@@ -699,6 +699,45 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem,
699
699
700
700
}
701
701
702
+ bool is_known_case (afl_state_t * afl , u8 * name , void * mem , u32 len ) {
703
+
704
+ static char coming_from_me_str [16 + SYNC_ID_MAX_LEN ];
705
+ static int coming_from_me_len = 0 ;
706
+ if (!coming_from_me_len ) {
707
+
708
+ snprintf (coming_from_me_str , sizeof (coming_from_me_str ),
709
+ ",sync:%s,src:" , afl -> sync_id );
710
+ coming_from_me_len = strlen (coming_from_me_str );
711
+
712
+ }
713
+
714
+ // 9 = strlen("id:000000"), 6 = strlen("000000")
715
+ if (strlen (name ) < 9 + coming_from_me_len + 6 ) return false;
716
+ char * p = name + 9 ;
717
+ while ('0' <= * p && * p <= '9' )
718
+ p ++ ;
719
+
720
+ if (strncmp (p , coming_from_me_str , coming_from_me_len ) != 0 ) return false;
721
+
722
+ int src_id = atoi (p + coming_from_me_len );
723
+ if (src_id < 0 || src_id >= afl -> queued_items ) return false;
724
+
725
+ struct queue_entry * q = afl -> queue_buf [src_id ];
726
+ if (q -> len != len ) return false;
727
+
728
+ if (q -> testcase_buf ) return memcmp (q -> testcase_buf , mem , len ) == 0 ;
729
+
730
+ int fd = open ((char * )q -> fname , O_RDONLY );
731
+ if (fd < 0 ) return false;
732
+ u8 * buf = malloc (len );
733
+ ck_read (fd , buf , len , q -> fname );
734
+ close (fd );
735
+ bool result = (memcmp (buf , mem , len ) == 0 );
736
+ free (buf );
737
+ return result ;
738
+
739
+ }
740
+
702
741
/* Grab interesting test cases from other fuzzers. */
703
742
704
743
void sync_fuzzers (afl_state_t * afl ) {
@@ -896,26 +935,30 @@ void sync_fuzzers(afl_state_t *afl) {
896
935
897
936
if (mem == MAP_FAILED ) { PFATAL ("Unable to mmap '%s'" , path ); }
898
937
899
- /* See what happens. We rely on save_if_interesting() to catch major
900
- errors and save the test case. */
938
+ if (!is_known_case (afl , namelist [o ]-> d_name , mem , st .st_size )) {
901
939
902
- u32 new_len = write_to_testcase (afl , (void * * )& mem , st .st_size , 1 );
940
+ /* See what happens. We rely on save_if_interesting() to catch major
941
+ errors and save the test case. */
903
942
904
- fault = fuzz_run_target (afl , & afl -> fsrv , afl -> fsrv . exec_tmout );
943
+ u32 new_len = write_to_testcase (afl , ( void * * ) & mem , st . st_size , 1 );
905
944
906
- if (afl -> stop_soon ) {
945
+ fault = fuzz_run_target (afl , & afl -> fsrv , afl -> fsrv . exec_tmout );
907
946
908
- munmap (mem , st .st_size );
909
- close (fd );
947
+ if (afl -> stop_soon ) {
910
948
911
- goto close_sync ;
949
+ munmap (mem , st .st_size );
950
+ close (fd );
912
951
913
- }
952
+ goto close_sync ;
914
953
915
- afl -> syncing_party = sd_ent -> d_name ;
916
- afl -> queued_imported += save_if_interesting (afl , mem , new_len , fault );
917
- show_stats (afl );
918
- afl -> syncing_party = 0 ;
954
+ }
955
+
956
+ afl -> syncing_party = sd_ent -> d_name ;
957
+ afl -> queued_imported += save_if_interesting (afl , mem , new_len , fault );
958
+ show_stats (afl );
959
+ afl -> syncing_party = 0 ;
960
+
961
+ }
919
962
920
963
munmap (mem , st .st_size );
921
964
0 commit comments