search

googleprojectzero / winafl

A fork of AFL for fuzzing Windows binaries
Apache License 2.0
2.36k stars 533 forks source link

dll_mutate_testcase_with_energy_ptr logical error #363

Open cooolie opened 2 years ago

cooolie commented 2 years ago

dll_mutate_testcase_with_energy_ptr must defind when you just want uses dll_mutate_testcase_ptr.

https://github.com/googleprojectzero/winafl/blob/99aec0723e86e1e4d6702e5a5bd36fbf0b113cf5/afl-fuzz.c#L5661

  // Prefer a custom mutator that accepts the performance score as an energy value.
  if (dll_mutate_testcase_with_energy_ptr)
    if (dll_mutate_testcase_with_energy_ptr(argv, in_buf, len, perf_score, common_fuzz_stuff))
      goto abandon_entry;
  else if (dll_mutate_testcase_ptr)
    if (dll_mutate_testcase_ptr(argv, in_buf, len, common_fuzz_stuff))
      goto abandon_entry;
ifratric commented 2 years ago

I don't see the bug there - if dll_mutate_testcase_with_energy_ptr is NULL, won't it go to the else if (dll_mutate_testcase_ptr) branch?

cooolie commented 2 years ago

yes