From 58a0f17edbe79fd8e2059e225b3cec2d04ebd953 Mon Sep 17 00:00:00 2001 From: toka Date: Thu, 10 Jul 2025 14:16:22 +0200 Subject: [PATCH 01/23] my change --- src/afl-fuzz-one.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index fd5ed87ca3..e0bb74d188 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -1025,6 +1025,8 @@ u8 fuzz_one_original(afl_state_t *afl) { #ifdef INTROSPECTION snprintf(afl->mutation, sizeof(afl->mutation), "%s ARITH8--%u-%u", afl->queue_cur->fname, i, j); + fprintf(afl->introspection_file, "LOGGING %s = %s\n", afl->mutation, + afl->queue_top->fname); #endif if (common_fuzz_stuff(afl, out_buf, len)) { goto abandon_entry; } From ac0c0cfd59584092de1cd02563c7fbc7ea428274 Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 12:07:00 +0200 Subject: [PATCH 02/23] hnb record --- src/afl-fuzz-bitmap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index fd75a82293..f14441750e 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -225,6 +225,8 @@ inline u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) { #endif /* ^WORD_SIZE_64 */ u8 ret = 0; + u64 cksum = hash64(virgin_map, afl->fsrv.map_size, HASH_CONST); + fprintf(afl->introspection_file, "HNB HASH %d\n", cksum); while (i--) { if (unlikely(*current)) discover_word(&ret, current, virgin); From 35a2e4c1ffaa4ffe3f81c2a34c1dfa2a593c1ee7 Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 12:11:49 +0200 Subject: [PATCH 03/23] a --- src/afl-fuzz-bitmap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index f14441750e..acc4a89110 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -226,7 +226,6 @@ inline u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) { u8 ret = 0; u64 cksum = hash64(virgin_map, afl->fsrv.map_size, HASH_CONST); - fprintf(afl->introspection_file, "HNB HASH %d\n", cksum); while (i--) { if (unlikely(*current)) discover_word(&ret, current, virgin); @@ -237,8 +236,11 @@ inline u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) { } if (unlikely(ret) && likely(virgin_map == afl->virgin_bits)) + { afl->bitmap_changed = 1; - + fprintf(afl->introspection_file, "HNB HASH %d\n", cksum); + } + return ret; } From 43b14ff5d14126e5ba1c135de260bc4f0aad9a25 Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 12:19:49 +0200 Subject: [PATCH 04/23] stdout --- src/afl-fuzz-bitmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index acc4a89110..af3d34c3d7 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -238,9 +238,9 @@ inline u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) { if (unlikely(ret) && likely(virgin_map == afl->virgin_bits)) { afl->bitmap_changed = 1; - fprintf(afl->introspection_file, "HNB HASH %d\n", cksum); + fprintf(stdout, "HNB HASH %d\n", cksum); } - + return ret; } From 507f07cde66a0c47610c327d658694b76d33a506 Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 12:32:10 +0200 Subject: [PATCH 05/23] conditional --- src/afl-fuzz-bitmap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index af3d34c3d7..890d8ca8c6 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -238,7 +238,9 @@ inline u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) { if (unlikely(ret) && likely(virgin_map == afl->virgin_bits)) { afl->bitmap_changed = 1; - fprintf(stdout, "HNB HASH %d\n", cksum); + if(afl->introspection_file) { + fprintf(stdout, "HNB HASH %d\n", cksum); + } } return ret; From 0060be386b4a8bde47289af4a0873c0e6f4e0e24 Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 12:40:07 +0200 Subject: [PATCH 06/23] ... --- src/afl-fuzz-bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 890d8ca8c6..640237e44d 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -239,7 +239,7 @@ inline u8 has_new_bits(afl_state_t *afl, u8 *virgin_map) { { afl->bitmap_changed = 1; if(afl->introspection_file) { - fprintf(stdout, "HNB HASH %d\n", cksum); + fprintf(afl->introspection_file, "HNB HASH %d\n", cksum); } } From b9090e28538ff8a269279039e9939c933467588c Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 14:00:42 +0200 Subject: [PATCH 07/23] debug --- src/afl-fuzz-skipdet.