class Server(FuzzServer):
def __init__(self, args, **options):
super().__init__(args, **options)
self.client = BreakpointClient(args, **options)
self.mutator = Mutator(self.client, **options)
def prepare_inp(self, buf):
try:
f = open(inp_path, 'wb')
f.write(buf)
f.close()
except:
pass
traceback.print_exc()
def _dry_run(self):
'''
TODO
hanlde crash and timeout
'''
self.logger.info('dryrun')
for testcase in self.queue:
self.logger.info(testcase)
self.prepare_inp(testcase.read())
fault = self.client.exec_one(INFINITE)
if fault == FAULT_CRASH or fault == FAULT_ERROR:
self.logger.info('testcase cause crash')
return FUZZER_STOP
elif fault == FAULT_TMOUT:
self.logger.info('testcase cause timeout')
return FUZZER_STOP
if not self.running:
break
self.logger.info('dryrun finished')
self.logger.info('hitcount: %d' % self.client.get_hitcount())
def _fuzz_loop(self):
self.logger.info('fuzz loop')
self.nexecs = 0
self.starttime = time.monotonic()
while self.running:
testcase = random.choice(self.queue)
self.logger.info('mutating: %s' % testcase.fname)
orig_bytes = testcase.read()
for i in range(2000):
if not self.running:
break
buf = self.mutator.havoc(orig_bytes[:])
fault = self.fuzz_one(buf)
if fault == FAULT_TMOUT:
break
self.nexecs += 1
if (self.nexecs % 1000 == 0):
self.nexecs = 0
self.endtime = time.monotonic()
interval = self.endtime - self.starttime
self.starttime = self.endtime
print('exec/s: ', 1000 / interval)
self.logger.info('splice')
buf = self.mutator.splice(orig_bytes[:], self.queue)
self.prepare_inp(buf)
self.fuzz_one(buf)
self.sync()
def __init__(self, args, **options):
super().__init__(args, **options)
self.client = BreakpointClient(args, **options)
self.mutator = Mutator(self.client, **options)
class Server(FuzzServer):
def __init__(self, args, **options):
super().__init__(args, **options)
self.client = BreakpointClient(args, **options)
self.mutator = Mutator(self.client, **options)
def prepare_inp(self, buf):
try:
f = open(self.inp_path, 'wb')
f.write(buf)
f.close()
except:
pass
traceback.print_exc()
def _dry_run(self):
'''
TODO
hanlde crash and timeout
'''
self.logger.info('dryrun')
for testcase in self.queue:
self.logger.info(testcase)
self.prepare_inp(testcase.read())
fault = self.client.exec_one(INFINITE)
if fault == FAULT_CRASH:
self.logger.info('testcase cause crash')
return FUZZER_STOP
elif fault == FAULT_TMOUT:
self.logger.info('testcase cause timeout')
return FUZZER_STOP
if not self.running:
break
self.logger.info('dryrun finished')
self.logger.info('hitcount: %d' % self.client.get_hitcount())
def _fuzz_loop(self):
self.logger.info('fuzz loop')
self.nexecs = 0
self.starttime = time.monotonic()
while self.running:
testcase = random.choice(self.queue)
print (testcase)
t = testcase.read()
for i in range(500):
if not self.running:
break
buf = self.mutator.havoc(t, 0, 1024)[0]
self.prepare_inp(buf)
fault = self.client.exec_one(20000)
if fault == FAULT_NONE:
if self.client.has_new_cov():
self.logger.info('new path')
self.found_new_interesting_inp(buf)
self.logger.info('hitcount: %d' % self.client.get_hitcount())
elif fault == FAULT_TMOUT:
self.logger.info('new hang')
self.found_new_hang(buf)
break
elif fault == FAULT_CRASH:
self.logger.info('new crash')
self.found_new_crash(buf)
self.nexecs += 1
if (self.nexecs % 50 == 0):
self.nexecs = 0
self.endtime = time.monotonic()
interval = self.endtime-self.starttime
self.starttime = self.endtime
print ('exec/s: ', 50 / interval)
self.sync()