1*08b48e0bSAndroid Build Coastguard Worker /*
2*08b48e0bSAndroid Build Coastguard Worker american fuzzy lop++ - python extension routines
3*08b48e0bSAndroid Build Coastguard Worker ------------------------------------------------
4*08b48e0bSAndroid Build Coastguard Worker
5*08b48e0bSAndroid Build Coastguard Worker Originally written by Michal Zalewski
6*08b48e0bSAndroid Build Coastguard Worker
7*08b48e0bSAndroid Build Coastguard Worker Now maintained by Marc Heuse <mh@mh-sec.de>,
8*08b48e0bSAndroid Build Coastguard Worker Heiko Eißfeldt <heiko.eissfeldt@hexco.de> and
9*08b48e0bSAndroid Build Coastguard Worker Andrea Fioraldi <andreafioraldi@gmail.com>
10*08b48e0bSAndroid Build Coastguard Worker
11*08b48e0bSAndroid Build Coastguard Worker Copyright 2016, 2017 Google Inc. All rights reserved.
12*08b48e0bSAndroid Build Coastguard Worker Copyright 2019-2024 AFLplusplus Project. All rights reserved.
13*08b48e0bSAndroid Build Coastguard Worker
14*08b48e0bSAndroid Build Coastguard Worker Licensed under the Apache License, Version 2.0 (the "License");
15*08b48e0bSAndroid Build Coastguard Worker you may not use this file except in compliance with the License.
16*08b48e0bSAndroid Build Coastguard Worker You may obtain a copy of the License at:
17*08b48e0bSAndroid Build Coastguard Worker
18*08b48e0bSAndroid Build Coastguard Worker https://www.apache.org/licenses/LICENSE-2.0
19*08b48e0bSAndroid Build Coastguard Worker
20*08b48e0bSAndroid Build Coastguard Worker This is the real deal: the program takes an instrumented binary and
21*08b48e0bSAndroid Build Coastguard Worker attempts a variety of basic fuzzing tricks, paying close attention to
22*08b48e0bSAndroid Build Coastguard Worker how they affect the execution path.
23*08b48e0bSAndroid Build Coastguard Worker
24*08b48e0bSAndroid Build Coastguard Worker */
25*08b48e0bSAndroid Build Coastguard Worker
26*08b48e0bSAndroid Build Coastguard Worker #include "afl-fuzz.h"
27*08b48e0bSAndroid Build Coastguard Worker
28*08b48e0bSAndroid Build Coastguard Worker /* Python stuff */
29*08b48e0bSAndroid Build Coastguard Worker #ifdef USE_PYTHON
30*08b48e0bSAndroid Build Coastguard Worker
31*08b48e0bSAndroid Build Coastguard Worker // Tries to cast a python bytearray or bytes to a char ptr
py_bytes(PyObject * py_value,char ** bytes,size_t * size)32*08b48e0bSAndroid Build Coastguard Worker static inline bool py_bytes(PyObject *py_value, /* out */ char **bytes,
33*08b48e0bSAndroid Build Coastguard Worker /* out */ size_t *size) {
34*08b48e0bSAndroid Build Coastguard Worker
35*08b48e0bSAndroid Build Coastguard Worker if (!py_value) { return false; }
36*08b48e0bSAndroid Build Coastguard Worker
37*08b48e0bSAndroid Build Coastguard Worker *bytes = PyByteArray_AsString(py_value);
38*08b48e0bSAndroid Build Coastguard Worker if (*bytes) {
39*08b48e0bSAndroid Build Coastguard Worker
40*08b48e0bSAndroid Build Coastguard Worker // we got a bytearray
41*08b48e0bSAndroid Build Coastguard Worker *size = PyByteArray_Size(py_value);
42*08b48e0bSAndroid Build Coastguard Worker
43*08b48e0bSAndroid Build Coastguard Worker } else {
44*08b48e0bSAndroid Build Coastguard Worker
45*08b48e0bSAndroid Build Coastguard Worker *bytes = PyBytes_AsString(py_value);
46*08b48e0bSAndroid Build Coastguard Worker if (!*bytes) {
47*08b48e0bSAndroid Build Coastguard Worker
48*08b48e0bSAndroid Build Coastguard Worker // No valid type returned.
49*08b48e0bSAndroid Build Coastguard Worker return false;
50*08b48e0bSAndroid Build Coastguard Worker
51*08b48e0bSAndroid Build Coastguard Worker }
52*08b48e0bSAndroid Build Coastguard Worker
53*08b48e0bSAndroid Build Coastguard Worker *size = PyBytes_Size(py_value);
54*08b48e0bSAndroid Build Coastguard Worker
55*08b48e0bSAndroid Build Coastguard Worker }
56*08b48e0bSAndroid Build Coastguard Worker
57*08b48e0bSAndroid Build Coastguard Worker return true;
58*08b48e0bSAndroid Build Coastguard Worker
59*08b48e0bSAndroid Build Coastguard Worker }
60*08b48e0bSAndroid Build Coastguard Worker
unsupported(afl_state_t * afl,unsigned int seed)61*08b48e0bSAndroid Build Coastguard Worker static void *unsupported(afl_state_t *afl, unsigned int seed) {
62*08b48e0bSAndroid Build Coastguard Worker
63*08b48e0bSAndroid Build Coastguard Worker (void)afl;
64*08b48e0bSAndroid Build Coastguard Worker (void)seed;
65*08b48e0bSAndroid Build Coastguard Worker
66*08b48e0bSAndroid Build Coastguard Worker FATAL("Python Mutator cannot be called twice yet");
67*08b48e0bSAndroid Build Coastguard Worker return NULL;
68*08b48e0bSAndroid Build Coastguard Worker
69*08b48e0bSAndroid Build Coastguard Worker }
70*08b48e0bSAndroid Build Coastguard Worker
71*08b48e0bSAndroid Build Coastguard Worker /* sorry for this makro...
