From ca4a8c0f920f83c86aeb599b94b50fce2af68389 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Jul 2022 12:24:03 +0200 Subject: post_process 0/NULL return support --- src/afl-fuzz-run.c | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) (limited to 'src/afl-fuzz-run.c') diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 0f3be1a7..b97a8e6a 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -109,17 +109,36 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { if (unlikely(!new_buf && new_size <= 0)) { - FATAL("Custom_post_process failed (ret: %lu)", - (long unsigned)new_size); + new_size = 0; + new_buf = new_mem; + // FATAL("Custom_post_process failed (ret: %lu)", (long + // unsigned)new_size); - } + } else { - new_mem = new_buf; + new_mem = new_buf; + + } } }); + if (unlikely(!new_size)) { + + // perform dummy runs (fix = 1), but skip all others + if (fix) { + + new_size = len; + + } else { + + return 0; + + } + + } + if (unlikely(new_size < afl->min_length && !fix)) { new_size = afl->min_length; @@ -969,7 +988,11 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { u8 fault; - len = write_to_testcase(afl, (void **)&out_buf, len, 0); + if (unlikely(len = write_to_testcase(afl, (void **)&out_buf, len, 0) == 0)) { + + return 0; + + } fault = fuzz_run_target(afl, &afl->fsrv, afl->fsrv.exec_tmout); -- cgit 1.4.1 From c67f98865eec641ce7480b0882331c9799575dbb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Jul 2022 14:53:43 +0200 Subject: fix --- src/afl-fuzz-run.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'src/afl-fuzz-run.c') diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index b97a8e6a..d1ffb46c 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -107,7 +107,7 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { new_size = el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf); - if (unlikely(!new_buf && new_size <= 0)) { + if (unlikely(!new_buf || new_size <= 0)) { new_size = 0; new_buf = new_mem; @@ -226,14 +226,18 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, new_size = el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf); - if (unlikely(!new_buf || new_size <= 0)) { + if (unlikely(!new_buf && new_size <= 0)) { - FATAL("Custom_post_process failed (ret: %lu)", - (long unsigned)new_size); + new_size = 0; + new_buf = new_mem; + // FATAL("Custom_post_process failed (ret: %lu)", (long + // unsigned)new_size); - } + } else { - new_mem = new_buf; + new_mem = new_buf; + + } } -- cgit 1.4.1 From 4d20b2d28b732f20e4c9885a3d4ac4440d66bf12 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Jul 2022 17:04:53 +0200 Subject: fix --- src/afl-fuzz-run.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) (limited to 'src/afl-fuzz-run.c') diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index d1ffb46c..631548d4 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -76,24 +76,6 @@ fuzz_run_target(afl_state_t *afl, afl_forkserver_t *fsrv, u32 timeout) { u32 __attribute__((hot)) write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { -#ifdef _AFL_DOCUMENT_MUTATIONS - s32 doc_fd; - char fn[PATH_MAX]; - snprintf(fn, PATH_MAX, "%s/mutations/%09u:%s", afl->out_dir, - afl->document_counter++, - describe_op(afl, 0, NAME_MAX - strlen("000000000:"))); - - if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_PERMISSION)) >= - 0) { - - if (write(doc_fd, *mem, len) != len) - PFATAL("write to mutation file failed: %s", fn); - close(doc_fd); - - } - -#endif - if (unlikely(afl->custom_mutators_count)) { ssize_t new_size = len; @@ -172,6 +154,25 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { } +#ifdef _AFL_DOCUMENT_MUTATIONS + s32 doc_fd; + char fn[PATH_MAX]; + snprintf(fn, PATH_MAX, "%s/mutations/%09u:%s", afl->out_dir, + afl->document_counter++, + describe_op(afl, 0, NAME_MAX - strlen("000000000:"))); + + if ((doc_fd = open(fn, O_WRONLY | O_CREAT | O_TRUNC, DEFAULT_PERMISSION)) >= + 0) { + + if (write(doc_fd, *mem, len) != len) + PFATAL("write to mutation file failed: %s", fn); + close(doc_fd); + + } + +#endif + + fprintf(stderr, "len = %u\n", len); return len; } @@ -992,7 +993,7 @@ common_fuzz_stuff(afl_state_t *afl, u8 *out_buf, u32 len) { u8 fault; - if (unlikely(len = write_to_testcase(afl, (void **)&out_buf, len, 0) == 0)) { + if (unlikely(len = write_to_testcase(afl, (void **)&out_buf, len, 0)) == 0) { return 0; -- cgit 1.4.1 From d09023245204808a0eedfee221216d999fe85d5c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 19 Jul 2022 17:06:23 +0200 Subject: remove debug --- src/afl-fuzz-run.c | 1 - 1 file changed, 1 deletion(-) (limited to 'src/afl-fuzz-run.c') diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 631548d4..c0e72ae6 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -172,7 +172,6 @@ write_to_testcase(afl_state_t *afl, void **mem, u32 len, u32 fix) { #endif - fprintf(stderr, "len = %u\n", len); return len; } -- cgit 1.4.1