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index 8a927292bb..9cb1f60c3d 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -161,8 +161,8 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, u64 cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); - // printf("Now trying range %d with %d, %s.\n", pos, cur_block_size, - // (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); + printf("Now trying range %d with %d, %s.\n", pos, cur_block_size, + (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); /* continue until we fail or exceed length */ if (cksum == _prev_cksum) { From d890e6094fc5b8e417a7dccbb41eb320d88bf25c Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 14:14:15 +0200 Subject: [PATCH 08/23] more debug --- src/afl-fuzz-skipdet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index 9cb1f60c3d..c7c1351b84 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -161,7 +161,7 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, u64 cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); - printf("Now trying range %d with %d, %s.\n", pos, cur_block_size, + printf("Now trying range %d with %d %d==%d, %s.\n", pos, cur_block_size, cksum, prev_cksum (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); /* continue until we fail or exceed length */ From 4e005ebb180fb527f9b71d9a4d9357cd0ec8fcd3 Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 14:15:51 +0200 Subject: [PATCH 09/23] more debug --- src/afl-fuzz-skipdet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index c7c1351b84..58dcffa902 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -161,7 +161,7 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, u64 cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); - printf("Now trying range %d with %d %d==%d, %s.\n", pos, cur_block_size, cksum, prev_cksum + printf("Now trying range %d with %d %d==%d, %s.\n", pos, cur_block_size, cksum, prev_cksum, (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); /* continue until we fail or exceed length */ From 4e6ea29696acc945b6e176121b137d1a8aea1e19 Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 14:26:45 +0200 Subject: [PATCH 10/23] moremore debug --- src/afl-fuzz-skipdet.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index 58dcffa902..d6a9469088 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -154,12 +154,19 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, flip_range(out_buf, pos, flip_block_size); - if (common_fuzz_stuff(afl, out_buf, len)) return 0; + for(int y = 0; y < 10; y++) { + printf("Repetition %d\n", y); + if (common_fuzz_stuff(afl, out_buf, len)) return 0; + u64 cksum = + hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + printf("cksum %d\n", cksum); + } + + flip_range(out_buf, pos, flip_block_size); - u64 cksum = - hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + printf("Now trying range %d with %d %d==%d, %s.\n", pos, cur_block_size, cksum, prev_cksum, (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); From 96308eb524c20f510991afe30fba57c2fbe0f52f Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 14:28:14 +0200 Subject: [PATCH 11/23] fix --- src/afl-fuzz-skipdet.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index d6a9469088..efeae278e9 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -155,19 +155,15 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, flip_range(out_buf, pos, flip_block_size); for(int y = 0; y < 10; y++) { - printf("Repetition %d\n", y); + printf("Repetition %llu\n", y); if (common_fuzz_stuff(afl, out_buf, len)) return 0; u64 cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); printf("cksum %d\n", cksum); } - - flip_range(out_buf, pos, flip_block_size); - - printf("Now trying range %d with %d %d==%d, %s.