72*08b48e0bSAndroid Build Coastguard Worker it just fills in `&py_mutator->something_buf, &py_mutator->something_size`. */
73*08b48e0bSAndroid Build Coastguard Worker #define BUF_PARAMS(name) (void **)&((py_mutator_t *)py_mutator)->name##_buf
74*08b48e0bSAndroid Build Coastguard Worker
fuzz_py(void * py_mutator,u8 * buf,size_t buf_size,u8 ** out_buf,u8 * add_buf,size_t add_buf_size,size_t max_size)75*08b48e0bSAndroid Build Coastguard Worker static size_t fuzz_py(void *py_mutator, u8 *buf, size_t buf_size, u8 **out_buf,
76*08b48e0bSAndroid Build Coastguard Worker u8 *add_buf, size_t add_buf_size, size_t max_size) {
77*08b48e0bSAndroid Build Coastguard Worker
78*08b48e0bSAndroid Build Coastguard Worker size_t mutated_size;
79*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
80*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(3);
81*08b48e0bSAndroid Build Coastguard Worker py_mutator_t *py = (py_mutator_t *)py_mutator;
82*08b48e0bSAndroid Build Coastguard Worker
83*08b48e0bSAndroid Build Coastguard Worker /* buf */
84*08b48e0bSAndroid Build Coastguard Worker py_value = PyByteArray_FromStringAndSize(buf, buf_size);
85*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
86*08b48e0bSAndroid Build Coastguard Worker
87*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
88*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
89*08b48e0bSAndroid Build Coastguard Worker
90*08b48e0bSAndroid Build Coastguard Worker }
91*08b48e0bSAndroid Build Coastguard Worker
92*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
93*08b48e0bSAndroid Build Coastguard Worker
94*08b48e0bSAndroid Build Coastguard Worker /* add_buf */
95*08b48e0bSAndroid Build Coastguard Worker py_value = PyByteArray_FromStringAndSize(add_buf, add_buf_size);
96*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
97*08b48e0bSAndroid Build Coastguard Worker
98*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
99*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
100*08b48e0bSAndroid Build Coastguard Worker
101*08b48e0bSAndroid Build Coastguard Worker }
102*08b48e0bSAndroid Build Coastguard Worker
103*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 1, py_value);
104*08b48e0bSAndroid Build Coastguard Worker
105*08b48e0bSAndroid Build Coastguard Worker /* max_size */
106*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
107*08b48e0bSAndroid Build Coastguard Worker py_value = PyLong_FromLong(max_size);
108*08b48e0bSAndroid Build Coastguard Worker #else
109*08b48e0bSAndroid Build Coastguard Worker py_value = PyInt_FromLong(max_size);
110*08b48e0bSAndroid Build Coastguard Worker #endif
111*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
112*08b48e0bSAndroid Build Coastguard Worker
113*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
114*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
115*08b48e0bSAndroid Build Coastguard Worker
116*08b48e0bSAndroid Build Coastguard Worker }
117*08b48e0bSAndroid Build Coastguard Worker
118*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 2, py_value);
119*08b48e0bSAndroid Build Coastguard Worker
120*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(py->py_functions[PY_FUNC_FUZZ], py_args);
121*08b48e0bSAndroid Build Coastguard Worker
122*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
123*08b48e0bSAndroid Build Coastguard Worker
124*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
125*08b48e0bSAndroid Build Coastguard Worker
126*08b48e0bSAndroid Build Coastguard Worker char *bytes;
127*08b48e0bSAndroid Build Coastguard Worker if (!py_bytes(py_value, &bytes, &mutated_size)) {
128*08b48e0bSAndroid Build Coastguard Worker
129*08b48e0bSAndroid Build Coastguard Worker FATAL("Python mutator fuzz() should return a bytearray or bytes");
130*08b48e0bSAndroid Build Coastguard Worker
131*08b48e0bSAndroid Build Coastguard Worker }
132*08b48e0bSAndroid Build Coastguard Worker
133*08b48e0bSAndroid Build Coastguard Worker if (mutated_size) {
134*08b48e0bSAndroid Build Coastguard Worker
135*08b48e0bSAndroid Build Coastguard Worker *out_buf = afl_realloc(BUF_PARAMS(fuzz), mutated_size);
136*08b48e0bSAndroid Build Coastguard Worker if (unlikely(!*out_buf)) { PFATAL("alloc"); }
137*08b48e0bSAndroid Build Coastguard Worker
138*08b48e0bSAndroid Build Coastguard Worker memcpy(*out_buf, bytes, mutated_size);
139*08b48e0bSAndroid Build Coastguard Worker
140*08b48e0bSAndroid Build Coastguard Worker }
141*08b48e0bSAndroid Build Coastguard Worker
142*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
143*08b48e0bSAndroid Build Coastguard Worker return mutated_size;
144*08b48e0bSAndroid Build Coastguard Worker
145*08b48e0bSAndroid Build Coastguard Worker } else {
146*08b48e0bSAndroid Build Coastguard Worker
147*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
148*08b48e0bSAndroid Build Coastguard Worker FATAL("python custom fuzz: call failed");
149*08b48e0bSAndroid Build Coastguard Worker
150*08b48e0bSAndroid Build Coastguard Worker }
151*08b48e0bSAndroid Build Coastguard Worker
152*08b48e0bSAndroid Build Coastguard Worker }
153*08b48e0bSAndroid Build Coastguard Worker
custom_describe_py(void * py_mutator,size_t max_description_len)154*08b48e0bSAndroid Build Coastguard Worker static const char *custom_describe_py(void *py_mutator,
155*08b48e0bSAndroid Build Coastguard Worker size_t max_description_len) {
156*08b48e0bSAndroid Build Coastguard Worker
157*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
158*08b48e0bSAndroid Build Coastguard Worker
159*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(1);
160*08b48e0bSAndroid Build Coastguard Worker
161*08b48e0bSAndroid Build Coastguard Worker PyLong_FromSize_t(max_description_len);
162*08b48e0bSAndroid Build Coastguard Worker
163*08b48e0bSAndroid Build Coastguard Worker /* add_buf */
164*08b48e0bSAndroid Build Coastguard Worker py_value = PyLong_FromSize_t(max_description_len);
165*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
166*08b48e0bSAndroid Build Coastguard Worker
167*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
168*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
169*08b48e0bSAndroid Build Coastguard Worker
170*08b48e0bSAndroid Build Coastguard Worker }
171*08b48e0bSAndroid Build Coastguard Worker
172*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
173*08b48e0bSAndroid Build Coastguard Worker
174*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
175*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_DESCRIBE], py_args);
176*08b48e0bSAndroid Build Coastguard Worker
177*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
178*08b48e0bSAndroid Build Coastguard Worker
179*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) { return PyBytes_AsString(py_value); }
180*08b48e0bSAndroid Build Coastguard Worker
181*08b48e0bSAndroid Build Coastguard Worker return NULL;
182*08b48e0bSAndroid Build Coastguard Worker
183*08b48e0bSAndroid Build Coastguard Worker }
184*08b48e0bSAndroid Build Coastguard Worker
init_py_module(afl_state_t * afl,u8 * module_name)185*08b48e0bSAndroid Build Coastguard Worker static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) {
186*08b48e0bSAndroid Build Coastguard Worker
187*08b48e0bSAndroid Build Coastguard Worker (void)afl;
188*08b48e0bSAndroid Build Coastguard Worker
189*08b48e0bSAndroid Build Coastguard Worker if (!module_name) { return NULL; }
190*08b48e0bSAndroid Build Coastguard Worker
191*08b48e0bSAndroid Build Coastguard Worker py_mutator_t *py = calloc(1, sizeof(py_mutator_t));
192*08b48e0bSAndroid Build Coastguard Worker if (!py) { PFATAL("Could not allocate memory for python mutator!"); }
193*08b48e0bSAndroid Build Coastguard Worker
194*08b48e0bSAndroid Build Coastguard Worker Py_Initialize();
195*08b48e0bSAndroid Build Coastguard Worker
196*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
197*08b48e0bSAndroid Build Coastguard Worker PyObject *py_name = PyUnicode_FromString(module_name);
198*08b48e0bSAndroid Build Coastguard Worker #else
199*08b48e0bSAndroid Build Coastguard Worker PyObject *py_name = PyString_FromString(module_name);
200*08b48e0bSAndroid Build Coastguard Worker #endif
201*08b48e0bSAndroid Build Coastguard Worker
202*08b48e0bSAndroid Build Coastguard Worker py->py_module = PyImport_Import(py_name);
203*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_name);
204*08b48e0bSAndroid Build Coastguard Worker
205*08b48e0bSAndroid Build Coastguard Worker PyObject *py_module = py->py_module;
