/* american fuzzy lop++ - misc stuffs from Mordor ---------------------------------------------- Originally written by Michal Zalewski Now maintained by Marc Heuse , Heiko Eißfeldt and Andrea Fioraldi Copyright 2016, 2017 Google Inc. All rights reserved. Copyright 2019-2020 AFLplusplus Project. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at: http://www.apache.org/licenses/LICENSE-2.0 This is the real deal: the program takes an instrumented binary and attempts a variety of basic fuzzing tricks, paying close attention to how they affect the execution path. */ #include "afl-fuzz.h" /* Describe integer. The buf should be at least 6 bytes to fit all ints we randomly see. Will return buf for convenience. */ u8 *DI(u8 *buf, size_t len, u64 val) { \ #define CHK_FORMAT(_divisor, _limit_mult, _fmt, _cast) \ do { \ \ if (val < (_divisor) * (_limit_mult)) { \ \ snprintf(buf, len, _fmt, ((_cast)val) / (_divisor)); \ return buf; \ \ } \ \ } while (0) /* 0-9999 */ CHK_FORMAT(1, 10000, "%llu", u64); /* 10.0k - 99.9k */ CHK_FORMAT(1000, 99.95, "%0.01fk", double); /* 100k - 999k */ CHK_FORMAT(1000, 1000, "%lluk", u64); /* 1.00M - 9.99M */ CHK_FORMAT(1000 * 1000, 9.995, "%0.02fM", double); /* 10.0M - 99.9M */ CHK_FORMAT(1000 * 1000, 99.95, "%0.01fM", double); /* 100M - 999M */ CHK_FORMAT(1000 * 1000, 1000, "%lluM", u64); /* 1.00G - 9.99G */ CHK_FORMAT(1000LL * 1000 * 1000, 9.995, "%0.02fG", double); /* 10.0G - 99.9G */ CHK_FORMAT(1000LL * 1000 * 1000, 99.95, "%0.01fG", double); /* 100G - 999G */ CHK_FORMAT(1000LL * 1000 * 1000, 1000, "%lluG", u64); /* 1.00T - 9.99G */ CHK_FORMAT(1000LL * 1000 * 1000 * 1000, 9.995, "%0.02fT", double); /* 10.0T - 99.9T */ CHK_FORMAT(1000LL * 1000 * 1000 * 1000, 99.95, "%0.01fT", double); /* 100T+ */ strncpy(buf, "infty", len); buf[len - 1] = '\0'; return buf; } /* Describe float. Similar as int. */ u8 *DF(u8 *buf, size_t len, double val) { if (val < 99.995) { snprintf(buf, len, "%0.02f", val); } else if (val < 999.95) { snprintf(buf, len, "%0.01f", val); } else { DI(buf, len, (u64)val); } return buf; } /* Describe integer as memory size. */ u8 *DMS(u8 *buf, size_t len, u64 val) { /* 0-9999 */ CHK_FORMAT(1, 10000, "%llu B", u64); /* 10.0k - 99.9k */ CHK_FORMAT(1024, 99.95, "%0.01f kB", double); /* 100k - 999k */ CHK_FORMAT(1024, 1000, "%llu kB", u64); /* 1.00M - 9.99M */ CHK_FORMAT(1024 * 1024, 9.995, "%0.02f MB", double); /* 10.0M - 99.9M */ CHK_FORMAT(1024 * 1024, 99.95, "%0.01f MB", double); /* 100M - 999M */ CHK_FORMAT(1024 * 1024, 1000, "%llu MB", u64); /* 1.00G - 9.99G */ CHK_FORMAT(1024LL * 1024 * 1024, 9.995, "%0.02f GB", double); /* 10.0G - 99.9G */ CHK_FORMAT(1024LL * 1024 * 1024, 99.95, "%0.01f GB", double); /* 100G - 999G */ CHK_FORMAT(1024LL * 1024 * 1024, 1000, "%llu GB", u64); /* 1.00T - 9.99G */ CHK_FORMAT(1024LL * 1024 * 1024 * 1024, 9.995, "%0.02f TB", double); /* 10.0T - 99.9T */ CHK_FORMAT(1024LL * 1024 * 1024 * 1024, 99.95, "%0.01f TB", double); #undef CHK_FORMAT /* 100T+ */ strncpy(buf, "infty", len - 1); buf[len - 1] = '\0'; return buf; } /* Describe time delta as string. Returns a pointer to buf for convenience. */ u8 *DTD(u8 *buf, size_t len, u64 cur_ms, u64 event_ms) { u64 delta; s32 t_d, t_h, t_m, t_s; u8 int_buf[16]; if (!event_ms) { snprintf(buf, len, "none seen yet"); } else { delta = cur_ms - event_ms; t_d = delta / 1000 / 60 / 60 / 24; t_h = (delta / 1000 / 60 / 60) % 24; t_m = (delta / 1000 / 60) % 60; t_s = (delta / 1000) % 60; DI(int_buf, sizeof(int_buf), t_d); snprintf(buf, len, "%s days, %d hrs, %d min, %d sec", int_buf, t_h, t_m, t_s); } return buf; }