\n", pos, cur_block_size, cksum, prev_cksum, (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); From a90f643a72c73af276c976f16f434c1166589bf1 Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 14:29:31 +0200 Subject: [PATCH 12/23] fix --- src/afl-fuzz-skipdet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index efeae278e9..e69b5172b6 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -154,10 +154,11 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, flip_range(out_buf, pos, flip_block_size); + u64 cksum; for(int y = 0; y < 10; y++) { printf("Repetition %llu\n", y); if (common_fuzz_stuff(afl, out_buf, len)) return 0; - u64 cksum = + cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); printf("cksum %d\n", cksum); } From d33fd7e84667f9d393cc5506996f572ab242e71d Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 14:59:13 +0200 Subject: [PATCH 13/23] fuzzer --- src/afl-fuzz-skipdet.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index e69b5172b6..d685045aa5 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -1,6 +1,7 @@ #include "afl-fuzz.h" +#include void flip_range(u8 *input, u32 pos, u32 size) { @@ -157,7 +158,13 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, u64 cksum; for(int y = 0; y < 10; y++) { printf("Repetition %llu\n", y); - if (common_fuzz_stuff(afl, out_buf, len)) return 0; + char filename[64]; + snprintf(filename, sizeof(filename), "file_%d_%d.bin", pos, y); + + if (common_fuzz_stuff(afl, out_buf, len)) return 0;\ + FILE* fp = fopen(filename, "wb"); // Open file in binary write mode + fwrite(afl->fsrv.trace_bits, 1, afl->fsrv.map_size, fp); + fclose(fp); cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); printf("cksum %d\n", cksum); From 48742ca70e9c2f19d7f7ad5e853fd937cd96a8e3 Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 15:11:58 +0200 Subject: [PATCH 14/23] last bit --- src/afl-fuzz-skipdet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index d685045aa5..f0941cee16 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -159,7 +159,7 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, for(int y = 0; y < 10; y++) { printf("Repetition %llu\n", y); char filename[64]; - snprintf(filename, sizeof(filename), "file_%d_%d.bin", pos, y); + snprintf(filename, sizeof(filename), "file_%d_%d_%d.bin", pos, cur_block_size, y); if (common_fuzz_stuff(afl, out_buf, len)) return 0;\ FILE* fp = fopen(filename, "wb"); // Open file in binary write mode From bc7e83dfa6d4be1fb3b4766a430c2c307165aa2e Mon Sep 17 00:00:00 2001 From: toka Date: Fri, 11 Jul 2025 15:30:22 +0200 Subject: [PATCH 15/23] mm --- src/afl-fuzz-skipdet.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index f0941cee16..182c21096d 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -159,12 +159,17 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, for(int y = 0; y < 10; y++) { printf("Repetition %llu\n", y); char filename[64]; + char inputname[64]; snprintf(filename, sizeof(filename), "file_%d_%d_%d.bin", pos, cur_block_size, y); + snprintf(inputname, sizeof(inputname), "input_%d_%d_%d.bin", pos, cur_block_size, y); if (common_fuzz_stuff(afl, out_buf, len)) return 0;\ - FILE* fp = fopen(filename, "wb"); // Open file in binary write mode - fwrite(afl->fsrv.trace_bits, 1, afl->fsrv.map_size, fp); - fclose(fp); + FILE* fp1 = fopen(filename, "wb"); // Open file in binary write mode + FILE* fp2 = fopen(inputname, "wb"); // Open file in binary write mode + fwrite(afl->fsrv.trace_bits, 1, afl->fsrv.map_size, fp1); + fwrite(out_buf, 1, len, fp2); + fclose(fp1); + fclose(fp2); cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); printf("cksum %d\n", cksum); From 0d4eb61a3cf038c62c208d550a3c3810881dc40a Mon Sep 17 00:00:00 2001 From: toka Date: Sun, 13 Jul 2025 23:55:23 +0200 Subject: [PATCH 16/23] mre --- src/afl-fuzz-one.c | 4 ++-- src/afl-fuzz-skipdet.c | 17 ++--------------- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index e0bb74d188..315d324d7f 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -631,7 +631,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Now flip bits. */ for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { - + printf("FLIP1 %d\n", afl->stage_cur); afl->stage_cur_byte = afl->stage_cur >> 3; if (!skip_eff_map[afl->stage_cur_byte]) continue; @@ -735,7 +735,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } new_hit_cnt = afl->queued_items + afl->saved_crashes; - + printf("New Hit! %d\n", new_hit_cnt); afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP1] += afl->stage_max; #ifdef