From 166130324898071a08e178dfeb901af44168236e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 10 Nov 2020 13:43:48 +0100 Subject: fix libfuzzer custom mutator and add introspection function --- custom_mutators/libfuzzer/libfuzzer.cpp | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'custom_mutators/libfuzzer/libfuzzer.cpp') diff --git a/custom_mutators/libfuzzer/libfuzzer.cpp b/custom_mutators/libfuzzer/libfuzzer.cpp index 5e37df66..a4f94328 100644 --- a/custom_mutators/libfuzzer/libfuzzer.cpp +++ b/custom_mutators/libfuzzer/libfuzzer.cpp @@ -6,6 +6,10 @@ //#include "debug.h" #include "afl-fuzz.h" +#ifdef INTROSPECTION + const char *introspection_ptr; +#endif + afl_state_t *afl_struct; extern "C" size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize); @@ -133,6 +137,14 @@ extern "C" size_t afl_custom_fuzz(my_mutator_t *data, uint8_t *buf, } +#ifdef INTROSPECTION +extern "C" const char* afl_custom_introspection(my_mutator_t *data) { + + return introspection_ptr; + +} +#endif + /** * Deinitialize everything * -- cgit 1.4.1 From ffe41e6fcec3e6228770c8fe11ec67b8cfb4878c Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Thu, 12 Nov 2020 20:26:53 +0100 Subject: fix two mem leaks detected by cppcheck --- custom_mutators/honggfuzz/honggfuzz.c | 1 + custom_mutators/libfuzzer/libfuzzer.cpp | 1 + unicorn_mode/unicornafl | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) (limited to 'custom_mutators/libfuzzer/libfuzzer.cpp') diff --git a/custom_mutators/honggfuzz/honggfuzz.c b/custom_mutators/honggfuzz/honggfuzz.c index bde922c6..b4f07258 100644 --- a/custom_mutators/honggfuzz/honggfuzz.c +++ b/custom_mutators/honggfuzz/honggfuzz.c @@ -37,6 +37,7 @@ my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { if ((data->mutator_buf = malloc(MAX_FILE)) == NULL) { + free(data); perror("mutator_buf alloc"); return NULL; diff --git a/custom_mutators/libfuzzer/libfuzzer.cpp b/custom_mutators/libfuzzer/libfuzzer.cpp index a4f94328..dc1fbeb2 100644 --- a/custom_mutators/libfuzzer/libfuzzer.cpp +++ b/custom_mutators/libfuzzer/libfuzzer.cpp @@ -50,6 +50,7 @@ extern "C" my_mutator_t *afl_custom_init(afl_state_t *afl, unsigned int seed) { if ((data->mutator_buf = (u8 *)malloc(MAX_FILE)) == NULL) { + free(data); perror("mutator_buf alloc"); return NULL; diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 0bf26f6c..c6d66471 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 0bf26f6c2601e1c1c84998551ed7d50b4108fbdf +Subproject commit c6d6647161a32bae88785a618fcd828d1711d9e6 -- cgit 1.4.1