about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/afl-fuzz-run.c12
-rwxr-xr-xtest/test-custom-mutators.sh144
2 files changed, 82 insertions, 74 deletions
diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c
index a680228d..7f9c3bf3 100644
--- a/src/afl-fuzz-run.c
+++ b/src/afl-fuzz-run.c
@@ -76,6 +76,8 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) {
 u32 __attribute__((hot))
 write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
 
+  u8 sent = 0;
+
   if (unlikely(afl->custom_mutators_count)) {
 
     ssize_t new_size = len;
@@ -140,12 +142,15 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
         if (el->afl_custom_fuzz_send) {
 
           el->afl_custom_fuzz_send(el->data, *mem, new_size);
+          sent = 1;
 
         }
 
       });
 
-    } else {
+    }
+
+    if (likely(!sent)) {
 
       /* everything as planned. use the potentially new data. */
       afl_fsrv_write_to_testcase(&afl->fsrv, *mem, new_size);
@@ -172,12 +177,15 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) {
         if (el->afl_custom_fuzz_send) {
 
           el->afl_custom_fuzz_send(el->data, *mem, len);
+          sent = 1;
 
         }
 
       });
 
-    } else {
+    }
+
+    if (likely(!sent)) {
 
       /* boring uncustom. */
       afl_fsrv_write_to_testcase(&afl->fsrv, *mem, len);
diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh
index 5d679a82..a4347068 100755
--- a/test/test-custom-mutators.sh
+++ b/test/test-custom-mutators.sh
@@ -3,78 +3,86 @@
 . ./test-pre.sh
 
 $ECHO "$BLUE[*] Testing: custom mutator"
-test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && {
-  # normalize path
-  CUSTOM_MUTATOR_PATH=$(cd $(pwd)/../custom_mutators/examples;pwd)
-  test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUSTOM_MUTATOR_PATH}/example.py && {
-    unset AFL_CC
-    # Compile the vulnerable program for single mutator
-    test -e ../afl-clang-fast && {
-      ../afl-clang-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
+# normalize path
+CUSTOM_MUTATOR_PATH=$(cd $(pwd)/../custom_mutators/examples;pwd)
+test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUSTOM_MUTATOR_PATH}/example.py && {
+  unset AFL_CC
+  # Compile the vulnerable program for single mutator
+  test -e ../afl-clang-fast && {
+    ../afl-clang-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
+  } || {
+    test -e ../afl-gcc-fast && {
+      ../afl-gcc-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
     } || {
-      test -e ../afl-gcc-fast && {
-        ../afl-gcc-fast -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
-      } || {
-        ../afl-gcc -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
-      }
+      ../afl-gcc -o test-custom-mutator test-custom-mutator.c > /dev/null 2>&1
     }
-    # Compile the vulnerable program for multiple mutators
-    test -e ../afl-clang-fast && {
-      ../afl-clang-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
+  }
+  # Compile the vulnerable program for multiple mutators
+  test -e ../afl-clang-fast && {
+    ../afl-clang-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
+  } || {
+    test -e ../afl-gcc-fast && {
+      ../afl-gcc-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
     } || {
-      test -e ../afl-gcc-fast && {
-        ../afl-gcc-fast -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
-      } || {
-        ../afl-gcc -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
-      }
+      ../afl-gcc -o test-multiple-mutators test-multiple-mutators.c > /dev/null 2>&1
     }
-    # Compile the custom mutator
-    cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator.so > /dev/null 2>&1
-    cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1
-    test -e test-custom-mutator -a -e ./libexamplemutator.so && {
-      # Create input directory
-      mkdir -p in
-      echo "00000" > in/in
+  }
+  # Compile the custom mutator
+  cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator.so > /dev/null 2>&1
+  cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1
+  test -e test-custom-mutator -a -e ./libexamplemutator.so && {
+    # Create input directory
+    mkdir -p in
+    echo "00000" > in/in
 
-      # Run afl-fuzz w/ the C mutator
-      $ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds"
-      {
-        AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1
-      } >>errors 2>&1
+    # Run afl-fuzz w/ the C mutator
+    $ECHO "$GREY[*] running afl-fuzz for the C mutator, this will take approx 10 seconds"
+    {
+      AFL_CUSTOM_MUTATOR_LIBRARY=./libexamplemutator.so AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-custom-mutator >>errors 2>&1
+    } >>errors 2>&1
 
