fuzzing: Speed up afl using persistent mode (in proccess fuzzing)

da551c75 · Max Bruckner · ae4681b7 · da551c75 · da551c75
隐藏空白更改
内联并排

Showing with 15 addition and 1 deletion

fuzzing/CMakeLists.txt fuzzing/CMakeLists.txt +2 -0

fuzzing/afl.c fuzzing/afl.c +13 -1

未找到文件。
--- a/fuzzing/CMakeLists.txt
+++ b/fuzzing/CMakeLists.txt
@@ -18,6 +18,8 @@ if (ENABLE_FUZZING)
        set(fuzz_print_parameter "yes")
    endif()

+    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-error")
+
    add_custom_target(afl
        COMMAND "${AFL_FUZZ}" -i "${CMAKE_CURRENT_SOURCE_DIR}/inputs" -o "${CMAKE_CURRENT_BINARY_DIR}/findings" -x "${CMAKE_CURRENT_SOURCE_DIR}/json.dict" -- "${CMAKE_CURRENT_BINARY_DIR}/afl-main" "@@" "${fuzz_print_parameter}"
        DEPENDS afl-main)

--- a/fuzzing/afl.c
+++ b/fuzzing/afl.c
@@ -87,7 +87,7 @@ int main(int argc, char** argv)
    const char *filename = NULL;
    cJSON *item = NULL;
    char *json = NULL;
-    int status = EXIT_SUCCESS;
+    int status;
    char *printed_json = NULL;

    if ((argc < 2) || (argc > 3))
@@ -100,6 +100,12 @@ int main(int argc, char** argv)

    filename = argv[1];

+#if __AFL_HAVE_MANUAL_CONTROL
+    while (__AFL_LOOP(1000))
+    {
+#endif
+    status = EXIT_SUCCESS;
+
    json = read_file(filename);
    if ((json == NULL) || (json[0] == '\0') || (json[1] == '\0'))
    {
@@ -149,15 +155,21 @@ cleanup:
    if (item != NULL)
    {
        cJSON_Delete(item);
+        item = NULL;
    }
    if (json != NULL)
    {
        free(json);
+        json = NULL;
    }
    if (printed_json != NULL)
    {
        free(printed_json);
+        printed_json = NULL;
+    }
+#if __AFL_HAVE_MANUAL_CONTROL
    }
+#endif

    return status;
 }