206*08b48e0bSAndroid Build Coastguard Worker PyObject **py_functions = py->py_functions;
207*08b48e0bSAndroid Build Coastguard Worker
208*08b48e0bSAndroid Build Coastguard Worker // initialize the post process buffer; ensures it's always valid
209*08b48e0bSAndroid Build Coastguard Worker PyObject *unused_bytes = PyByteArray_FromStringAndSize("OHAI", 4);
210*08b48e0bSAndroid Build Coastguard Worker if (!unused_bytes) { FATAL("allocation failed!"); }
211*08b48e0bSAndroid Build Coastguard Worker if (PyObject_GetBuffer(unused_bytes, &py->post_process_buf, PyBUF_SIMPLE) ==
212*08b48e0bSAndroid Build Coastguard Worker -1) {
213*08b48e0bSAndroid Build Coastguard Worker
214*08b48e0bSAndroid Build Coastguard Worker FATAL("buffer initialization failed");
215*08b48e0bSAndroid Build Coastguard Worker
216*08b48e0bSAndroid Build Coastguard Worker }
217*08b48e0bSAndroid Build Coastguard Worker
218*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(unused_bytes);
219*08b48e0bSAndroid Build Coastguard Worker
220*08b48e0bSAndroid Build Coastguard Worker if (py_module != NULL) {
221*08b48e0bSAndroid Build Coastguard Worker
222*08b48e0bSAndroid Build Coastguard Worker u8 py_notrim = 0;
223*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_INIT] = PyObject_GetAttrString(py_module, "init");
224*08b48e0bSAndroid Build Coastguard Worker if (!py_functions[PY_FUNC_INIT]) {
225*08b48e0bSAndroid Build Coastguard Worker
226*08b48e0bSAndroid Build Coastguard Worker WARNF("init function not found in python module");
227*08b48e0bSAndroid Build Coastguard Worker
228*08b48e0bSAndroid Build Coastguard Worker }
229*08b48e0bSAndroid Build Coastguard Worker
230*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_FUZZ] = PyObject_GetAttrString(py_module, "fuzz");
231*08b48e0bSAndroid Build Coastguard Worker if (!py_functions[PY_FUNC_FUZZ])
232*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_FUZZ] = PyObject_GetAttrString(py_module, "mutate");
233*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_DESCRIBE] =
234*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "describe");
235*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_FUZZ_COUNT] =
236*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "fuzz_count");
237*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_POST_PROCESS] =
238*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "post_process");
239*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_INIT_TRIM] =
240*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "init_trim");
241*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_POST_TRIM] =
242*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "post_trim");
243*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_TRIM] = PyObject_GetAttrString(py_module, "trim");
244*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_HAVOC_MUTATION] =
245*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "havoc_mutation");
246*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY] =
247*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "havoc_mutation_probability");
248*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_QUEUE_GET] =
249*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "queue_get");
250*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_FUZZ_SEND] =
251*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "fuzz_send");
252*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_POST_RUN] =
253*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "post_run");
254*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_SPLICE_OPTOUT] =
255*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "splice_optout");
256*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_SPLICE_OPTOUT]) { afl->custom_splice_optout = 1; }
257*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_QUEUE_NEW_ENTRY] =
258*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "queue_new_entry");
259*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_INTROSPECTION] =
260*08b48e0bSAndroid Build Coastguard Worker PyObject_GetAttrString(py_module, "introspection");
261*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_DEINIT] = PyObject_GetAttrString(py_module, "deinit");
262*08b48e0bSAndroid Build Coastguard Worker if (!py_functions[PY_FUNC_DEINIT])
263*08b48e0bSAndroid Build Coastguard Worker WARNF("deinit function not found in python module");
264*08b48e0bSAndroid Build Coastguard Worker
265*08b48e0bSAndroid Build Coastguard Worker if (py_notrim) {
266*08b48e0bSAndroid Build Coastguard Worker
267*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_INIT_TRIM] = NULL;
268*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_POST_TRIM] = NULL;
269*08b48e0bSAndroid Build Coastguard Worker py_functions[PY_FUNC_TRIM] = NULL;
270*08b48e0bSAndroid Build Coastguard Worker WARNF(
271*08b48e0bSAndroid Build Coastguard Worker "Python module does not implement trim API, standard trimming will "
272*08b48e0bSAndroid Build Coastguard Worker "be used.");
273*08b48e0bSAndroid Build Coastguard Worker
274*08b48e0bSAndroid Build Coastguard Worker }
275*08b48e0bSAndroid Build Coastguard Worker
276*08b48e0bSAndroid Build Coastguard Worker } else {
277*08b48e0bSAndroid Build Coastguard Worker
278*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
279*08b48e0bSAndroid Build Coastguard Worker fprintf(stderr, "Failed to load \"%s\"\n", module_name);
280*08b48e0bSAndroid Build Coastguard Worker free(py);
281*08b48e0bSAndroid Build Coastguard Worker return NULL;
282*08b48e0bSAndroid Build Coastguard Worker
283*08b48e0bSAndroid Build Coastguard Worker }
284*08b48e0bSAndroid Build Coastguard Worker
285*08b48e0bSAndroid Build Coastguard Worker return py;
286*08b48e0bSAndroid Build Coastguard Worker
287*08b48e0bSAndroid Build Coastguard Worker }
288*08b48e0bSAndroid Build Coastguard Worker
finalize_py_module(void * py_mutator)289*08b48e0bSAndroid Build Coastguard Worker void finalize_py_module(void *py_mutator) {
290*08b48e0bSAndroid Build Coastguard Worker
291*08b48e0bSAndroid Build Coastguard Worker py_mutator_t *py = (py_mutator_t *)py_mutator;
292*08b48e0bSAndroid Build Coastguard Worker
293*08b48e0bSAndroid Build Coastguard Worker if (py->py_module != NULL) {
294*08b48e0bSAndroid Build Coastguard Worker
295*08b48e0bSAndroid Build Coastguard Worker deinit_py(py_mutator);
296*08b48e0bSAndroid Build Coastguard Worker
297*08b48e0bSAndroid Build Coastguard Worker u32 i;
298*08b48e0bSAndroid Build Coastguard Worker for (i = 0; i < PY_FUNC_COUNT; ++i) {
299*08b48e0bSAndroid Build Coastguard Worker
300*08b48e0bSAndroid Build Coastguard Worker Py_XDECREF(py->py_functions[i]);
301*08b48e0bSAndroid Build Coastguard Worker
302*08b48e0bSAndroid Build Coastguard Worker }
303*08b48e0bSAndroid Build Coastguard Worker
304*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py->py_module);
305*08b48e0bSAndroid Build Coastguard Worker
306*08b48e0bSAndroid Build Coastguard Worker }
307*08b48e0bSAndroid Build Coastguard Worker
308*08b48e0bSAndroid Build Coastguard Worker Py_Finalize();
309*08b48e0bSAndroid Build Coastguard Worker
310*08b48e0bSAndroid Build Coastguard Worker }
311*08b48e0bSAndroid Build Coastguard Worker
init_py(afl_state_t * afl,py_mutator_t * py_mutator,unsigned int seed)312*08b48e0bSAndroid Build Coastguard Worker static void init_py(afl_state_t *afl, py_mutator_t *py_mutator,
313*08b48e0bSAndroid Build Coastguard Worker unsigned int seed) {
314*08b48e0bSAndroid Build Coastguard Worker
315*08b48e0bSAndroid Build Coastguard Worker (void)afl;
316*08b48e0bSAndroid Build Coastguard Worker
317*08b48e0bSAndroid Build Coastguard Worker if (py_mutator->py_functions[PY_FUNC_INIT] == NULL) { return; }
318*08b48e0bSAndroid Build Coastguard Worker
319*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
320*08b48e0bSAndroid Build Coastguard Worker
321*08b48e0bSAndroid Build Coastguard Worker /* Provide the init function a seed for the Python RNG */
322*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(1);
323*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
324*08b48e0bSAndroid Build Coastguard Worker py_value = PyLong_FromLong(seed);
325*08b48e0bSAndroid Build Coastguard Worker #else
326*08b48e0bSAndroid Build Coastguard Worker py_value = PyInt_FromLong(seed);
327*08b48e0bSAndroid Build Coastguard Worker #endif
328*08b48e0bSAndroid Build Coastguard Worker
329*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