INTROSPECTION diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index 182c21096d..eccb8db882 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -157,28 +157,15 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, u64 cksum; for(int y = 0; y < 10; y++) { - printf("Repetition %llu\n", y); - char filename[64]; - char inputname[64]; - snprintf(filename, sizeof(filename), "file_%d_%d_%d.bin", pos, cur_block_size, y); - snprintf(inputname, sizeof(inputname), "input_%d_%d_%d.bin", pos, cur_block_size, y); - if (common_fuzz_stuff(afl, out_buf, len)) return 0;\ - FILE* fp1 = fopen(filename, "wb"); // Open file in binary write mode - FILE* fp2 = fopen(inputname, "wb"); // Open file in binary write mode - fwrite(afl->fsrv.trace_bits, 1, afl->fsrv.map_size, fp1); - fwrite(out_buf, 1, len, fp2); - fclose(fp1); - fclose(fp2); cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); - printf("cksum %d\n", cksum); } flip_range(out_buf, pos, flip_block_size); - printf("Now trying range %d with %d %d==%d, %s.\n", pos, cur_block_size, cksum, prev_cksum, - (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); + // printf("Now trying range %d with %d %d==%d, %s.\n", pos, cur_block_size, cksum, prev_cksum, + // (cksum == prev_cksum) ? (u8*)"Yes" : (u8*) "Not"); /* continue until we fail or exceed length */ if (cksum == _prev_cksum) { From 8aefe1a7d5c89974e5b8b524acf944b4b0bc3cfd Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 14 Jul 2025 00:07:06 +0200 Subject: [PATCH 17/23] lol --- src/afl-fuzz-one.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 315d324d7f..e0e8c4aa6a 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -616,7 +616,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_short = "flip1"; afl->stage_max = len << 3; afl->stage_name = "bitflip 1/1"; - + printf("FLIP1\n"); afl->stage_val_type = STAGE_VAL_NONE; orig_hit_cnt = afl->queued_items + afl->saved_crashes; @@ -631,7 +631,7 @@ u8 fuzz_one_original(afl_state_t *afl) { /* Now flip bits. */ for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { - printf("FLIP1 %d\n", afl->stage_cur); + afl->stage_cur_byte = afl->stage_cur >> 3; if (!skip_eff_map[afl->stage_cur_byte]) continue; @@ -735,7 +735,7 @@ u8 fuzz_one_original(afl_state_t *afl) { } new_hit_cnt = afl->queued_items + afl->saved_crashes; - printf("New Hit! %d\n", new_hit_cnt); + afl->stage_finds[STAGE_FLIP1] += new_hit_cnt - orig_hit_cnt; afl->stage_cycles[STAGE_FLIP1] += afl->stage_max; #ifdef INTROSPECTION @@ -747,6 +747,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_name = "bitflip 2/1"; afl->stage_short = "flip2"; afl->stage_max = (len << 3) - 1; + printf("FLIP2\n"); orig_hit_cnt = new_hit_cnt; @@ -786,6 +787,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_name = "bitflip 4/1"; afl->stage_short = "flip4"; afl->stage_max = (len << 3) - 3; + printf("FLIP4\n"); orig_hit_cnt = new_hit_cnt; @@ -829,6 +831,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_name = "bitflip 8/8"; afl->stage_short = "flip8"; afl->stage_max = len; + printf("FLIP8\n"); orig_hit_cnt = new_hit_cnt; prev_cksum = _prev_cksum; @@ -880,6 +883,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_short = "flip16"; afl->stage_cur = 0; afl->stage_max = len - 1; + printf("FLIP16\n"); orig_hit_cnt = new_hit_cnt; @@ -923,6 +927,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_short = "flip32"; afl->stage_cur = 0; afl->stage_max = len - 3; + printf("FLIP32\n"); orig_hit_cnt = new_hit_cnt; From 6fa5cce29dd5bce4c85acb4d7a00b0e5b986c2d2 Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 14 Jul 2025 00:21:05 +0200 Subject: [PATCH 18/23] more test --- src/afl-fuzz-one.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index e0e8c4aa6a..71232711b0 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -1573,7 +1573,7 @@ u8 fuzz_one_original(afl_state_t *afl) { afl->stage_max = afl->extras_cnt * len; afl->stage_val_type = STAGE_VAL_NONE; - + printf("EXT O"); orig_hit_cnt = new_hit_cnt; for (i = 0; i < (u32)len; ++i) { From df620c1f41a3b32d25182bb4f3b97ed5892c035d Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 14 Jul 2025 00:31:11 +0200 Subject: [PATCH 19/23] more debug --- src/afl-fuzz-skipdet.