splice in libfuzzer clone

2020-11-20 15:51:37 +01:00 · 2020-11-20 15:51:37 +01:00 · 408f752ed7
commit 408f752ed7
parent 6c7615a7b9
4 changed files with 16 additions and 6 deletions
--- a/fuzzers/libfuzzer/src/lib.rs
+++ b/fuzzers/libfuzzer/src/lib.rs
@ -8,7 +8,7 @@ use afl::executors::inmemory::InMemoryExecutor;
 use afl::executors::{Executor, ExitKind};
 use afl::feedbacks::{create_history_map, MaxMapFeedback};
 use afl::inputs::bytes::BytesInput;
-use afl::mutators::scheduled::{mutation_bitflip, ComposedByMutations, DefaultScheduledMutator};
+use afl::mutators::scheduled::HavocBytesMutator;
 use afl::observers::DefaultMapObserver;
 use afl::stages::mutational::DefaultMutationalStage;
 use afl::utils::DefaultRand;
@ -53,13 +53,10 @@ pub extern "C" fn afl_libfuzzer_main() {
    state.add_feedback(Box::new(edges_feedback));

    let mut engine = DefaultEngine::new();
-    let mut mutator = DefaultScheduledMutator::new(&rand);
-    mutator.add_mutation(mutation_bitflip);
+    let mutator = HavocBytesMutator::new_default(&rand);
    let stage = DefaultMutationalStage::new(&rand, mutator);
    engine.add_stage(Box::new(stage));

-    //
-
    for i in 0..1000 {
        println!("Fuzzer corpus iteration #{}", i);
        engine
--- a/fuzzers/libfuzzer/test.sh
+++ b/fuzzers/libfuzzer/test.sh
@ -0,0 +1,10 @@
+#!/bin/sh
+
+cargo build --release
+make -C runtime
+
+./compiler test/test.c -o test_fuzz
+
+./test_fuzz
+
+rm ./test_fuzz
--- a/src/executors/inmemory.rs
+++ b/src/executors/inmemory.rs
@ -97,6 +97,8 @@ pub mod unix_signals {
        let _ = stdout().flush();

        // TODO: LLMP
+
+        std::process::exit(139);
    }

    pub extern "C" fn libaflrs_executor_inmem_handle_timeout<I>(
--- a/src/mutators/scheduled.rs
+++ b/src/mutators/scheduled.rs
@ -165,7 +165,7 @@ where
    M: HasRand,
    I: Input + HasBytesVec,
 {
-    let bit = mutator.rand_below(input.bytes().len() as u64) as usize;
+    let bit = mutator.rand_below((input.bytes().len() * 8) as u64) as usize;
    input.bytes_mut()[bit >> 3] ^= (128 >> (bit & 7)) as u8;
    Ok(())
 }
@ -313,6 +313,7 @@ where
    pub fn new_default(rand: &Rc<RefCell<R>>) -> Self {
        let mut scheduled = DefaultScheduledMutator::<C, I, R>::new(rand);
        scheduled.add_mutation(mutation_bitflip);
+        scheduled.add_mutation(mutation_splice);
        HavocBytesMutator {
            scheduled: scheduled,
            phantom: PhantomData,