330*08b48e0bSAndroid Build Coastguard Worker
331*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
332*08b48e0bSAndroid Build Coastguard Worker FATAL("Cannot convert argument in python init.");
333*08b48e0bSAndroid Build Coastguard Worker
334*08b48e0bSAndroid Build Coastguard Worker }
335*08b48e0bSAndroid Build Coastguard Worker
336*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
337*08b48e0bSAndroid Build Coastguard Worker
338*08b48e0bSAndroid Build Coastguard Worker py_value =
339*08b48e0bSAndroid Build Coastguard Worker PyObject_CallObject(py_mutator->py_functions[PY_FUNC_INIT], py_args);
340*08b48e0bSAndroid Build Coastguard Worker
341*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
342*08b48e0bSAndroid Build Coastguard Worker
343*08b48e0bSAndroid Build Coastguard Worker if (py_value == NULL) {
344*08b48e0bSAndroid Build Coastguard Worker
345*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
346*08b48e0bSAndroid Build Coastguard Worker fprintf(stderr, "Call failed\n");
347*08b48e0bSAndroid Build Coastguard Worker FATAL("Custom py mutator INIT failed.");
348*08b48e0bSAndroid Build Coastguard Worker
349*08b48e0bSAndroid Build Coastguard Worker }
350*08b48e0bSAndroid Build Coastguard Worker
351*08b48e0bSAndroid Build Coastguard Worker }
352*08b48e0bSAndroid Build Coastguard Worker
deinit_py(void * py_mutator)353*08b48e0bSAndroid Build Coastguard Worker void deinit_py(void *py_mutator) {
354*08b48e0bSAndroid Build Coastguard Worker
355*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
356*08b48e0bSAndroid Build Coastguard Worker
357*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(0);
358*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
359*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_DEINIT], py_args);
360*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
361*08b48e0bSAndroid Build Coastguard Worker
362*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
363*08b48e0bSAndroid Build Coastguard Worker
364*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
365*08b48e0bSAndroid Build Coastguard Worker
366*08b48e0bSAndroid Build Coastguard Worker } else {
367*08b48e0bSAndroid Build Coastguard Worker
368*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
369*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
370*08b48e0bSAndroid Build Coastguard Worker
371*08b48e0bSAndroid Build Coastguard Worker }
372*08b48e0bSAndroid Build Coastguard Worker
373*08b48e0bSAndroid Build Coastguard Worker }
374*08b48e0bSAndroid Build Coastguard Worker
splice_optout_py(void * py_mutator)375*08b48e0bSAndroid Build Coastguard Worker void splice_optout_py(void *py_mutator) {
376*08b48e0bSAndroid Build Coastguard Worker
377*08b48e0bSAndroid Build Coastguard Worker // this is never called
378*08b48e0bSAndroid Build Coastguard Worker (void)(py_mutator);
379*08b48e0bSAndroid Build Coastguard Worker
380*08b48e0bSAndroid Build Coastguard Worker }
381*08b48e0bSAndroid Build Coastguard Worker
load_custom_mutator_py(afl_state_t * afl,char * module_name)382*08b48e0bSAndroid Build Coastguard Worker struct custom_mutator *load_custom_mutator_py(afl_state_t *afl,
383*08b48e0bSAndroid Build Coastguard Worker char *module_name) {
384*08b48e0bSAndroid Build Coastguard Worker
385*08b48e0bSAndroid Build Coastguard Worker struct custom_mutator *mutator;
386*08b48e0bSAndroid Build Coastguard Worker
387*08b48e0bSAndroid Build Coastguard Worker mutator = ck_alloc(sizeof(struct custom_mutator));
388*08b48e0bSAndroid Build Coastguard Worker mutator->name = module_name;
389*08b48e0bSAndroid Build Coastguard Worker ACTF("Loading Python mutator library from '%s'...", module_name);
390*08b48e0bSAndroid Build Coastguard Worker
391*08b48e0bSAndroid Build Coastguard Worker if (memchr(module_name, '/', strlen(module_name))) {
392*08b48e0bSAndroid Build Coastguard Worker
393*08b48e0bSAndroid Build Coastguard Worker mutator->name_short = strdup(strrchr(module_name, '/') + 1);
394*08b48e0bSAndroid Build Coastguard Worker
395*08b48e0bSAndroid Build Coastguard Worker } else {
396*08b48e0bSAndroid Build Coastguard Worker
397*08b48e0bSAndroid Build Coastguard Worker mutator->name_short = strdup(module_name);
398*08b48e0bSAndroid Build Coastguard Worker
399*08b48e0bSAndroid Build Coastguard Worker }
400*08b48e0bSAndroid Build Coastguard Worker
401*08b48e0bSAndroid Build Coastguard Worker if (strlen(mutator->name_short) > 22) { mutator->name_short[21] = 0; }
402*08b48e0bSAndroid Build Coastguard Worker
403*08b48e0bSAndroid Build Coastguard Worker py_mutator_t *py_mutator;
404*08b48e0bSAndroid Build Coastguard Worker py_mutator = init_py_module(afl, module_name);
405*08b48e0bSAndroid Build Coastguard Worker mutator->data = py_mutator;
406*08b48e0bSAndroid Build Coastguard Worker if (!py_mutator) { FATAL("Failed to load python mutator."); }
407*08b48e0bSAndroid Build Coastguard Worker
408*08b48e0bSAndroid Build Coastguard Worker PyObject **py_functions = py_mutator->py_functions;
409*08b48e0bSAndroid Build Coastguard Worker
410*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_INIT]) { mutator->afl_custom_init = unsupported; }
411*08b48e0bSAndroid Build Coastguard Worker
412*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_DEINIT]) { mutator->afl_custom_deinit = deinit_py; }
413*08b48e0bSAndroid Build Coastguard Worker
414*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_FUZZ]) { mutator->afl_custom_fuzz = fuzz_py; }
415*08b48e0bSAndroid Build Coastguard Worker
416*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_DESCRIBE]) {
417*08b48e0bSAndroid Build Coastguard Worker
418*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_describe = custom_describe_py;
419*08b48e0bSAndroid Build Coastguard Worker
420*08b48e0bSAndroid Build Coastguard Worker }
421*08b48e0bSAndroid Build Coastguard Worker
422*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_POST_PROCESS]) {
423*08b48e0bSAndroid Build Coastguard Worker
424*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_post_process = post_process_py;
425*08b48e0bSAndroid Build Coastguard Worker
426*08b48e0bSAndroid Build Coastguard Worker }
427*08b48e0bSAndroid Build Coastguard Worker
428*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_INIT_TRIM]) {
429*08b48e0bSAndroid Build Coastguard Worker
430*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_init_trim = init_trim_py;
431*08b48e0bSAndroid Build Coastguard Worker
432*08b48e0bSAndroid Build Coastguard Worker }
433*08b48e0bSAndroid Build Coastguard Worker
434*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_FUZZ_COUNT]) {
435*08b48e0bSAndroid Build Coastguard Worker
436*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_fuzz_count = fuzz_count_py;
437*08b48e0bSAndroid Build Coastguard Worker
438*08b48e0bSAndroid Build Coastguard Worker }
439*08b48e0bSAndroid Build Coastguard Worker
440*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_POST_TRIM]) {
441*08b48e0bSAndroid Build Coastguard Worker
442*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_post_trim = post_trim_py;
443*08b48e0bSAndroid Build Coastguard Worker
444*08b48e0bSAndroid Build Coastguard Worker }
445*08b48e0bSAndroid Build Coastguard Worker
446*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_TRIM]) { mutator->afl_custom_trim = trim_py; }
447*08b48e0bSAndroid Build Coastguard Worker
448*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_HAVOC_MUTATION]) {
449*08b48e0bSAndroid Build Coastguard Worker
450*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_havoc_mutation = havoc_mutation_py;
451*08b48e0bSAndroid Build Coastguard Worker
452*08b48e0bSAndroid Build Coastguard Worker }
453*08b48e0bSAndroid Build Coastguard Worker
454*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY]) {
455*08b48e0bSAndroid Build Coastguard Worker
456*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_havoc_mutation_probability =
457*08b48e0bSAndroid Build Coastguard Worker havoc_mutation_probability_py;
458*08b48e0bSAndroid Build Coastguard Worker
459*08b48e0bSAndroid Build Coastguard Worker }
460*08b48e0bSAndroid Build Coastguard Worker
461*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_QUEUE_GET]) {
462*08b48e0bSAndroid Build Coastguard Worker
463*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_queue_get = queue_get_py;
464*08b48e0bSAndroid Build Coastguard Worker
465*08b48e0bSAndroid Build Coastguard Worker }
466*08b48e0bSAndroid Build Coastguard Worker
