utils/custom_mutators/simple-chunk-replace.py - platform/external/AFLplusplus - Git at Google

 #!/usr/bin/env python
 # encoding: utf-8
 """
 Simple Chunk Cross-Over Replacement Module for AFLFuzz

 @author:     Christian Holler (:decoder)

 @license:

 This Source Code Form is subject to the terms of the Mozilla Public
 License, v. 2.0. If a copy of the MPL was not distributed with this
 file, You can obtain one at http://mozilla.org/MPL/2.0/.

 @contact:    choller@mozilla.com
 """

 import random


 def init(seed):
     """
     Called once when AFLFuzz starts up. Used to seed our RNG.

     @type seed: int
     @param seed: A 32-bit random value
     """
     # Seed our RNG
     random.seed(seed)


 def fuzz(buf, add_buf, max_size):
     """
     Called per fuzzing iteration.

     @type buf: bytearray
     @param buf: The buffer that should be mutated.

     @type add_buf: bytearray
     @param add_buf: A second buffer that can be used as mutation source.

     @type max_size: int
     @param max_size: Maximum size of the mutated output. The mutation must not
         produce data larger than max_size.

     @rtype: bytearray
     @return: A new bytearray containing the mutated data
     """
     # Make a copy of our input buffer for returning
     ret = bytearray(buf)

     # Take a random fragment length between 2 and 32 (or less if add_buf is shorter)
     fragment_len = random.randint(1, min(len(add_buf), 32))

     # Determine a random source index where to take the data chunk from
     rand_src_idx = random.randint(0, len(add_buf) - fragment_len)

     # Determine a random destination index where to put the data chunk
     rand_dst_idx = random.randint(0, len(buf))

     # Make the chunk replacement
     ret[rand_dst_idx : rand_dst_idx + fragment_len] = add_buf[
         rand_src_idx : rand_src_idx + fragment_len
     ]

     # Return data
     return ret
	#!/usr/bin/env python
	# encoding: utf-8
	"""
	Simple Chunk Cross-Over Replacement Module for AFLFuzz

	@author: Christian Holler (:decoder)

	@license:

	This Source Code Form is subject to the terms of the Mozilla Public
	License, v. 2.0. If a copy of the MPL was not distributed with this
	file, You can obtain one at http://mozilla.org/MPL/2.0/.

	@contact: choller@mozilla.com
	"""

	import random


	def init(seed):
	"""
	Called once when AFLFuzz starts up. Used to seed our RNG.

	@type seed: int
	@param seed: A 32-bit random value
	"""
	# Seed our RNG
	random.seed(seed)


	def fuzz(buf, add_buf, max_size):
	"""
	Called per fuzzing iteration.

	@type buf: bytearray
	@param buf: The buffer that should be mutated.

	@type add_buf: bytearray
	@param add_buf: A second buffer that can be used as mutation source.

	@type max_size: int
	@param max_size: Maximum size of the mutated output. The mutation must not
	produce data larger than max_size.

	@rtype: bytearray
	@return: A new bytearray containing the mutated data
	"""
	# Make a copy of our input buffer for returning
	ret = bytearray(buf)

	# Take a random fragment length between 2 and 32 (or less if add_buf is shorter)
	fragment_len = random.randint(1, min(len(add_buf), 32))

	# Determine a random source index where to take the data chunk from
	rand_src_idx = random.randint(0, len(add_buf) - fragment_len)

	# Determine a random destination index where to put the data chunk
	rand_dst_idx = random.randint(0, len(buf))

	# Make the chunk replacement
	ret[rand_dst_idx : rand_dst_idx + fragment_len] = add_buf[
	rand_src_idx : rand_src_idx + fragment_len
	]

	# Return data
	return ret