/custom_mutators/grammatron/uthash.h b/custom_mutators/gramatron/uthash.h index 5957899a..5957899a 100644 --- a/custom_mutators/grammatron/uthash.h +++ b/custom_mutators/gramatron/uthash.h diff --git a/custom_mutators/grammatron/Makefile b/custom_mutators/grammatron/Makefile deleted file mode 100644 index 892b5c78..00000000 --- a/custom_mutators/grammatron/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -all: gramatron.so - -gramatron.so: gramfuzz.c gramfuzz.h gramfuzz-helpers.c gramfuzz-mutators.c gramfuzz-util.c hashmap.c hashmap.h test.c test.h utarray.h uthash.h - $(CC) -O3 -g -fPIC -Wl,--allow-multiple-definition -I../../include -o gramatron.so -shared -I. -I/prg/dev/include gramfuzz.c gramfuzz-helpers.c gramfuzz-mutators.c gramfuzz-util.c hashmap.c test.c - -clean: - rm -f gramatron.so diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 2e2c78ef..70d9473e 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -972,8 +972,8 @@ struct custom_mutator { * @param filename_orig_queue File name of the original queue entry. This * argument can be NULL while initializing the fuzzer */ - void (*afl_custom_queue_new_entry)(void *data, const u8 *filename_new_queue, - const u8 *filename_orig_queue); + u8 (*afl_custom_queue_new_entry)(void *data, const u8 *filename_new_queue, + const u8 *filename_orig_queue); /** * Deinitialize the custom mutator. * @@ -1021,7 +1021,7 @@ size_t havoc_mutation_py(void *, u8 *, size_t, u8 **, size_t); u8 havoc_mutation_probability_py(void *); u8 queue_get_py(void *, const u8 *); const char *introspection_py(void *); -void queue_new_entry_py(void *, const u8 *, const u8 *); +u8 queue_new_entry_py(void *, const u8 *, const u8 *); void deinit_py(void *); #endif diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 3aa97635..bb4eabcc 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -813,8 +813,8 @@ u8 queue_get_py(void *py_mutator, const u8 *filename) { } -void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, - const u8 *filename_orig_queue) { +u8 queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, + const u8 *filename_orig_queue) { PyObject *py_args, *py_value; @@ -861,7 +861,21 @@ void queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue, py_args); Py_DECREF(py_args); - if (py_value == NULL) { + if (py_value != NULL) { + + int ret = PyObject_IsTrue(py_value); + Py_DECREF(py_value); + + if (ret == -1) { + + PyErr_Print(); + FATAL("Failed to convert return value"); + + } + + return (u8)ret & 0xFF; + + } else { PyErr_Print(); FATAL("Call failed"); diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index d2689c94..48794e95 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -474,6 +474,8 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { if (afl->custom_mutators_count) { + u8 updated = 0; + LIST_FOREACH(&afl->custom_mutator_list, struct custom_mutator, { if (el->afl_custom_queue_new_entry) { @@ -487,12 +489,30 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { } - el->afl_custom_queue_new_entry(el->data, fname, fname_orig); + if (el->afl_custom_queue_new_entry(el->data, fname, fname_orig)) { + + updated = 1; + + } } }); + if (updated) { + + struct stat st; + if (stat(fname, &st)) { PFATAL("File %s is gone!", fname); } + if (!st.st_size) { + + FATAL("File %s became empty in custom mutator!", fname); + + } + + q->len = st.st_size; + + } + } /* only redqueen currently uses is_ascii */ | 