467*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_FUZZ_SEND]) {
468*08b48e0bSAndroid Build Coastguard Worker
469*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_fuzz_send = fuzz_send_py;
470*08b48e0bSAndroid Build Coastguard Worker
471*08b48e0bSAndroid Build Coastguard Worker }
472*08b48e0bSAndroid Build Coastguard Worker
473*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_POST_RUN]) {
474*08b48e0bSAndroid Build Coastguard Worker
475*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_post_run = post_run_py;
476*08b48e0bSAndroid Build Coastguard Worker
477*08b48e0bSAndroid Build Coastguard Worker }
478*08b48e0bSAndroid Build Coastguard Worker
479*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_SPLICE_OPTOUT]) {
480*08b48e0bSAndroid Build Coastguard Worker
481*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_splice_optout = splice_optout_py;
482*08b48e0bSAndroid Build Coastguard Worker afl->custom_splice_optout = 1;
483*08b48e0bSAndroid Build Coastguard Worker
484*08b48e0bSAndroid Build Coastguard Worker }
485*08b48e0bSAndroid Build Coastguard Worker
486*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_QUEUE_NEW_ENTRY]) {
487*08b48e0bSAndroid Build Coastguard Worker
488*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_queue_new_entry = queue_new_entry_py;
489*08b48e0bSAndroid Build Coastguard Worker
490*08b48e0bSAndroid Build Coastguard Worker }
491*08b48e0bSAndroid Build Coastguard Worker
492*08b48e0bSAndroid Build Coastguard Worker #ifdef INTROSPECTION
493*08b48e0bSAndroid Build Coastguard Worker if (py_functions[PY_FUNC_INTROSPECTION]) {
494*08b48e0bSAndroid Build Coastguard Worker
495*08b48e0bSAndroid Build Coastguard Worker mutator->afl_custom_introspection = introspection_py;
496*08b48e0bSAndroid Build Coastguard Worker
497*08b48e0bSAndroid Build Coastguard Worker }
498*08b48e0bSAndroid Build Coastguard Worker
499*08b48e0bSAndroid Build Coastguard Worker #endif
500*08b48e0bSAndroid Build Coastguard Worker
501*08b48e0bSAndroid Build Coastguard Worker OKF("Python mutator '%s' installed successfully.", module_name);
502*08b48e0bSAndroid Build Coastguard Worker
503*08b48e0bSAndroid Build Coastguard Worker /* Initialize the custom mutator */
504*08b48e0bSAndroid Build Coastguard Worker init_py(afl, py_mutator, rand_below(afl, 0xFFFFFFFF));
505*08b48e0bSAndroid Build Coastguard Worker
506*08b48e0bSAndroid Build Coastguard Worker mutator->stacked_custom = (mutator && mutator->afl_custom_havoc_mutation);
507*08b48e0bSAndroid Build Coastguard Worker mutator->stacked_custom_prob =
508*08b48e0bSAndroid Build Coastguard Worker 6; // like one of the default mutations in havoc
509*08b48e0bSAndroid Build Coastguard Worker
510*08b48e0bSAndroid Build Coastguard Worker return mutator;
511*08b48e0bSAndroid Build Coastguard Worker
512*08b48e0bSAndroid Build Coastguard Worker }
513*08b48e0bSAndroid Build Coastguard Worker
post_process_py(void * py_mutator,u8 * buf,size_t buf_size,u8 ** out_buf)514*08b48e0bSAndroid Build Coastguard Worker size_t post_process_py(void *py_mutator, u8 *buf, size_t buf_size,
515*08b48e0bSAndroid Build Coastguard Worker u8 **out_buf) {
516*08b48e0bSAndroid Build Coastguard Worker
517*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
518*08b48e0bSAndroid Build Coastguard Worker py_mutator_t *py = (py_mutator_t *)py_mutator;
519*08b48e0bSAndroid Build Coastguard Worker
520*08b48e0bSAndroid Build Coastguard Worker // buffer returned previously must be released; initialized during init
521*08b48e0bSAndroid Build Coastguard Worker // so we don't need to do comparisons
522*08b48e0bSAndroid Build Coastguard Worker PyBuffer_Release(&py->post_process_buf);
523*08b48e0bSAndroid Build Coastguard Worker
524*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(1);
525*08b48e0bSAndroid Build Coastguard Worker py_value = PyByteArray_FromStringAndSize(buf, buf_size);
526*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
527*08b48e0bSAndroid Build Coastguard Worker
528*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
529*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments in custom post_process");
530*08b48e0bSAndroid Build Coastguard Worker
531*08b48e0bSAndroid Build Coastguard Worker }
532*08b48e0bSAndroid Build Coastguard Worker
533*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
534*08b48e0bSAndroid Build Coastguard Worker
535*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
536*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_POST_PROCESS],
537*08b48e0bSAndroid Build Coastguard Worker py_args);
538*08b48e0bSAndroid Build Coastguard Worker
539*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
540*08b48e0bSAndroid Build Coastguard Worker
541*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
542*08b48e0bSAndroid Build Coastguard Worker
543*08b48e0bSAndroid Build Coastguard Worker if (PyObject_GetBuffer(py_value, &py->post_process_buf, PyBUF_SIMPLE) ==
544*08b48e0bSAndroid Build Coastguard Worker -1) {
545*08b48e0bSAndroid Build Coastguard Worker
546*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
547*08b48e0bSAndroid Build Coastguard Worker FATAL(
548*08b48e0bSAndroid Build Coastguard Worker "Python custom mutator: post_process call return value not a "
549*08b48e0bSAndroid Build Coastguard Worker "bytes-like object");
550*08b48e0bSAndroid Build Coastguard Worker
551*08b48e0bSAndroid Build Coastguard Worker }
552*08b48e0bSAndroid Build Coastguard Worker
553*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
554*08b48e0bSAndroid Build Coastguard Worker
555*08b48e0bSAndroid Build Coastguard Worker if (unlikely(py->post_process_buf.len == 0)) {
556*08b48e0bSAndroid Build Coastguard Worker
557*08b48e0bSAndroid Build Coastguard Worker *out_buf = NULL;
558*08b48e0bSAndroid Build Coastguard Worker
559*08b48e0bSAndroid Build Coastguard Worker } else {
560*08b48e0bSAndroid Build Coastguard Worker
561*08b48e0bSAndroid Build Coastguard Worker *out_buf = (u8 *)py->post_process_buf.buf;
562*08b48e0bSAndroid Build Coastguard Worker
563*08b48e0bSAndroid Build Coastguard Worker }
564*08b48e0bSAndroid Build Coastguard Worker
565*08b48e0bSAndroid Build Coastguard Worker return py->post_process_buf.len;
566*08b48e0bSAndroid Build Coastguard Worker
567*08b48e0bSAndroid Build Coastguard Worker } else {
568*08b48e0bSAndroid Build Coastguard Worker
569*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
570*08b48e0bSAndroid Build Coastguard Worker FATAL("Python custom mutator: post_process call failed.");
571*08b48e0bSAndroid Build Coastguard Worker
572*08b48e0bSAndroid Build Coastguard Worker }
573*08b48e0bSAndroid Build Coastguard Worker
574*08b48e0bSAndroid Build Coastguard Worker }
575*08b48e0bSAndroid Build Coastguard Worker
init_trim_py(void * py_mutator,u8 * buf,size_t buf_size)576*08b48e0bSAndroid Build Coastguard Worker s32 init_trim_py(void *py_mutator, u8 *buf, size_t buf_size) {
577*08b48e0bSAndroid Build Coastguard Worker
578*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
579*08b48e0bSAndroid Build Coastguard Worker
580*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(1);
581*08b48e0bSAndroid Build Coastguard Worker py_value = PyByteArray_FromStringAndSize(buf, buf_size);
582*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
583*08b48e0bSAndroid Build Coastguard Worker
584*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
585*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
586*08b48e0bSAndroid Build Coastguard Worker
587*08b48e0bSAndroid Build Coastguard Worker }
588*08b48e0bSAndroid Build Coastguard Worker
589*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
590*08b48e0bSAndroid Build Coastguard Worker
591*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
592*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_INIT_TRIM], py_args);
593*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
594*08b48e0bSAndroid Build Coastguard Worker
595*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
596*08b48e0bSAndroid Build Coastguard Worker
597*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
598*08b48e0bSAndroid Build Coastguard Worker u32 retcnt = (u32)PyLong_AsLong(py_value);
599*08b48e0bSAndroid Build Coastguard Worker #else
600*08b48e0bSAndroid Build Coastguard Worker u32 retcnt = PyInt_AsLong(py_value);
601*08b48e0bSAndroid Build Coastguard Worker #endif
602*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
