winafl icon indicating copy to clipboard operation
winafl copied to clipboard
verified publisher icon googleprojectzero

dll_mutate_testcase_with_energy_ptr logical error

Open cooolie opened this issue 3 years ago • 2 comments

dll_mutate_testcase_with_energy_ptr must defind when you just want uses dll_mutate_testcase_ptr.

https://github.com/googleprojectzero/winafl/blob/99aec0723e86e1e4d6702e5a5bd36fbf0b113cf5/afl-fuzz.c#L5661

  // Prefer a custom mutator that accepts the performance score as an energy value.
  if (dll_mutate_testcase_with_energy_ptr)
    if (dll_mutate_testcase_with_energy_ptr(argv, in_buf, len, perf_score, common_fuzz_stuff))
      goto abandon_entry;
  else if (dll_mutate_testcase_ptr)
    if (dll_mutate_testcase_ptr(argv, in_buf, len, common_fuzz_stuff))
      goto abandon_entry;

cooolie avatar Jan 17 '22 09:01 cooolie

I don't see the bug there - if dll_mutate_testcase_with_energy_ptr is NULL, won't it go to the else if (dll_mutate_testcase_ptr) branch?

ifratric avatar Jan 18 '22 09:01 ifratric

yes

cooolie avatar Jan 19 '22 07:01 cooolie