-      # Check results
-      test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && {  # TODO: update here
-        $ECHO "$GREEN[+] afl-fuzz is working correctly with the C mutator"
-      } || {
-        echo CUT------------------------------------------------------------------CUT
-        cat errors
-        echo CUT------------------------------------------------------------------CUT
-        $ECHO "$RED[!] afl-fuzz is not working correctly with the C mutator"
-        CODE=1
-      }
+    # Check results
+    test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && {  # TODO: update here
+      $ECHO "$GREEN[+] afl-fuzz is working correctly with the C mutator"
+    } || {
+      echo CUT------------------------------------------------------------------CUT
+      cat errors
+      echo CUT------------------------------------------------------------------CUT
+      $ECHO "$RED[!] afl-fuzz is not working correctly with the C mutator"
+      CODE=1
+    }
 
-      # Clean
-      rm -rf out errors core.*
+    # Clean
+    rm -rf out errors core.*
 
-      # Run afl-fuzz w/ multiple C mutators
-      $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 10 seconds"
-      {
-        AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1
-      } >>errors 2>&1
+    # Run afl-fuzz w/ multiple C mutators
+    $ECHO "$GREY[*] running afl-fuzz with multiple custom C mutators, this will take approx 10 seconds"
+    {
+      AFL_CUSTOM_MUTATOR_LIBRARY="./libexamplemutator.so;./libexamplemutator2.so" AFL_CUSTOM_MUTATOR_ONLY=1 ../afl-fuzz -V10 -m ${MEM_LIMIT} -i in -o out -- ./test-multiple-mutators >>errors 2>&1
+    } >>errors 2>&1
 
-      test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && {  # TODO: update here
-        $ECHO "$GREEN[+] afl-fuzz is working correctly with multiple C mutators"
-      } || {
-        echo CUT------------------------------------------------------------------CUT
-        cat errors
-        echo CUT------------------------------------------------------------------CUT
-        $ECHO "$RED[!] afl-fuzz is not working correctly with multiple C mutators"
-        CODE=1
-      }
+    test -n "$( ls out/default/crashes/id:000000* 2>/dev/null )" && {  # TODO: update here
+      $ECHO "$GREEN[+] afl-fuzz is working correctly with multiple C mutators"
+    } || {
+      echo CUT------------------------------------------------------------------CUT
+      cat errors
+      echo CUT------------------------------------------------------------------CUT
+      $ECHO "$RED[!] afl-fuzz is not working correctly with multiple C mutators"
+      CODE=1
+    }
 
-      # Clean
-      rm -rf out errors core.*
+    # Clean
+    rm -rf out errors core.*
+  } || {
+    ls .
+    ls ${CUSTOM_MUTATOR_PATH}
+    $ECHO "$RED[!] cannot compile the test program or the custom mutator"
+    CODE=1
+  }
+}
 
+test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && {
+  test -e test-custom-mutator && {
       # Run afl-fuzz w/ the Python mutator
       $ECHO "$GREY[*] running afl-fuzz for the Python mutator, this will take approx 10 seconds"
       {
@@ -106,20 +114,12 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && {
       $ECHO "$RED[!] cannot compile the test program or the custom mutator"
       CODE=1
     }
-
-    #test "$CODE" = 1 && { $ECHO "$YELLOW[!] custom mutator tests currently will not fail travis" ; CODE=0 ; }
-
-    make -C ../utils/custom_mutators clean > /dev/null 2>&1
-    rm -f test-custom-mutator
-    rm -f test-custom-mutators
-  } || {
-    $ECHO "$YELLOW[-] no custom mutators in $CUSTOM_MUTATOR_PATH, cannot test"
-    INCOMPLETE=1
-  }
-  unset CUSTOM_MUTATOR_PATH
 } || {
   $ECHO "$YELLOW[-] no python support in afl-fuzz, cannot test"
   INCOMPLETE=1
 }
 
+make -C ../utils/custom_mutators clean > /dev/null 2>&1
+rm -f test-custom-mutator test-custom-mutators
+
 . ./test-post.sh
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-15 23:54:13 +0000