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index eccb8db882..af8cef0b85 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -233,7 +233,7 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, orig_hit_cnt = afl->queued_items + afl->saved_crashes; u32 before_skip_inf = afl->queued_items; - + printf /* clean all the eff bytes, since previous eff bytes are already fuzzed */ u8 *skip_eff_map = afl->queue_cur->skipdet_e->skip_eff_map, *done_inf_map = afl->queue_cur->skipdet_e->done_inf_map; @@ -311,6 +311,7 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, } out_buf[afl->stage_cur_byte] = replace; + println!("Replacing %d with %d\n", afl->stage_cur_byte, replace); before_skip_inf = afl->queued_items; From 0bd2512dc4a229424aecb19f7e3dcb73937920b1 Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 14 Jul 2025 00:32:33 +0200 Subject: [PATCH 20/23] more debug --- src/afl-fuzz-skipdet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index af8cef0b85..c44173b589 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -311,7 +311,7 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, } out_buf[afl->stage_cur_byte] = replace; - println!("Replacing %d with %d\n", afl->stage_cur_byte, replace); + printf("Replacing %d with %d\n", afl->stage_cur_byte, replace); before_skip_inf = afl->queued_items; From 5e4cd4bf5e0065ffed75093acd597659f3f13c00 Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 14 Jul 2025 00:35:46 +0200 Subject: [PATCH 21/23] more debug --- src/afl-fuzz-skipdet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index c44173b589..dc56f1a089 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -233,7 +233,7 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, orig_hit_cnt = afl->queued_items + afl->saved_crashes; u32 before_skip_inf = afl->queued_items; - printf + printf("QUICK at %d\n", afl->fsrv.total_execs); /* clean all the eff bytes, since previous eff bytes are already fuzzed */ u8 *skip_eff_map = afl->queue_cur->skipdet_e->skip_eff_map, *done_inf_map = afl->queue_cur->skipdet_e->done_inf_map; From a3b5238daee522f4441517ee5e77a51728fcdc4e Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 14 Jul 2025 00:50:13 +0200 Subject: [PATCH 22/23] more --- src/afl-fuzz-skipdet.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index dc56f1a089..4583f30f7f 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -315,7 +315,17 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, before_skip_inf = afl->queued_items; - if (common_fuzz_stuff(afl, out_buf, len)) { return 0; } + int cksum = 0; + for(int y = 0; y < 20; y++) { + if (common_fuzz_stuff(afl, out_buf, len)) { return 0; } + int new_cksum = + hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + if (cksum != 0 && cksum != new_cksum) { + printf("============================================================================\n"); + } + printf("new_cksum: %d\n", new_cksum); + cksum = new_cksum; + } out_buf[afl->stage_cur_byte] = orig; From 06078579cf884c23fbc8fefb3430e6823c02f555 Mon Sep 17 00:00:00 2001 From: toka Date: Mon, 14 Jul 2025 00:58:50 +0200 Subject: [PATCH 23/23] really; last debug --- src/afl-fuzz-skipdet.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/afl-fuzz-skipdet.c b/src/afl-fuzz-skipdet.c index 4583f30f7f..8a07f9c87d 100644 --- a/src/afl-fuzz-skipdet.c +++ b/src/afl-fuzz-skipdet.c @@ -321,7 +321,14 @@ u8 skip_deterministic_stage(afl_state_t *afl, u8 *orig_buf, u8 *out_buf, int new_cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); if (cksum != 0 && cksum != new_cksum) { + char inputname[64]; + snprintf(inputname, sizeof(inputname), "input_%d_%d.bin", afl->stage_cur_byte, y); + FILE* fp1 = fopen(inputname, "wb"); // Open file in binary write mode + fwrite(afl->fsrv.trace_bits, 1, afl->fsrv.map_size, fp1); + fclose(fp1); printf("============================================================================\n"); + printf("new_cksum: %d\n", new_cksum); + exit(1); } printf("new_cksum: %d\n", new_cksum); cksum = new_cksum; pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy