From 408f752ed7f01bedef75d6ee022026a4a5b4b2bf Mon Sep 17 00:00:00 2001
From: Andrea Fioraldi <andreafioraldi@gmail.com>
Date: Fri, 20 Nov 2020 15:51:37 +0100
Subject: [PATCH] splice in libfuzzer clone

---
 fuzzers/libfuzzer/src/lib.rs |  7 ++-----
 fuzzers/libfuzzer/test.sh    | 10 ++++++++++
 src/executors/inmemory.rs    |  2 ++
 src/mutators/scheduled.rs    |  3 ++-
 4 files changed, 16 insertions(+), 6 deletions(-)
 create mode 100755 fuzzers/libfuzzer/test.sh

diff --git a/fuzzers/libfuzzer/src/lib.rs b/fuzzers/libfuzzer/src/lib.rs
index de5d0ff202..6ff33bed49 100644
--- a/fuzzers/libfuzzer/src/lib.rs
+++ b/fuzzers/libfuzzer/src/lib.rs
@@ -8,7 +8,7 @@ use afl::executors::inmemory::InMemoryExecutor;
 use afl::executors::{Executor, ExitKind};
 use afl::feedbacks::{create_history_map, MaxMapFeedback};
 use afl::inputs::bytes::BytesInput;
-use afl::mutators::scheduled::{mutation_bitflip, ComposedByMutations, DefaultScheduledMutator};
+use afl::mutators::scheduled::HavocBytesMutator;
 use afl::observers::DefaultMapObserver;
 use afl::stages::mutational::DefaultMutationalStage;
 use afl::utils::DefaultRand;
@@ -53,13 +53,10 @@ pub extern "C" fn afl_libfuzzer_main() {
     state.add_feedback(Box::new(edges_feedback));
 
     let mut engine = DefaultEngine::new();
-    let mut mutator = DefaultScheduledMutator::new(&rand);
-    mutator.add_mutation(mutation_bitflip);
+    let mutator = HavocBytesMutator::new_default(&rand);
     let stage = DefaultMutationalStage::new(&rand, mutator);
     engine.add_stage(Box::new(stage));
 
-    //
-
     for i in 0..1000 {
         println!("Fuzzer corpus iteration #{}", i);
         engine
diff --git a/fuzzers/libfuzzer/test.sh b/fuzzers/libfuzzer/test.sh
new file mode 100755
index 0000000000..e74bcda634
--- /dev/null
+++ b/fuzzers/libfuzzer/test.sh
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+cargo build --release
+make -C runtime
+
+./compiler test/test.c -o test_fuzz
+
+./test_fuzz
+
+rm ./test_fuzz
diff --git a/src/executors/inmemory.rs b/src/executors/inmemory.rs
index 8e7dd9904f..4c60b37261 100644
--- a/src/executors/inmemory.rs
+++ b/src/executors/inmemory.rs
@@ -97,6 +97,8 @@ pub mod unix_signals {
         let _ = stdout().flush();
 
         // TODO: LLMP
+
+        std::process::exit(139);
     }
 
     pub extern "C" fn libaflrs_executor_inmem_handle_timeout<I>(
diff --git a/src/mutators/scheduled.rs b/src/mutators/scheduled.rs
index d68430d700..8d88d6ef3e 100644
--- a/src/mutators/scheduled.rs
+++ b/src/mutators/scheduled.rs
@@ -165,7 +165,7 @@ where
     M: HasRand,
     I: Input + HasBytesVec,
 {
-    let bit = mutator.rand_below(input.bytes().len() as u64) as usize;
+    let bit = mutator.rand_below((input.bytes().len() * 8) as u64) as usize;
     input.bytes_mut()[bit >> 3] ^= (128 >> (bit & 7)) as u8;
     Ok(())
 }
@@ -313,6 +313,7 @@ where
     pub fn new_default(rand: &Rc<RefCell<R>>) -> Self {
         let mut scheduled = DefaultScheduledMutator::<C, I, R>::new(rand);
         scheduled.add_mutation(mutation_bitflip);
+        scheduled.add_mutation(mutation_splice);
         HavocBytesMutator {
             scheduled: scheduled,
             phantom: PhantomData,