603*08b48e0bSAndroid Build Coastguard Worker return retcnt;
604*08b48e0bSAndroid Build Coastguard Worker
605*08b48e0bSAndroid Build Coastguard Worker } else {
606*08b48e0bSAndroid Build Coastguard Worker
607*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
608*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
609*08b48e0bSAndroid Build Coastguard Worker
610*08b48e0bSAndroid Build Coastguard Worker }
611*08b48e0bSAndroid Build Coastguard Worker
612*08b48e0bSAndroid Build Coastguard Worker }
613*08b48e0bSAndroid Build Coastguard Worker
fuzz_count_py(void * py_mutator,const u8 * buf,size_t buf_size)614*08b48e0bSAndroid Build Coastguard Worker u32 fuzz_count_py(void *py_mutator, const u8 *buf, size_t buf_size) {
615*08b48e0bSAndroid Build Coastguard Worker
616*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
617*08b48e0bSAndroid Build Coastguard Worker
618*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(1);
619*08b48e0bSAndroid Build Coastguard Worker py_value = PyByteArray_FromStringAndSize(buf, buf_size);
620*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
621*08b48e0bSAndroid Build Coastguard Worker
622*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
623*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
624*08b48e0bSAndroid Build Coastguard Worker
625*08b48e0bSAndroid Build Coastguard Worker }
626*08b48e0bSAndroid Build Coastguard Worker
627*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
628*08b48e0bSAndroid Build Coastguard Worker
629*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
630*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_FUZZ_COUNT], py_args);
631*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
632*08b48e0bSAndroid Build Coastguard Worker
633*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
634*08b48e0bSAndroid Build Coastguard Worker
635*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
636*08b48e0bSAndroid Build Coastguard Worker u32 retcnt = (u32)PyLong_AsLong(py_value);
637*08b48e0bSAndroid Build Coastguard Worker #else
638*08b48e0bSAndroid Build Coastguard Worker u32 retcnt = PyInt_AsLong(py_value);
639*08b48e0bSAndroid Build Coastguard Worker #endif
640*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
641*08b48e0bSAndroid Build Coastguard Worker return retcnt;
642*08b48e0bSAndroid Build Coastguard Worker
643*08b48e0bSAndroid Build Coastguard Worker } else {
644*08b48e0bSAndroid Build Coastguard Worker
645*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
646*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
647*08b48e0bSAndroid Build Coastguard Worker
648*08b48e0bSAndroid Build Coastguard Worker }
649*08b48e0bSAndroid Build Coastguard Worker
650*08b48e0bSAndroid Build Coastguard Worker }
651*08b48e0bSAndroid Build Coastguard Worker
post_trim_py(void * py_mutator,u8 success)652*08b48e0bSAndroid Build Coastguard Worker s32 post_trim_py(void *py_mutator, u8 success) {
653*08b48e0bSAndroid Build Coastguard Worker
654*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
655*08b48e0bSAndroid Build Coastguard Worker
656*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(1);
657*08b48e0bSAndroid Build Coastguard Worker
658*08b48e0bSAndroid Build Coastguard Worker py_value = PyBool_FromLong(success);
659*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
660*08b48e0bSAndroid Build Coastguard Worker
661*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
662*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
663*08b48e0bSAndroid Build Coastguard Worker
664*08b48e0bSAndroid Build Coastguard Worker }
665*08b48e0bSAndroid Build Coastguard Worker
666*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
667*08b48e0bSAndroid Build Coastguard Worker
668*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
669*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_POST_TRIM], py_args);
670*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
671*08b48e0bSAndroid Build Coastguard Worker
672*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
673*08b48e0bSAndroid Build Coastguard Worker
674*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
675*08b48e0bSAndroid Build Coastguard Worker u32 retcnt = (u32)PyLong_AsLong(py_value);
676*08b48e0bSAndroid Build Coastguard Worker #else
677*08b48e0bSAndroid Build Coastguard Worker u32 retcnt = PyInt_AsLong(py_value);
678*08b48e0bSAndroid Build Coastguard Worker #endif
679*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
680*08b48e0bSAndroid Build Coastguard Worker return retcnt;
681*08b48e0bSAndroid Build Coastguard Worker
682*08b48e0bSAndroid Build Coastguard Worker } else {
683*08b48e0bSAndroid Build Coastguard Worker
684*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
685*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
686*08b48e0bSAndroid Build Coastguard Worker
687*08b48e0bSAndroid Build Coastguard Worker }
688*08b48e0bSAndroid Build Coastguard Worker
689*08b48e0bSAndroid Build Coastguard Worker }
690*08b48e0bSAndroid Build Coastguard Worker
trim_py(void * py_mutator,u8 ** out_buf)691*08b48e0bSAndroid Build Coastguard Worker size_t trim_py(void *py_mutator, u8 **out_buf) {
692*08b48e0bSAndroid Build Coastguard Worker
693*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
694*08b48e0bSAndroid Build Coastguard Worker size_t trimmed_size;
695*08b48e0bSAndroid Build Coastguard Worker
696*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(0);
697*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
698*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_TRIM], py_args);
699*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
700*08b48e0bSAndroid Build Coastguard Worker
701*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
702*08b48e0bSAndroid Build Coastguard Worker
703*08b48e0bSAndroid Build Coastguard Worker char *bytes;
704*08b48e0bSAndroid Build Coastguard Worker if (!py_bytes(py_value, &bytes, &trimmed_size)) {
705*08b48e0bSAndroid Build Coastguard Worker
706*08b48e0bSAndroid Build Coastguard Worker FATAL("Python mutator fuzz() should return a bytearray");
707*08b48e0bSAndroid Build Coastguard Worker
708*08b48e0bSAndroid Build Coastguard Worker }
709*08b48e0bSAndroid Build Coastguard Worker
710*08b48e0bSAndroid Build Coastguard Worker if (trimmed_size) {
711*08b48e0bSAndroid Build Coastguard Worker
712*08b48e0bSAndroid Build Coastguard Worker *out_buf = afl_realloc(BUF_PARAMS(trim), trimmed_size);
713*08b48e0bSAndroid Build Coastguard Worker if (unlikely(!*out_buf)) { PFATAL("alloc"); }
714*08b48e0bSAndroid Build Coastguard Worker memcpy(*out_buf, bytes, trimmed_size);
715*08b48e0bSAndroid Build Coastguard Worker
716*08b48e0bSAndroid Build Coastguard Worker }
717*08b48e0bSAndroid Build Coastguard Worker
718*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
719*08b48e0bSAndroid Build Coastguard Worker
720*08b48e0bSAndroid Build Coastguard Worker } else {
721*08b48e0bSAndroid Build Coastguard Worker
722*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
723*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
724*08b48e0bSAndroid Build Coastguard Worker
725*08b48e0bSAndroid Build Coastguard Worker }
726*08b48e0bSAndroid Build Coastguard Worker
727*08b48e0bSAndroid Build Coastguard Worker return trimmed_size;
728*08b48e0bSAndroid Build Coastguard Worker
729*08b48e0bSAndroid Build Coastguard Worker }
730*08b48e0bSAndroid Build Coastguard Worker
havoc_mutation_py(void * py_mutator,u8 * buf,size_t buf_size,u8 ** out_buf,size_t max_size)731*08b48e0bSAndroid Build Coastguard Worker size_t havoc_mutation_py(void *py_mutator, u8 *buf, size_t buf_size,
732*08b48e0bSAndroid Build Coastguard Worker u8 **out_buf, size_t max_size) {
733*08b48e0bSAndroid Build Coastguard Worker
734*08b48e0bSAndroid Build Coastguard Worker size_t mutated_size;
735*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
736*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(2);
737*08b48e0bSAndroid Build Coastguard Worker
738*08b48e0bSAndroid Build Coastguard Worker /* buf */
739*08b48e0bSAndroid Build Coastguard Worker py_value = PyByteArray_FromStringAndSize(buf, buf_size);
740*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
741*08b48e0bSAndroid Build Coastguard Worker
742*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
743*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
744*08b48e0bSAndroid Build Coastguard Worker
745*08b48e0bSAndroid Build Coastguard Worker }
