about summary refs log tree commit diff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/afl-mutations.h35
-rw-r--r--include/config.h2
-rw-r--r--include/envs.h1
3 files changed, 27 insertions, 11 deletions
diff --git a/include/afl-mutations.h b/include/afl-mutations.h
index d709b90d..75e66484 100644
--- a/include/afl-mutations.h
+++ b/include/afl-mutations.h
@@ -1082,6 +1082,7 @@ u32 mutation_strategy_exploration_binary[MUT_STRATEGY_ARRAY_SIZE] = {
     MUT_CLONE_COPY,
     MUT_CLONE_COPY,
     MUT_CLONE_COPY,
+    MUT_CLONE_COPY,
     MUT_CLONE_FIXED,
     MUT_CLONE_FIXED,
     MUT_CLONE_FIXED,
@@ -2456,14 +2457,14 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps,
 
         }
 
-        char buf[20];
-        snprintf(buf, sizeof(buf), "%" PRId64, val);
+        char numbuf[32];
+        snprintf(numbuf, sizeof(buf), "%" PRId64, val);
         u32 old_len = off2 - off;
-        u32 new_len = strlen(buf);
+        u32 new_len = strlen(numbuf);
 
         if (old_len == new_len) {
 
-          memcpy(buf + off, buf, new_len);
+          memcpy(buf + off, numbuf, new_len);
 
         } else {
 
@@ -2473,7 +2474,7 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps,
 
           /* Inserted part */
 
-          memcpy(tmp_buf + off, buf, new_len);
+          memcpy(tmp_buf + off, numbuf, new_len);
 
           /* Tail */
           memcpy(tmp_buf + off + new_len, buf + off2, len - off2);
@@ -2490,12 +2491,13 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps,
 
       case MUT_INSERTASCIINUM: {
 
-        u32 len = 1 + rand_below(afl, 8);
+        u32 ins_len = 1 + rand_below(afl, 8);
         u32 pos = rand_below(afl, len);
 
         /* Insert ascii number. */
-        if (unlikely(len < pos + len)) {
+        if (unlikely(len < pos + ins_len)) {
 
+          // no retry if we have a small input
           if (unlikely(len < 8)) {
 
             break;
@@ -2509,9 +2511,22 @@ inline u32 afl_mutate(afl_state_t *afl, u8 *buf, u32 len, u32 steps,
         }
 
         u64  val = rand_next(afl);
-        char buf[20];
-        snprintf(buf, sizeof(buf), "%llu", val);
-        memcpy(buf + pos, buf, len);
+        char numbuf[32];
+        snprintf(numbuf, sizeof(numbuf), "%llu", val);
+        size_t val_len = strlen(numbuf), off;
+
+        if (ins_len > val_len) {
+
+          ins_len = val_len;
+          off = 0;
+
+        } else {
+
+          off = val_len - ins_len;
+
+        }
+
+        memcpy(buf + pos, numbuf + off, ins_len);
 
         break;
 
diff --git a/include/config.h b/include/config.h
index 988e536e..63340650 100644
--- a/include/config.h
+++ b/include/config.h
@@ -26,7 +26,7 @@
 /* Version string: */
 
 // c = release, a = volatile github dev, e = experimental branch
-#define VERSION "++4.09a"
+#define VERSION "++4.10a"
 
 /******************************************************
  *                                                    *
diff --git a/include/envs.h b/include/envs.h
index 93e49e34..560092d9 100644
--- a/include/envs.h
+++ b/include/envs.h
@@ -172,6 +172,7 @@ static char *afl_environment_variables[] = {
     "AFL_LLVM_LTO_DONTWRITEID",
     "AFL_LLVM_LTO_SKIPINIT"
     "AFL_LLVM_LTO_STARTID",
+    "AFL_FUZZER_LOOPCOUNT",
     "AFL_NO_ARITH",
     "AFL_NO_AUTODICT",
     "AFL_NO_BUILTIN",
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-21 14:04:46 +0000