about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/afl-fuzz-cmplog.c12
-rw-r--r--src/afl-fuzz-redqueen.c32
2 files changed, 38 insertions, 6 deletions
diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c
index 92bac4ab..69efcffa 100644
--- a/src/afl-fuzz-cmplog.c
+++ b/src/afl-fuzz-cmplog.c
@@ -150,8 +150,10 @@ void init_cmplog_forkserver(char** argv) {
            "msan_track_origins=0",
            0);
 
-    argv[0] = cmplog_binary;
-    execv(cmplog_binary, argv);
+    setenv("___AFL_EINS_ZWEI_POLIZEI___", "1", 1);
+
+    if (!qemu_mode) argv[0] = cmplog_binary;
+    execv(argv[0], argv);
 
     /* Use a distinctive bitmap signature to tell the parent about execv()
        falling through. */
@@ -440,9 +442,11 @@ u8 run_cmplog_target(char** argv, u32 timeout) {
       setenv("MSAN_OPTIONS", "exit_code=" STRINGIFY(MSAN_ERROR) ":"
                              "symbolize=0:"
                              "msan_track_origins=0", 0);
+      
+      setenv("___AFL_EINS_ZWEI_POLIZEI___", "1", 1);
 
-      argv[0] = cmplog_binary;
-      execv(cmplog_binary, argv);
+      if (!qemu_mode) argv[0] = cmplog_binary;
+      execv(argv[0], argv);
 
       /* Use a distinctive bitmap value to tell the parent about execv()
          falling through. */
diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c
index c21c973f..6fb1964f 100644
--- a/src/afl-fuzz-redqueen.c
+++ b/src/afl-fuzz-redqueen.c
@@ -108,6 +108,8 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
   struct range* ranges = add_range(NULL, 0, len);
   u8*           backup = ck_alloc_nozero(len);
 
+  u8 needs_write = 0;
+
   u64 orig_hit_cnt, new_hit_cnt;
   orig_hit_cnt = queued_paths + unique_crashes;
 
@@ -132,7 +134,7 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
       ranges = add_range(ranges, rng->start + s / 2 + 1, rng->end);
       memcpy(buf + rng->start, backup, s);
 
-    }
+    } else needs_write = 1;
 
     ck_free(rng);
     --stage_cur;
@@ -150,6 +152,32 @@ u8 colorization(u8* buf, u32 len, u32 exec_cksum) {
     ck_free(rng);
 
   }
+  
+  // save the input with the high entropy
+  
+  if (needs_write) {
+
+    s32 fd;
+
+    if (no_unlink) {
+
+      fd = open(queue_cur->fname, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+
+    } else {
+
+      unlink(queue_cur->fname);                                    /* ignore errors */
+      fd = open(queue_cur->fname, O_WRONLY | O_CREAT | O_EXCL, 0600);
+
+    }
+
+    if (fd < 0) PFATAL("Unable to create '%s'", queue_cur->fname);
+
+    ck_write(fd, buf, len, queue_cur->fname);
+    queue_cur->len = len; // no-op, just to be 100% safe
+    
+    close(fd);
+    
+  }
 
   return 0;
 
@@ -362,7 +390,7 @@ u8 input_to_state_stage(char** argv, u8* orig_buf, u8* buf, u32 len,
 
   }
 
-  memcpy(buf, orig_buf, len);
+  memcpy(orig_buf, buf, len);
 
   new_hit_cnt = queued_paths + unique_crashes;
   stage_finds[STAGE_ITS] += new_hit_cnt - orig_hit_cnt;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-19 02:36:54 +0000