diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/afl-fuzz-globals.c | 4 | ||||
| -rw-r--r-- | src/afl-fuzz-init.c | 5 | ||||
| -rw-r--r-- | src/afl-fuzz-one.c | 17 | ||||
| -rw-r--r-- | src/afl-fuzz-run.c | 12 | ||||
| -rw-r--r-- | src/afl-fuzz-stats.c | 7 |
5 files changed, 40 insertions, 5 deletions
diff --git a/src/afl-fuzz-globals.c b/src/afl-fuzz-globals.c index 1358a1fb..01b242b8 100644 --- a/src/afl-fuzz-globals.c +++ b/src/afl-fuzz-globals.c @@ -259,3 +259,7 @@ PyObject *py_functions[PY_FUNC_COUNT]; #endif +#ifdef _AFL_DOCUMENT_MUTATIONS + u8 do_document; + u32 document_counter; +#endif diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 4908626a..fab82e2d 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1478,8 +1478,9 @@ void check_cpu_governor(void) { " to make afl-fuzz skip this check - but expect some performance " "drop.\n", min / 1024, max / 1024); + FATAL("Suboptimal CPU scaling governor"); -#else +#elif defined __APPLE__ u64 min = 0, max = 0; size_t mlen = sizeof(min); if (getenv("AFL_SKIP_CPUFREQ")) return; @@ -1510,8 +1511,8 @@ void check_cpu_governor(void) { " to make afl-fuzz skip this check - but expect some performance " "drop.\n", min / 1024, max / 1024); -#endif FATAL("Suboptimal CPU scaling governor"); +#endif } /* Count the number of logical CPU cores. */ diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 59483b8f..1824f0b2 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -4231,6 +4231,7 @@ pacemaker_fuzzing: #define core_fuzzing(a) common_fuzzing((a), MOpt_globals_core) + void pso_updating(void) { g_now += 1; @@ -4310,6 +4311,22 @@ void pso_updating(void) { u8 fuzz_one(char** argv) { int key_val_lv = 0; + +#ifdef _AFL_DOCUMENT_MUTATIONS + if (do_document == 0) { + char *fn = alloc_printf("%s/mutations", out_dir); + if (fn) { + do_document = mkdir(fn, 0700); // if it exists we do not care + do_document = 1; + ck_free(fn); + } else + PFATAL("malloc()"); + } else { + do_document = 2; + stop_soon = 2; + } +#endif + if (limit_time_sig == 0) { key_val_lv = fuzz_one_original(argv); diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index f2f663dc..220433fc 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -251,6 +251,18 @@ void write_to_testcase(void* mem, u32 len) { s32 fd = out_fd; +#ifdef _AFL_DOCUMENT_MUTATIONS + s32 doc_fd; + char *fn = alloc_printf("%s/mutations/%09u:%s", out_dir, document_counter++, describe_op(0)); + if (fn != NULL) { + if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, 0600)) >= 0) { + if (write(doc_fd, mem, len) != len) PFATAL("write to mutation file failed: %s", fn); + close(doc_fd); + } + ck_free(fn); + } +#endif + if (out_file) { // unlink(out_file); /* Ignore errors. diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 803faced..5e773e96 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -576,12 +576,13 @@ void show_stats(void) { " imported : " cRST "%-10s" bSTG bV "\n", tmp, sync_id ? DI(queued_imported) : (u8*)"n/a"); - sprintf(tmp, "%s/%s, %s/%s, %s/%s", DI(stage_finds[STAGE_HAVOC]), + sprintf(tmp, "%s/%s, %s/%s, %s/%s, %s/%s", DI(stage_finds[STAGE_HAVOC]), DI(stage_cycles[STAGE_HAVOC]), DI(stage_finds[STAGE_SPLICE]), DI(stage_cycles[STAGE_SPLICE]), DI(stage_finds[STAGE_PYTHON]), - DI(stage_cycles[STAGE_PYTHON])); + DI(stage_cycles[STAGE_PYTHON]), DI(stage_finds[STAGE_CUSTOM_MUTATOR]), + DI(stage_cycles[STAGE_CUSTOM_MUTATOR])); - SAYF(bV bSTOP " havoc : " cRST "%-36s " bSTG bV bSTOP, tmp); + SAYF(bV bSTOP "havoc/custom : " cRST "%-36s " bSTG bV bSTOP, tmp); if (t_bytes) sprintf(tmp, "%0.02f%%", stab_ratio); |