746*08b48e0bSAndroid Build Coastguard Worker
747*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
748*08b48e0bSAndroid Build Coastguard Worker
749*08b48e0bSAndroid Build Coastguard Worker /* max_size */
750*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
751*08b48e0bSAndroid Build Coastguard Worker py_value = PyLong_FromLong(max_size);
752*08b48e0bSAndroid Build Coastguard Worker #else
753*08b48e0bSAndroid Build Coastguard Worker py_value = PyInt_FromLong(max_size);
754*08b48e0bSAndroid Build Coastguard Worker #endif
755*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
756*08b48e0bSAndroid Build Coastguard Worker
757*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
758*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
759*08b48e0bSAndroid Build Coastguard Worker
760*08b48e0bSAndroid Build Coastguard Worker }
761*08b48e0bSAndroid Build Coastguard Worker
762*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 1, py_value);
763*08b48e0bSAndroid Build Coastguard Worker
764*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
765*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_HAVOC_MUTATION],
766*08b48e0bSAndroid Build Coastguard Worker py_args);
767*08b48e0bSAndroid Build Coastguard Worker
768*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
769*08b48e0bSAndroid Build Coastguard Worker
770*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
771*08b48e0bSAndroid Build Coastguard Worker
772*08b48e0bSAndroid Build Coastguard Worker char *bytes;
773*08b48e0bSAndroid Build Coastguard Worker if (!py_bytes(py_value, &bytes, &mutated_size)) {
774*08b48e0bSAndroid Build Coastguard Worker
775*08b48e0bSAndroid Build Coastguard Worker FATAL("Python mutator fuzz() should return a bytearray");
776*08b48e0bSAndroid Build Coastguard Worker
777*08b48e0bSAndroid Build Coastguard Worker }
778*08b48e0bSAndroid Build Coastguard Worker
779*08b48e0bSAndroid Build Coastguard Worker if (mutated_size <= buf_size) {
780*08b48e0bSAndroid Build Coastguard Worker
781*08b48e0bSAndroid Build Coastguard Worker /* We reuse the input buf here. */
782*08b48e0bSAndroid Build Coastguard Worker *out_buf = buf;
783*08b48e0bSAndroid Build Coastguard Worker
784*08b48e0bSAndroid Build Coastguard Worker } else {
785*08b48e0bSAndroid Build Coastguard Worker
786*08b48e0bSAndroid Build Coastguard Worker /* A new buf is needed... */
787*08b48e0bSAndroid Build Coastguard Worker *out_buf = afl_realloc(BUF_PARAMS(havoc), mutated_size);
788*08b48e0bSAndroid Build Coastguard Worker if (unlikely(!*out_buf)) { PFATAL("alloc"); }
789*08b48e0bSAndroid Build Coastguard Worker
790*08b48e0bSAndroid Build Coastguard Worker }
791*08b48e0bSAndroid Build Coastguard Worker
792*08b48e0bSAndroid Build Coastguard Worker if (mutated_size) { memcpy(*out_buf, bytes, mutated_size); }
793*08b48e0bSAndroid Build Coastguard Worker
794*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
795*08b48e0bSAndroid Build Coastguard Worker return mutated_size;
796*08b48e0bSAndroid Build Coastguard Worker
797*08b48e0bSAndroid Build Coastguard Worker } else {
798*08b48e0bSAndroid Build Coastguard Worker
799*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
800*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
801*08b48e0bSAndroid Build Coastguard Worker
802*08b48e0bSAndroid Build Coastguard Worker }
803*08b48e0bSAndroid Build Coastguard Worker
804*08b48e0bSAndroid Build Coastguard Worker }
805*08b48e0bSAndroid Build Coastguard Worker
havoc_mutation_probability_py(void * py_mutator)806*08b48e0bSAndroid Build Coastguard Worker u8 havoc_mutation_probability_py(void *py_mutator) {
807*08b48e0bSAndroid Build Coastguard Worker
808*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
809*08b48e0bSAndroid Build Coastguard Worker
810*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(0);
811*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
812*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)
813*08b48e0bSAndroid Build Coastguard Worker ->py_functions[PY_FUNC_HAVOC_MUTATION_PROBABILITY],
814*08b48e0bSAndroid Build Coastguard Worker py_args);
815*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
816*08b48e0bSAndroid Build Coastguard Worker
817*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
818*08b48e0bSAndroid Build Coastguard Worker
819*08b48e0bSAndroid Build Coastguard Worker long prob = PyLong_AsLong(py_value);
820*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
821*08b48e0bSAndroid Build Coastguard Worker return (u8)prob;
822*08b48e0bSAndroid Build Coastguard Worker
823*08b48e0bSAndroid Build Coastguard Worker } else {
824*08b48e0bSAndroid Build Coastguard Worker
825*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
826*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
827*08b48e0bSAndroid Build Coastguard Worker
828*08b48e0bSAndroid Build Coastguard Worker }
829*08b48e0bSAndroid Build Coastguard Worker
830*08b48e0bSAndroid Build Coastguard Worker }
831*08b48e0bSAndroid Build Coastguard Worker
introspection_py(void * py_mutator)832*08b48e0bSAndroid Build Coastguard Worker const char *introspection_py(void *py_mutator) {
833*08b48e0bSAndroid Build Coastguard Worker
834*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
835*08b48e0bSAndroid Build Coastguard Worker
836*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(0);
837*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
838*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_INTROSPECTION],
839*08b48e0bSAndroid Build Coastguard Worker py_args);
840*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
841*08b48e0bSAndroid Build Coastguard Worker
842*08b48e0bSAndroid Build Coastguard Worker if (py_value == NULL) {
843*08b48e0bSAndroid Build Coastguard Worker
844*08b48e0bSAndroid Build Coastguard Worker return NULL;
845*08b48e0bSAndroid Build Coastguard Worker
846*08b48e0bSAndroid Build Coastguard Worker } else {
847*08b48e0bSAndroid Build Coastguard Worker
848*08b48e0bSAndroid Build Coastguard Worker char *ret;
849*08b48e0bSAndroid Build Coastguard Worker size_t len;
850*08b48e0bSAndroid Build Coastguard Worker if (!py_bytes(py_value, &ret, &len)) {
851*08b48e0bSAndroid Build Coastguard Worker
852*08b48e0bSAndroid Build Coastguard Worker FATAL(
853*08b48e0bSAndroid Build Coastguard Worker "Python mutator introspection call returned illegal type (expected "
854*08b48e0bSAndroid Build Coastguard Worker "bytes or bytearray)");
855*08b48e0bSAndroid Build Coastguard Worker
856*08b48e0bSAndroid Build Coastguard Worker }
857*08b48e0bSAndroid Build Coastguard Worker
858*08b48e0bSAndroid Build Coastguard Worker return ret;
859*08b48e0bSAndroid Build Coastguard Worker
860*08b48e0bSAndroid Build Coastguard Worker }
861*08b48e0bSAndroid Build Coastguard Worker
862*08b48e0bSAndroid Build Coastguard Worker }
863*08b48e0bSAndroid Build Coastguard Worker
queue_get_py(void * py_mutator,const u8 * filename)864*08b48e0bSAndroid Build Coastguard Worker u8 queue_get_py(void *py_mutator, const u8 *filename) {
865*08b48e0bSAndroid Build Coastguard Worker
866*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
867*08b48e0bSAndroid Build Coastguard Worker
868*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(1);
869*08b48e0bSAndroid Build Coastguard Worker
870*08b48e0bSAndroid Build Coastguard Worker // File name
871*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
872*08b48e0bSAndroid Build Coastguard Worker py_value = PyUnicode_FromString(filename);
873*08b48e0bSAndroid Build Coastguard Worker #else
874*08b48e0bSAndroid Build Coastguard Worker py_value = PyString_FromString(filename);
875*08b48e0bSAndroid Build Coastguard Worker #endif
876*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
877*08b48e0bSAndroid Build Coastguard Worker
878*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
879*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
880*08b48e0bSAndroid Build Coastguard Worker
881*08b48e0bSAndroid Build Coastguard Worker }
882*08b48e0bSAndroid Build Coastguard Worker
883*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
884*08b48e0bSAndroid Build Coastguard Worker
885*08b48e0bSAndroid Build Coastguard Worker // Call Python function
886*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
887*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_QUEUE_GET], py_args);
888*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
889*08b48e0bSAndroid Build Coastguard Worker
890*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
891*08b48e0bSAndroid Build Coastguard Worker
892*08b48e0bSAndroid Build Coastguard Worker int ret = PyObject_IsTrue(py_value);
893*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
894*08b48e0bSAndroid Build Coastguard Worker
895*08b48e0bSAndroid Build Coastguard Worker if (ret == -1) {
896*08b48e0bSAndroid Build Coastguard Worker
897*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
898*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert return value");
899*08b48e0bSAndroid Build Coastguard Worker
900*08b48e0bSAndroid Build Coastguard Worker }
901*08b48e0bSAndroid Build Coastguard Worker
902*08b48e0bSAndroid Build Coastguard Worker return (u8)ret & 0xFF;
903*08b48e0bSAndroid Build Coastguard Worker
904*08b48e0bSAndroid Build Coastguard Worker } else {
905*08b48e0bSAndroid Build Coastguard Worker
906*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
907*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
908*08b48e0bSAndroid Build Coastguard Worker
909*08b48e0bSAndroid Build Coastguard Worker }
910*08b48e0bSAndroid Build Coastguard Worker
911*08b48e0bSAndroid Build Coastguard Worker }
912*08b48e0bSAndroid Build Coastguard Worker
fuzz_send_py(void * py_mutator,const u8 * buf,size_t buf_size)913*08b48e0bSAndroid Build Coastguard Worker void fuzz_send_py(void *py_mutator, const u8 *buf, size_t buf_size) {
914*08b48e0bSAndroid Build Coastguard Worker
915*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
916*08b48e0bSAndroid Build Coastguard Worker
917*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(1);
918*08b48e0bSAndroid Build Coastguard Worker py_value = PyByteArray_FromStringAndSize(buf, buf_size);
919*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
920*08b48e0bSAndroid Build Coastguard Worker
921*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
922*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
923*08b48e0bSAndroid Build Coastguard Worker
924*08b48e0bSAndroid Build Coastguard Worker }
925*08b48e0bSAndroid Build Coastguard Worker
926*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
927*08b48e0bSAndroid Build Coastguard Worker
928*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
929*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_FUZZ_SEND], py_args);
930*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
931*08b48e0bSAndroid Build Coastguard Worker
932*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) { Py_DECREF(py_value); }
933*08b48e0bSAndroid Build Coastguard Worker
934*08b48e0bSAndroid Build Coastguard Worker }
935*08b48e0bSAndroid Build Coastguard Worker
post_run_py(void * py_mutator)936*08b48e0bSAndroid Build Coastguard Worker void post_run_py(void *py_mutator) {
937*08b48e0bSAndroid Build Coastguard Worker
938*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
939*08b48e0bSAndroid Build Coastguard Worker
940*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(0);
941*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
942*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_POST_RUN], py_args);
943*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
944*08b48e0bSAndroid Build Coastguard Worker
945*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
946*08b48e0bSAndroid Build Coastguard Worker
947*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
948*08b48e0bSAndroid Build Coastguard Worker
949*08b48e0bSAndroid Build Coastguard Worker } else {
950*08b48e0bSAndroid Build Coastguard Worker
951*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
952*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
953*08b48e0bSAndroid Build Coastguard Worker
954*08b48e0bSAndroid Build Coastguard Worker }
955*08b48e0bSAndroid Build Coastguard Worker
956*08b48e0bSAndroid Build Coastguard Worker }
957*08b48e0bSAndroid Build Coastguard Worker
queue_new_entry_py(void * py_mutator,const u8 * filename_new_queue,const u8 * filename_orig_queue)958*08b48e0bSAndroid Build Coastguard Worker u8 queue_new_entry_py(void *py_mutator, const u8 *filename_new_queue,
959*08b48e0bSAndroid Build Coastguard Worker const u8 *filename_orig_queue) {
960*08b48e0bSAndroid Build Coastguard Worker
961*08b48e0bSAndroid Build Coastguard Worker PyObject *py_args, *py_value;
962*08b48e0bSAndroid Build Coastguard Worker
963*08b48e0bSAndroid Build Coastguard Worker py_args = PyTuple_New(2);
964*08b48e0bSAndroid Build Coastguard Worker
965*08b48e0bSAndroid Build Coastguard Worker // New queue
966*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
967*08b48e0bSAndroid Build Coastguard Worker py_value = PyUnicode_FromString(filename_new_queue);
968*08b48e0bSAndroid Build Coastguard Worker #else
969*08b48e0bSAndroid Build Coastguard Worker py_value = PyString_FromString(filename_new_queue);
970*08b48e0bSAndroid Build Coastguard Worker #endif
971*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
972*08b48e0bSAndroid Build Coastguard Worker
973*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
974*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
975*08b48e0bSAndroid Build Coastguard Worker
976*08b48e0bSAndroid Build Coastguard Worker }
977*08b48e0bSAndroid Build Coastguard Worker
978*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 0, py_value);
979*08b48e0bSAndroid Build Coastguard Worker
980*08b48e0bSAndroid Build Coastguard Worker // Orig queue
981*08b48e0bSAndroid Build Coastguard Worker py_value = Py_None;
982*08b48e0bSAndroid Build Coastguard Worker if (filename_orig_queue) {
983*08b48e0bSAndroid Build Coastguard Worker
984*08b48e0bSAndroid Build Coastguard Worker #if PY_MAJOR_VERSION >= 3
985*08b48e0bSAndroid Build Coastguard Worker py_value = PyUnicode_FromString(filename_orig_queue);
986*08b48e0bSAndroid Build Coastguard Worker #else
987*08b48e0bSAndroid Build Coastguard Worker py_value = PyString_FromString(filename_orig_queue);
988*08b48e0bSAndroid Build Coastguard Worker #endif
989*08b48e0bSAndroid Build Coastguard Worker if (!py_value) {
990*08b48e0bSAndroid Build Coastguard Worker
991*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
992*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert arguments");
993*08b48e0bSAndroid Build Coastguard Worker
994*08b48e0bSAndroid Build Coastguard Worker }
995*08b48e0bSAndroid Build Coastguard Worker
996*08b48e0bSAndroid Build Coastguard Worker }
997*08b48e0bSAndroid Build Coastguard Worker
998*08b48e0bSAndroid Build Coastguard Worker PyTuple_SetItem(py_args, 1, py_value);
999*08b48e0bSAndroid Build Coastguard Worker
1000*08b48e0bSAndroid Build Coastguard Worker // Call
1001*08b48e0bSAndroid Build Coastguard Worker py_value = PyObject_CallObject(
1002*08b48e0bSAndroid Build Coastguard Worker ((py_mutator_t *)py_mutator)->py_functions[PY_FUNC_QUEUE_NEW_ENTRY],
1003*08b48e0bSAndroid Build Coastguard Worker py_args);
1004*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_args);
1005*08b48e0bSAndroid Build Coastguard Worker
1006*08b48e0bSAndroid Build Coastguard Worker if (py_value != NULL) {
1007*08b48e0bSAndroid Build Coastguard Worker
1008*08b48e0bSAndroid Build Coastguard Worker int ret = PyObject_IsTrue(py_value);
1009*08b48e0bSAndroid Build Coastguard Worker Py_DECREF(py_value);
1010*08b48e0bSAndroid Build Coastguard Worker
1011*08b48e0bSAndroid Build Coastguard Worker if (ret == -1) {
1012*08b48e0bSAndroid Build Coastguard Worker
1013*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
1014*08b48e0bSAndroid Build Coastguard Worker FATAL("Failed to convert return value");
1015*08b48e0bSAndroid Build Coastguard Worker
1016*08b48e0bSAndroid Build Coastguard Worker }
1017*08b48e0bSAndroid Build Coastguard Worker
1018*08b48e0bSAndroid Build Coastguard Worker return (u8)ret & 0xFF;
1019*08b48e0bSAndroid Build Coastguard Worker
1020*08b48e0bSAndroid Build Coastguard Worker } else {
1021*08b48e0bSAndroid Build Coastguard Worker
1022*08b48e0bSAndroid Build Coastguard Worker PyErr_Print();
1023*08b48e0bSAndroid Build Coastguard Worker FATAL("Call failed");
1024*08b48e0bSAndroid Build Coastguard Worker
1025*08b48e0bSAndroid Build Coastguard Worker }
1026*08b48e0bSAndroid Build Coastguard Worker
1027*08b48e0bSAndroid Build Coastguard Worker }
1028*08b48e0bSAndroid Build Coastguard Worker
1029*08b48e0bSAndroid Build Coastguard Worker #undef BUF_PARAMS
1030*08b48e0bSAndroid Build Coastguard Worker
1031*08b48e0bSAndroid Build Coastguard Worker #endif /* USE_PYTHON */
1032*08b48e0bSAndroid Build Coastguard Worker
1033